Still not good...

For the last two days, I have been following all the steps in the "READ ME FIRST" instructions. Well, I finally finished!

My pc seems to be somewhat better, but still quite slow on startup. Also, since I finished the gruelling list of things to do before I post, I have already had an About blank window pop up and disappear. I also had a fastclick window open.

I was also wondering why when I went to the msconfig thing and clicked on normal startup, and restarted it opend up with all kinds of stuff I no longer have, like Yahoo...

I will attempt to attach my logs now... like I said, I have been working on them for days now!!

I also did aboutbuster.

 

the rest...

here are the other scans... I hope I did all this right.

 

Please download ADS Spy, save to your desktop.

Once you have downloaded this utility, extract the contents and double click "ADSSpy.exe" to run the utility. Once the utility has loaded, make sure the first 2 boxes are checked. Now click ""Scan the system for alternate data streams" and remove any that are found.

Once you have completed this post, attach a fresh HJT log and the results from the utility above.

 

Hi, and thank you for your time...
I did this and it came up with like 129 things that i then removed. I didnt see anyplace to get a report or log to post for you. I am attaching a new hjt log.

 

Just as a precaution as so we get everything, go ahead and run a fresh Panda scan and attach that log then we will remove anything leftover.

 

ok, here it is. it took me this long to get thru it..

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchant.com/r=6&s=%s

O3 - Toolbar: (no name) - {4D615A78-A076-4A02-96E8-6346121ECB63} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O15 - Trusted Zone: http://www.anywebcam.com
O15 - Trusted Zone: http://*.consumeraffairs.com
O15 - Trusted Zone: www.ondemand5.com
O15 - Trusted Zone: www.trendmicro.com

O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} - http://67.15.101.3/g_bin/eng/boards_2_0_0_14.cab

O23 - Service: .NET Connection Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

• Now Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to .NET Connection Service
• Then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste.NET Connection Service into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system\rules.dat into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\file.zip into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\Ncase.ini into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Next Reset Web Settings & Default Security Settings

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

OK, These last reboots were much faster... it was reallllly slow, and making me crazy.

I followed all your instructions and they all went smooth.

I wanted to ask you about registry booster... I ran that scan and it came up with 224 things, issues, whatever. So, anyway, I can only get rid of 15 free. Should I send you a list so that maybe you could tell me which 15 I should take care of???

Also, should I leave all these programs installed on my pc? Which ones to I leave on all the time? I have been using avast. I have a disk with Zone Alarm Pro and Pest Patrol..

Sorry for bombarding you with all these questions. Im usually quite careful about everything on the net, and havent had a problem with pollution in my system in a long time. Thank heaven for you people at Major Geeks. This is my first and only trusted resource for my issues.

I have attached my new hjt log...

Thanks Bigarrick

 

BO.tmp

I was doing defrag and there were 656 mb that did not fragment... I want to delete it... is that ok? It says it was created today at 12:37 am and modified at 12:47am.

 

Personally, never used this so I can't say how it's performace is. If you're going to run a registry cleaner I would run Reg Supreme Pro, you can download, install and use for 30 days. It will fix everything it finds during the trial.

RegSupreme Pro 1.4.0.48

Anything you instaleld during the READ ME and the cleaning process you can remove. I personally recommend ZoneAlarm and AVG AntiVirus but Avast is good to so it's up to you.

 

Re: BO.tmp

I would defrag with the new Vopt XP 8.07 and see how it does personally but it's up to you.

 

By the way, your last HJT log is clean.

If your not having any further problems I recommend you see the below thread.

How to Protect yourself from malware!

 

Ok, so I did everything, and it seemed to be all good... then later I tried to go online, and it said it couldnt, I had a connection, but it could not locate server. I did sys restore to the 12th... to right after you gave me kill box, and it seemed ok again. One thing was that avast had somthing go wrong and wouldnt start.
This morning it was all sluggish again... very... so, I did the same restore again, just now. I first tried to run avast, and no go.. so, I thought i would uninstall it and reinstall it. when i tried (from add/remove and ccleaner) it gave me an error message that read the following...

A setiface error has occured: 2
Try to reinstall or contact support.

By the way thanks for the defrag program, I like it.

 

Because this isn't malware related I would post this over in the Software Foruom. Those guys can better help you with this as I'm tied up in the malware part.

 

Just as the title reads... my pc is still not good. It is very sluggish. I have attached a new hjt log. Thank you...

 

Please download Blacklight to its own folder...

F-Secure Blacklight

After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post along with a fresh HJT log.

If you like attach a fresh ShowNew and GetRunKey log to confirm you're clean.

 

????

 

hmm well for some reason i cant send what i attached. it says it failed. anyway, what i was sending was the message i got when opening blacklight. it said it could not acquire necessary privleges (SeDebugPrivlege)

and it said: your computer settings may prevent acquiring these privleges.
and: A malicious program might have disabled these privleges.

 

Download SeDebug-Restore, save to your desktop and double click to run.

Once complete Reboot and try Blacklight again.

 

blacklight did not find anything... shall i run the others, get run and shownew?

 

this extreme slowness seems to come and go... it will run fine for a while, and then it will just start getting stuck on stupid...

 

Please attach the logs I request, I still want to see them when I request them. I don't believe your problem is malware, malware is not the only thing that causes slowness. A failing piece of hardware can cause this, a bad drive, there are hundreds of things that could cause this. I would post this in the Software forum because your logs do not show anything malicious.

 

I would have attached a report from blacklight, but it doesnt give me that option... so i copied the screen to paint and tried to attach the bmp's, but was unable to for some reason. maybe they are too big, i dont know. I attached runnew, show, and a new hjt scan. If you still think I should post this in software, can you please tell me how I can continue this thread there? thanks

 

Your logs look good so I don't think your problem is malware. You can however uninstall J2SE Runtime Environment 5.0 Update 6 as you have Update 9 installed.

I would post in the Software forum, it could be anything causing this problem but I don't think it's malware.

 

sorry... I just found the attached on my now cluttered desktop...

How do I continue this thread in software??? do i just need to start a new thread?

 

That log looks good also!

Yes, just go into the Software Forum, create a new thread and explain to those guys what problems you're having. Also, mention you have been cleaned and malware has been ruled out.

 

im ok now...

Thanks so much for all your help..

 

Your Welcome!