Please I need help, my first real cleaning

Hi, I just did my first real pc cleaning. I followed the Read & Run Me First instructions to the letter. Then I followed the instructions for downloading and running hijack this. I changed the program name as instructed, hopefully I did it all right. The cleaning itself did a lot of good. I scanned with three different programs before following the guide and was surprised at the things it found. 379 objects from paltalk alone, removing them removed the messenger itself lol. But my reboot is now only taking seconds instead of minutes so I guess paltalk will have to stay off my pc. Also found a couple adult site things. I was doing a search of led zeppelin on yahoo, I clicked on a link and I was redirected to an adult site, have no idea why. Panda found a couple things that I'm a little concerned about and didn't find those things listed on that other thread for manual removal. Ok I shall post below, my logs, we shall see what happens. Bitdefender didn't find anything so there is no log for that.

Windows XP
480 mb ram
2.4 ghz
pentium 4
80 gb hard drive (just replaced it, switched from maxtor to western digital, hasn't been the same since)

 

The other two logs.

Finally got those two files to upload, my pc kept warning me about sensitive material leaving my pc. I hope I'm not hurting myself here by posting that hijack this log.

 

Hi Victorianna!
Welcome to Major Geeks!

You are using Verizon Security Suite. Does this include an antivirus program? Your computer also has Symantec's avsniff on it and A-squared anti-malware. What is your current strategy for protecting your computer against malware?

Your logs are being checked and someone will be getting back to you about fixing a few things that may be causing problems and/or vulnerabilites. Thanks for being patient.

abri

 

Yes my security suite does include av program, it also has anti spyware. I don't know where the symantec thing came from, i've never heard of it. A-squared was recommended to me by my cousin, it works pretty well but it runs auto in background when i reboot which i don't like. I also use spybot and a privacy manager on verizon that deletes spyware cookies and clears history hourly. I scan regularly but I didn't realize how much it was missing until I unlocked those hidden file extentions in windows and went into safe mode to scan with those other programs.

 

Hi Victorianna

The Symantec is not a problem. It seems to be the result of an online scan. A-Squared is a good program. In my next post, I'll pass on some information about how to protect your computer with software that is good but light. Verizon's suite seems to be working for you.

Your computer is not showing evidence of malware. I think the initial procedures in the READ ME took care of a lot of things. The instructions below will help to prevent against vulnerabilities. Are you having specific symptoms?


1) Please go to add/remove programs and uninstall the following:

- Java(TM) SE Runtime Environment 6 Update 1
- Sunbelt Counterspy (we're finished with this now)

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run
Disable/Remove Windows Messenger


3) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

4) Please download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

6) Please post the following new logs:

- avenger
- hijackthis
- newfiles (from Shownew)
- runkeys (from GetRunKeys)

abri

 

OK here they are. Got an error from avenger after reboot, don't know what that was all about.

**this thing is really giving me a hard time uploading files, they don't appear the first time around.

 

And here's the other one.

 

Hi Victorianna

Sorry about the problems uploading files. This seems to occur when the browser's cache is too full. One way to get around it is to switch between browsers. If you're using Internet Explorer, switch to Firefox or Opera. If you're using Firefox, switch to Internet Explorer.

Some of the things you deleted are not gone. Without knowing the Avenger error message, I'm thinking your security suite may be blocking the changes, therefore we will try it a slightly different way. Please print out these instructions so you have them to work from. Then turn your computer off, disconnect the internet cable from your computer and reboot. After you reboot, please disable your Verizon Internet Security Suite. Usually you can do this by right-clicking on the icon in the lower right-hand corner of your screen and selecting disable. You may have to open up the Verizon Security Suite window and look for a place to disable it there. Then do the following. I will have you reconnect to the internet again a bit later.

1) Please copy the bold text below (including the word REGEDIT4 ) to notepad (not wordpad!). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

2) After you've completed that, please find Avenger.exe on your desktop.

• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

3) When you finish the above, please shut down your computer, reconnect the internet cable to your computer and boot back up. Your internet security suite should be running again. Please check to see that the icon is in the lower right-hand corner and that you are not getting any warnings that it is turned off.


4) Now, please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


5) When you've completed the above, please post the Avenger log and make fresh logs for the other three in the following list:

- avenger
- hijackthis
- newfiles (from Shownew)
- runkeys (from GetRunKeys)

abri

 

Ah I didn't think about the cache thing. I only use IE but I was thinking about downloading and using something else. I'm not real happy with it, it freezes up and crashes constantly. I'll follow thyose instructions and post the results wednesday evening, been real busy with work and stuff, but I haven't forgotten. And thanks for taking the time to read those logs and help me =)

 

Ok here they are. Got another error message after reboot doing avenger . I'll post below what it was:

It also said Windows No Disk at the top of the window. Could have been from avenger or maybe it was from verizon security. It auto starts on reboot, not sure how to override that.

**I hit cancel instead of continue on that error message, I think I screwed that up.

 

last one

 

I don't know what happened but right after that I lost my internet connection altogether and nothing I did would bring it back. I checked all my connections, turned pc and modem off for 15 seconds, called verizon; it would only stay connected for about a minute. I had to do a system restore to get it back.

**Ok I think I have it figured out. It's an online rpg I play. They did a server check yesterday. Must have added some funky patch. Every time I try to run the game, it loses connection then my internet stops working altogether until I reboot. But I'll have to redo that last post. I did two restores so I'm back to the way my pc was right before I did those last instructions.

 

Don't you love it when all problems come together??!! I love system restore!
Your fix did work, though, the first time, so if you rerun it the same way, it should take out those last entries. Despite the warning, Avenger did remove what it was supposed to. Removing PopCap may or may not be successful in the long run, because it's associated with some of the game software you have (not the role-playing game) and it's quite likely it will simply be reinstalled again. There are certain kinds of websites that are more prone to adware and malware and if those are important to you, it's a good idea to simply keep your security software up to date and keep your computer clean of things like temporary internet files (the kinds of things CCleaner removes).

It appears your security system is working quite well. That's a good thing. After you rerun the instructions from post #8, there is a final set of cleaning instructions I will give you to remove the various tools we created and the logs that were made. Let me know how things are working.

abri

 

Thanks. I play on pogo.com and some of the games are done by popcap so I'm sure it'll be back sooner or later. I'm a bit bummed out by losing paltalk, all my friends are on there. My pc is still lagging even without it. Maybe I just need more ram. And verizon is quite the resource hog as well. Still working on the rpg game (maplestory ). I submitted a ticket to them but it's unlikely I'll ever get a response lol. I think I'll just uninstall it and download again. I can't figure out how the game can be blocking my internet connection even after I exit out of it. I had ragnarok, verizon found a virus in it, had to uninstall. After this, would you be so kind to direct me to the right forum for a port that refuses to be closed or stealth? It's associated with a virus called filenaile, that's why I was so worried about those results from the panda scan.

 

I think your computer is suffering what happens when you have a security suite competing with rpg games. This requires some pretty hefty resources. What you might consider is going to a security system that is as effective but lighter weight, or, as you've considered, getting more RAM. As for the crashes of the rpg game, the games go through adjustment periods whenever there's a fairly major update. This can cause crashes.

Thanks for reminding me about this. What Panda found was MyWebsearch. Please go to Windows Explorer (right-click on Start, go up to Explorer and click on it) and then navigate to the following file:

If you found the file and were able to delete it, please run ATF cleaner again as per the instructions in Post 8 under point 4. If you do NOT find it, you don't need to run the cleaner again.

Just to be on the safe side, I will have you do the following:

Please post the BlackLight log.



Thanks!
abri