Slow, Freezes and PopUps! I Can Not Kill It!

You must run all steps of the sticky thread. You have not done that. Also please follow guidelines about posting HijackThis log and only post them when requested. And DO NOT post them as .doc files. Only post as .log or .txt attachments.

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Yes and you still did not follow the directions in the READ ME. Look at the last couple sentences of the section on the onlines scanners again. I'll quote it here for you:

You MUST do the online scans! Even if from normal boot mode. Do them before continuing with any other steps.

Did you run Ad-Aware SE 1.05 with updated reference file and also the VX2 cleaner plugin?

 

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u C:\Windows\BTGrab.dll
then click OK. If a dialog box confirming this action appears, click OK. If you get any error messages, just OK your way out and continue.

Now repeat the above for these
regsvr32 /u C:\Windows\ZServ.dll
regsvr32 /u C:\Windows\Helper100.dll
regsvr32 /u C:\Windows\dsktrf.dll
regsvr32 /u C:\Windows\dsktrf1.dll

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\DMI\BIN\WIN32SL.EXE

After killing all the above processes, click "Back".

Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
O2 - BHO: (no name) - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O4 - HKLM\..\Run: [estrvqx] c:\windows\system\estrvqx.exe
O16 - DPF: {5E6B281D-436A-11D3-80CB-0090276F843F} -
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: ppctlcab -
O16 - DPF: Dialpad US Java Applet -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):
c:\windows\system\estrvqx.exe
C:\Windows\BTGrab.dll
C:\Windows\ZServ.dll
C:\Windows\Helper100.dll
C:\Windows\dsktrf.dll
C:\Windows\dsktrf1.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

Now empty your Recycle Bin

Now reboot in normal mode and post a new HJT log. And tell us how things are working.


This next line is related to Dell. Read the info below and tell me do you need or use this? I'm sure this PC is way past waraantee.
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i

win32sl.exe - Process Information
Process File: win32sl or win32sl.exe

Description:
win32sl.exe is a process belonging to the Dell OpenManage Client Instrumentation software. It allows remote management application programs to access a client computer for maintainance purpose.


Do you know what this next line with RW.EXE is? Is this for Remote Wonder related to an ATI Graphics card?
O4 - HKLM\..\Run: [RunRw] "C:\PROGRAM FILES\RW\RW.EXE"

 

Please refer to this thread and make sure you have done all the steps in it or there equivalent. You need to get a firewall installed now.

Make sure you are very careful what you give permission (in the firewall) to enter or leave your PC.

 

Sorry! I forgot the link I wanted to post. Refer to this: How to Protect yourself from malware!

A firewall is always needed an may help. I'm not sure what is bringing all of your stuff back immediately. When you say it came right back, do yo mean if you do another scan immediately after fixing the items that they are already back. That would sound like something is protecting your registry from changes.

Please disable: Spybot - Search & Destroy\TeaTimer.exe

And then make the changes again.

 

Earlier you asked the above! Only you can tell if you use the feature:

http://www.ati.com/products/remotewonder/

I'm assuming you have this ATI graphics card with that feature.

 

Post a complete HJT log. I have seen multiple cases of problematic O2 BHO lines that will not go away even after using direct registry editing. Your problem may be another example of that..

Please use quote boxes if you want to quote parts of previous messages. It makes it easier to read messages. Look at what I did in messages 10 & 11. I quoted your info and then added my text.


Firewalls do not (well not in all cases) fix problems they are used to prevent the problems.
If are running without a firewall, it is equivalent to having unsafe sex.

 

I requested that you disable the below
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

Please disable it and do not enable it anymore. Do you know how to do this? This does not mean kill the process. It means do not have it load anymore at startup.

 

You still need the firewall!

 

To avoid wasting anymore time on this, just incase you do not know how to disable Spybot's Teatimer:

To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot!

At this point reboot and then run HJT and select but do not click fix yet until ALL browser including this one have been shutdown:
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
O2 - BHO: (no name) - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O16 - DPF: {5E6B281D-436A-11D3-80CB-0090276F843F} -
O16 - DPF: {94349FB6-37A0-4385-BADA-1B48DE3CA833} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: ppctlcab -
O16 - DPF: Dialpad US Java Applet -

Then get a new HJT log and post it.

 

Why would you want system resources to be low? You want them as high as possible. The more that is running the lower they get. That's normal.

Spybot is not the problem but Teatimer can be problematic on some PCs and waste resources. That's why I say in the stickies not to use it. Malware can cause interaction problems with many of the good tools (like Ad-Aware, Spybot, SpySweeper, MS Antispyware, SpywareBlaster....etc) making it necessary to sometimes uninstall them first inorder to properly fix a problem. Remember this programs try to block bad stuff but if bad stuff sneaks in and then we try to fix it, the good programs may see our fixes as bad stuff. Do you follow what I'm saying?

You forgot the HJT log.

 

Please don't quote when it is not necessary. It clutters up the thread making it hard to read.

 

Okay! Your log looks clean now! You should now make sure the steps in the below link have been completed to help avoid future issues:

How to Protect yourself from malware!

 

Your welcome! Make sure you do: How to Protect yourself from malware!