please help please

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Yes I have done all of that and all of the scans worked but it said I had a virius a few of them it deleted but one it didnt. I also had a bunch of trojans and other stuff as well. but yeah when I start up it takes a while the blue screen that says windows takes atleast 3 to 4 min to get me on my desktop. I can also show you everything that is running in my task manager if that could help

 

Also should I use mozilla firefox or internet exploer and right now I have zonealarm and ca secreity center running are they good to use

 

oh and when I right click on my computer and go to system restore it says it is monitoring and when I go to system tools and restore it has no back dates

 

Im gonna try to do all the steps again I thought I have already done them but I toatlly missed where it said not to copy and paste so I may of missed somthing else

 

I just went thru all the steps and the panda active scan said I had 14 spyware and 3 haking tools potentially unwanted tools. The bitdefence thing said it found nothing so what i did yesterday must of help somthing but I think there is still somthing wrong with my computer cause it use to log me onto my desktop fast but now it takes 2 or 3 min to let me in.

 

someone just told me to use vundofix to fix my computer should i try that

 

I think I attached everything I was supposed to on 12:18 and 12:49 posts

 

Personally, I use Internet Explorer 7.0 and I like it so far. The new features are very cool and helpful and seems to be more secure th an IE 6. Mozilla Firefox is a good browser as well, I have it installed just dont use it as much.

I personally recommend ZoneAlarm Firewall Free with AVG AntiVirus Free because both are free and use very little resources.

 

Please do not do anything unless I request it.

 

Please download ADS Spy, save to your desktop.

Once you have downloaded this utility, extract the contents and double click "ADSSpy.exe" to run the utility. Once the utility has loaded, make sure the first 2 boxes are checked. Now click ""Scan the system for alternate data streams" and remove any that are found.

Once you have completed the above, run one more Panda Active Scan, once complete attach the log with a fresh HJT log and we will go from there.

 

ok i just did the ads spy and it found nothing. Now im going to do the panda active scan and let u know and post the fresh HJT log, oh and sorry I did do that vundofix thing earler that someone told me to do but I dont think it hurt anything. Now i know though im new at this so I didnt know neway I'll post the new results in a few thx alot

 

ok i just did the panda active scan and it said malicious sofware was found 28 spyware and 3 haking tools were also found

 

I can tell my computer is running alot better and faster now but when I log on it still takes a long time to get me to my desktop.

 

Just now I couldnt get on the internet it kept saying page can not be displayed so I restarted my computer and now something just popped up saying your pc contains a program that create a set of recovery dick for your pc. You will need these disk to reinstall your pc's operating and software should you have a problem with your pc's hard drive. It is highly recomended that you create your recovery disk now then it ask do i want to create a set of recovery disk for my pc. I have never seen that before it just popped up out of nowhere

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now, scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

R3 - URLSearchHook: (no name) - {474DB345-0DA1-0022-83DC-77B599B2DDEC} - C:\WINDOWS\system32\uvvnber.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe,jckqanu.exe

O2 - BHO: (no name) - {474DB345-0DA1-0022-83DC-77B599B2DDEC} - C:\WINDOWS\system32\uvvnber.dll (file missing)

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\em ← Delete this whole folder if it exist!

C:\Program Files\Need2Find ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\unstall.exe
C:\WINDOWS\Setup90.exe
C:\WINDOWS\jckqanu.exe
C:\WINDOWS\hancerdoem.exe

C:\WINDOWS\System32\WinNB66.dll
C:\WINDOWS\System32\jckqanu.exe

• If you get an error message about Pending Operations, just reboot your computer manually.

Almost done...

Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.



Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Ok I just done all of that and It seems to be running a whole lot better but when I log on it still takes a long time to let me on my desktop. The part that says windows when it is starting up is what takes a while. Oh and I have a new folder inside the HJT folder called backup. But yeah the computer is running better than it ever has before thx. Do you think it could be taking so long to let me on my desktop cause I have alot of desktop icons

 

Your log looks good now! The only thing that could be causing you slow boot is the Windows Defender, CA Internet Security Suite and ZoneAlarm trying to load at once. All of this security will bog your system down temporarily.

 

ok well thanks so much I thought my pc would be messed up forever or I would have to pay a arm and leg to get it fixed so yeah thanks alot. Is there any where I can make a donation to this site or anything oh and one more thing should I delete any of the security things like Windows Defender, CA Internet Security Suite and ZoneAlarm

 

Oh and I use limewire to download vids and music, some people tell me thats where I get all the trojans and stuff at but some said its ok to use limewire. I was using kazaaliteK++ but it wont connect anymore, so is limewire ok to use

 

If you want to support this site you can buy a Majorgeeks t-shirt or sweatshirt. Also, an email of appreciation to the owners (see there names and email addresses here: http://www.majorgeeks.com/page.php?id=2 ) is always appreciated. Also send your friends here.

That's up to you, personally I recommend ZoneAlarm Firewall Free, AVG AntiVirus Free and Spy Sweeper. With those 3 applications and safe surfing you should never have malware problems.

I would now recommend performing the steps in the below thread to help keep you clean:

How to Protect yourself from malware!