Please help me find my problem...

pams · Dec 21, 2005

SLOW!!!! My computer is driving me crazy!!! I have tried to run all of the scans suggested, but have not had any luck with any of the on;ine scans. Ad-Aware would not allow me to download the latest updates *mine should not be more than a few weeks out of date), and found 6 dataminers and 6 cookies, which were successfully deleted.
Spybot was up to date and found no threats.
Spy Subtract found four low level threats and they were successfully deleted.
MS Anti-Spyware found no known issues.
Avast Virus Cleaner Tool found nothing.
About Buster found no ADS on system
All of the above were run in Safe mode.

I tried to run BitDefender Panda, Ewido and Trojan Scan, but none of them wuold run. Either my computer was so slow that they just never would finish loading or I could not pull up the page.

My browser has magically changed to Google and many times internet pages will load with no graphics or text, just the background.

This started a few days ago when my computer froze. I did a forced restart and CHKDSK started. In Stage 2, it found the following:
Correcting error in index $130 for file 6327.
It deleted a lot of files and recovered alot. All but one in that file, the other file was index 42060. Don't know if this has anything to do with the current problem or not. It seemed fine for a day or so after that happened and now is being a huge pain! I have attached a HJT log. Please help...

chaslang · Dec 21, 2005

Your home page did not change magically. It changed because you ran about:Buster. Why did you run about:Buster when you do not have an HSA or about:blank hijacker problem?

Do you know that you still have Symantec Security Center install and running?

chaslang · Dec 21, 2005

Did you purchase SpySweeper? If not then uninstall it.
Did you purchase SpySubtract? If not then uninstall it.

Have you disabled the WinXP SP2 firewall?

pams · Dec 21, 2005

The firewall was not enabled. I removed Spy Subtract and Spy Sweeper. I ran about:Buster because I had seen a popup with it several times...

chaslang · Dec 21, 2005

pams said:

I ran about:Buster because I had seen a popup with it several times...
Click to expand...

A popup with a title saying about blank?
about:blank and HSA hijackers always hijack you to someplace you do not want to go to. They would not just give an about:blank popup. What you got was probably just the inability for you browser to load a particular page and it default to loading a blank page. Some people even startup their browsers with their home page set to about:blank so the browser will start up faster.

What about my other question:

Do you know that you still have Symantec Security Center install and running?
Click to expand...

How are things working now after uninstall those two programs?

pams · Dec 21, 2005

Still awful!!! I had to load this page three times before I was able to respond to your last post. I do not see Symantec in my Add/Remove Programs screen. How should I go about uninstalling it?

chaslang · Dec 21, 2005

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to SymWMI Service (or if not found look for SymWSC) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

SymWMI Service

If that does not work try entering the short name: SymWSC

Now exit HJT and reboot.

Delete the below folder if found:

C:\Program Files\Common Files\Symantec Shared

Now attach a new HJT log and tell me if there is any change yet.

pams · Dec 21, 2005

Still awful. I started at 6:29 trying to log on to the MG site. It is now 6:40 when I finally arrive at the page to reply! Okay I followed the instructions. When I tried to delete NT program, I go t the following responses:

SymWMI Service not found in the registry. Make sure you entered the short name of the service., vbExclamation.

SymWSC The service you entered is system-critical! It can't be deleted.

I went to explorer and deleted the file you listed then rebooted. Any other suggestions?

chaslang · Dec 21, 2005

Whatever remaining problems you have may not be malware related?

You issues with chkdsk may indicate a problem with your OS or disk drive?

How much free space is remaining on your hard disk? If it is very low, that could be your problem.

The only other thing we could do is run more of the scanning tools which you said would not finish loading. You may want to pursue your problem further in the Software Forum. Otherwise I would say try the below:

From a command prompt window enter the below command:
sfc /scannow

It will look to see if any required Windows files are missing or corrupted.

Run the steps in the below to see if we can find anything else hiding.
Running Ewido Security Suite

Log in or Sign up

Please help me find my problem...

pams Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

pams Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

pams Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

pams Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member