Please Help Me With Slow PC?

Let's see what they installed! Get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

NOTE: You have no Antivirus, no Antispware application, and no firewall running!

Why didn't you run MS Windows Defender as per the READ & RUN Me.

 

You have not checked for proper versions and updates as per the READ ME. At least one program is way out of date.

Spybot - Search & Destroy 1.3.1 TX

That has not been used for a very long time. Uninstall it and install the one in the READ ME and get it updated, make sure you follow the directions in the READ ME to configure it. Then run a full system scan with it.

SpywareBlaster does not provide adequate protection by itself. It is not a full malware blocking tool. It is useful and it is wanted but you need more. I saw Spy Sweeper in your uninstall list. Do you have it installed? Is it a paid subscription version?

Looks like you kids have been downloading illegal software and cracks and keygens! Bad idea. Also running a bunch of P2P programs (another bad idea). Ares is bundled with malware and KazaaLite is an illegal ripoff of Kazaa which is garbage anyway. Their servers are full of infected programs and pirated software.

 

Be careful what you ask for.... you just may get it.

Uninstall ALL P2P software and don't use it anymore. What I remember seeing was:
Ares 1.9.0
Kazaa Lite K++ v2.4.3
Piolet <-- no install but saw it running

Also be careful of any pirated software your kids may have downloaded and installed. I see a load of games! Are they all legal.

Uninstall any software that you do not need or use anymore. Example:
J2SE Runtime Environment 5.0 <--- uninstall this you have the new version already

I don't use iPod so I cannot answer this, but do you need both of the below:
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10


Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 70.85.60.244 forums.majorgeeks.com
O2 - BHO: (no name) - {2F5DBEBF-C9D9-6020-C070-CDE66F65F4CC} - (no file)
O2 - BHO: (no name) - {702DB1CA-CC6C-2D8E-376D-4763760D0AF8} - (no file)
O2 - BHO: (no name) - {8A4F2B07-16F9-F168-3125-28E4FF97CBD9} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: PowerReg Scheduler V3.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.18/ttinst.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Common Files\Symantec Shared <--- the whole folder
C:\Documents and Settings\2003200\Application Data\tvmknwrd.dll
C:\keys.ini
C:\WINDOWS\msbb.exe.temp
C:\WINDOWS\usta33.ini
C:\WINDOWS\SYSTEM32\fiz1
C:\Documents and Settings\2003200\My Documents\iroffer1.3.b07\sample.config
C:\Fserv\iroffer_win32bin_1.3.b07\iroffer1.3.b07\farley.config
C:\Fserv\iroffer_win32bin_1.3.b07\iroffer1.3.b07\me\farley.config
C:\Fserv\iroffer_win32bin_1.3.b07\iroffer1.3.b07\sample.config
C:\Fserv\iroffer_win32bin_1.3.b07.RB0[sample.config]
C:\Fserv\iroffer_win32bin_1.3.b07.zip[sample.config]
C:\Program Files\Piolet\s4Setp.exe
D:\APPZ\System.Mechanic.Professional.v4.0j.Incl.Keymaker-NiTROUS\System.Mechanic.Professional.v4.0j.Incl.Keymaker-NiTROUS\n-sm40ja\n-sm40j\systemmechanicpro.exe <--- I recommed deletin the highest level folder ( System.Mechanic.Professional.v4.0j.Incl.Keymaker-NiTROUS )

Additional steps to delete files in the downloaded program files folder:
- Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s flash.inf
del flash.inf
attrib -r -h -s mm63.INF
del mm63.INF
attrib -r -h -s turbo.inf
del turbo.inf
exit

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Download and Install Registrar Lite (Make sure you select a download link from Majorgeeks and not the Author's)

Run Registrar Lite navigate to the following keys and take ownership of them:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

To take ownership of teh key do the following:
Click-on the above Registry Key
Click-on Security in the Menu
Select Take Ownership
Now locate each of the below keys under the Browser Helper Objects key and select them (one at a time) and right click on them and select Delete

{2F5DBEBF-C9D9-6020-C070-CDE66F65F4CC}
{702DB1CA-CC6C-2D8E-376D-4763760D0AF8}
{8A4F2B07-16F9-F168-3125-28E4FF97CBD9}

After deleting them exit Registrar Lite and attach a new HJT log, Let me know if you had any problems following this procedure.

 

You're welcome. Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link (make sure you do all steps and add a real firewall as instructed in step # 3 too):

How to Protect yourself from malware!

 

You're welcome! Surf safely!