Hi..Important question before I post prob re: "Read and Run Me First"

Yes online scanning takes a long time. In reality we do not want your antivirus disabled while doing the scans, however with McAfee enabled it will probably slow you down even more since it is probably running a scan on every single file being accessed during the scan. What did McAfee actually say it found and where did it say the file/problem was located?

Try disabling McAfee while doing the scans.

 

Boot in safe mode and use Windows Explorer to navigate to the below folder and delete all files and subfolders (a couple from the current boot date will not be deleteable):

C:\Documents and Settings\Robert\Local settings\Temp

There is nothing in your Panda log except cookies!

 

Yes go ahead and attach your HJT log. It could be just what you are running.

Have you done a disk defrag recently? If not, you may want to do one.

 

Is this a 2.4 Ghz Celeron?

Still may not be malware! I'll give you some things to do below to see how much it helps.

Do you really to to load all that stuff from NetZero? Is it all realy needed to get an internet connection?

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Nitro\components\NOWImaging.dll (file missing)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
None of the below are malware but they are unnecessary, waste resource, and slow down boot up. Fix them too!
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

What speed?

If you don't need it, look for it in Add/Remove programs and uninstall it. If you do not use NetZero, we should probably fix all that stuff showing in your HJ log.

Just follow the directions and if it does not say safe mode, then assume normal mode. When we want you to boot in safe mode, we always tell you. Like where I said to delete the files. However (and this answers your other question) you had nothing to delete and I just forgot to edit the boilerplate message to remove those lines for your case. Ignore the boot into safe mode, emptying of prefetch and running Ccleaner steps. Just Reset Web Settings (you can do that in normal boot mode) and then reboot and attach the new log.

 

I repeat my question, what is your processor speed!

Also is Ewido the free trial version or the paid version?

Did you look in Add/Remove programs for anything from NetZero? Uninstalling is the first approach that should be used before I give manual cleaing steps.

In fact, let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Goto Add/Remove programs and uninstall Viewpoint Media Player


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=s...H3&N=PL&O=A&UT=
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\NZSearch <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

No! This time I did give you something to delete whereas in message # 10 (which was referring to the message # 8 procedure), there was nothing to delete.

 

Please explain what you mean! Is this good or bad?

This I know I can interpret as bad but I don't know exactly what you mean or when it occurred.


Is Ewido a free trial or a paid version? If free, uninstall it since you have MS Antispyware installed. If it Ewido is a paid version then uninstall MS Antispyware.

You need to goto http://java.com/en/ and download and install the current version (5.0 update 6) of Sun Java and then uninstall all old versions like .4.2 update 3.

 

I'm starting to think your problems are not malware related. Let's try digging a little deeper.

Download & run Blacklight Beta

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the Blacklight log file here.

If BlackLight shows nothing, you may want to try the below:

1. first just try uninstalling Ewido. If there is no change, go to step
2. uninstall your McAfee software and rebooting. Then tell me how things are working. If this clears up the problems, goto the below link and install one of the free antivirus applications and free firewall ASAP.
   • How to Protect yourself from malware!

 

Well the free stuff works well and is not so resource hungry but the decision is yours in the end. All I can say is it is not a malware problem.

I doubt it has anything to do with it.
Login to the other accounts on the PC. Do things seem slow there too?

 

Malware can be on one account and not on others!
Or it can be on all accounts.

However your PC has shown no signs of any malware. You problems could be either some other component of software or could be hardware related.

Does it also behave this way in safe mode?

 

Normal on most systems!

Probably because a few other processes are not running (like AV, AS, and firewall ) You could just try using MSconfig to disable all the McAfee startups and also the services related to McAfee and then reboot your PC. See if this improves things. At least this way McAfee has not been uninstalled and you can just re-enable it.

Defective fans or PCs running too hot are a topic for the Hardware Forum. If you PC is having temperature issues, that could be causing you a variety or possible problems.

We did not remove any malware! All we did is remove a bunch of unnecessary and unused applications. Doing a restore would possible bring all of that back. It's up to you if you really think malware is the problem. I have not seen any evidence of malware so I tend to doubt it has anything to do with whatever problems you are experiencing.

 

If it is a software related problem, a good way to try to isolate it is to keep doing what your are doing with msconfig. Try slowly choosing various startups and services to disable from loading and see it any of them are related to your problems.

One thing to quickly try is to run msconfig and disable the below by unchecking them. So run msconfig and select Selective Startup then uncheck the below.

• Process SYSTEM.INI File
• Process WIN.INI File
• Load System Services
• Load Startup Items

With these uncheck you will not be able to do very many things and will have no internet access, but it is a good starting point to see if you still have a problem. If you don't you can enable one of those 4 items (one at a time) and when you find the offending one then you can go to that individual tab in msconfig and slowly control each of the items under that tab. This way you can isolate the problem software. Obviously this is all assuming that the problem is related to something loading at startup.

 

At this point Bob, I would suggest visiting the Software Forum to see if they have more ideas. We have cleaned up all the unnecessary programs from loading and even disabled all startups which would seem to point to a hardware or software issue some place.

Post a new message there and clearly state your current problems. Post a link to this thread in the Malware Forum and let them know you worked thru the cleaning steps here and appear to be clean. That way no one will try to send you right back here.

Good luck.