Help Soo Slow!!!!!!!!! :(

That is not are standard mode of operation. Why is it that you want us to exempt you from the normal procedures? What problems are you having?

HJT logs are not the cure all the most people believe. In fact the show very little of the possible amount of malware that exists.

How do you connect to the internet (dial-up, cable, dsl )?

 

So you are saying you are working on your girlfriends PC and she has dial-up?

Yes download the tools at your house and bring them to her PC and run them. Since you are on dial-up and having slow PC porblems you can skip step 6 of the READ & RUN ME. But please do not skip anything else. Make sure you follow the directions in step 7 and get HJT installed properly. Then attach a log.

 

You're welcome. Please stay in this thread when you post with results.

 

You should only run ONE tool at a time. You should not be installing anything while scanning. ALSO DO NOT do a Windows update while the PC is infected with malware.

 

Completing the READ ME means you need to attach the two logs requested in step 6.

Also you need to follow step 7 and the link in it exactly and attach a HJT log.

Without doing this, you have not completed the READ ME and we cannot help you.

A processor speed would be more helpful. Is that a 1.8 Ghz processor?

Describe what is slow? Booting, normal offline application running, online (surfing) browsing, downloading????? What is your reference point to when you thought it was fast? Is it also slow in safe mode?

 

Okay! After we see all the logs we may have a better idea of what is going on. Just as an additional check (since we are seeing more and more of these) also do the below:

Please follow the below steps...

1. Please download and unzip Rootkit Revealer to your desktop.
2. Please leave the defaults set as they are to:
   • Hide NTFS Metadata Files: this option is on by default
   • Scan Registry: this option is on by default.
3. Launch rootkit revealer on the system and press the Scan button.
4. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
5. The log can be very large please edit out the items in the following folders in the log : C:\System Volume Information, if in the log, before attaching it.
6. Please attach the the log here in this thread to your next post.

 

You did not complete what I requested in message number 12.

Part of your problems with slow boot up is just all the stuff being used. Like several different instant messenger programs, multiple toolbars, Ares P2P program, also I see Limewire running and many versions of it contain malware too., AOL in general, and the biggest ressource hog may be Symantec AV. However, lets first address known malware problems and see what that does.

First go to Add/Remove programs and uninstall Ares which is known to bundle with malware. Also let's uninstall Limewire. See both of these listed in the below link:
http://www.spywareinfo.com/articles/p2p/

Also uninstall Party Poker if found in Add/Remove programs.

Make sure viewing of hidden files is enabled (per the tutorial).
Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\Program Files\apsi\wtta.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {8796235C-E7C5-9A6F-BA8E-E39B1BAC6997} - (no file)
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Patdy] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm39696US
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\PartyPoker <--- the whole folder
C:\Program Files\apsi <--- the whole folder
C:\WINDOWS\System32\??rvices.exe <--- note that this is NOT services.exe. It looks like it is but it is not. There will be two files showing in your system32 folder that look like services.exe. One will not be in alphabetical order. That is the one you need to delete.

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You're welcome just attach the logs when finished and let me know how things are working in this account.

 

When you look at CPU usage in Task Manager, which process shows as taking up all the CPU time?

 

Hmmm! You have some new problems now! Have you installed anything new on here?

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\StubInstaller.exe


After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O23 - Service: LCMQP - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\LCMQP.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\WildTangent <--- the whole folder
C:\Documents and Settings\Owner\Local Settings\Temp\LCMQP.exe
C:\StubInstaller.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Okay! After doing the below and we see the new HJT log, we will see where things stand.

Is this a laptop PC? Is it a Thinkpad?

 

Also run the below!


Please download GetRunKey125b.zip to your PC someplace you can locate it. Then extract the files from the ZIP. Locate the getrunkey125b.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) . This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment.

This scan will only take a few second to run. It will take longer for you to attach than it does to run.

 

Based on the limited logs we have seen you have no malware showing.

If you are still seeing problems with high cpu usage, you may want to discuss these in the Software Forum. Where I would suggest looking first is:
1) does it happen in safe mode
2) does it still happen if you uninstall all Norton/Symantec AV stuff
3) does it happen if MS Antispyware is uninstalled.
4) also check that Messenger Discovery application to see if it is an issue.