trying to clean up my system...

Welcome to Majorgeeks!

You have a couple problems! One of them is a Qoologic infection. We need to run another tool to locate some hidden files. This will help us so we can work up a fix.

Download FindQool by LonnyRJones

• Extract the files and place the FindQool folder into root folder of your hard disk. This is usually C:\
• Open the folder and run Qlocate.bat
• attach the contents of the txt.log which will open when the scan is finished.

I see some WildTangent stuff installed. Do you play WildTangent games? Do you need this because we normally have all WildTangent stuff removed.

Also we highly recommend against using KazaaLite which is a illegal clone of Kazaa. All P2P sites are dangerous and cause thousands of problems for people per month.

 

Yes you should remove them if you don't play them. Just because the PC manufacturer put them there does not mean they are good or wanted. They get kick backs from all the junk software they put on PCs. The first thing I do when new PCs come is remove all the crud they put on (like AOL - which is where Wild Tangent come from too).

Please attach one more quick log. I saw a load of stuff in your Panda log and want to check for any install programs related to them.

Let's get an installed programs list from HijackThis!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Okay uninstall the below:
Java 2 Runtime Environment, SE v1.4.1_02 <-- old version not neeeded anymore
WildTangent GameChannel (remove only)

Do you know what the tookit item is in Add/Remove programs?

Do you know what the below is for?
C:\Program Files\Livvices\ace.dll

 

Download - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later to run it.

Run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click OK.

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

c:\GatorPatch.log
C:\markavr.chm
C:\markavsp.chm
c:\w.exe
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\system32\mwinqrag.exe
C:\WINDOWS\system32\gtsdf.exe
C:\WINDOWS\system32\rpyhpsg.exe
C:\WINDOWS\system32\tjipf.dll
C:\WINDOWS\system32\ZICORN002.exe

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\gtsdf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,rpyhpsg.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

Now exit HJT
Run Windows Explorer and double check to make sure the below files are all deleted (some we already got with killbox, we are double checking):
c:\GatorPatch.log
C:\markavr.chm
C:\markavsp.chm
c:\w.exe
C:\Program Files\DNS <--- the whole folder
C:\Program Files\WildTangent <--- the whole folder
C:\Program Files\Livvices <--- the whole folder
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\system32\F?nts\n?lookup.exe <-- be careful! This is not the system32\Fonts folder. It may look like it but it is not. Tell me what you find.
C:\WINDOWS\system32\mwinqrag.exe
C:\WINDOWS\system32\gtsdf.exe
C:\WINDOWS\system32\rpyhpsg.exe
C:\WINDOWS\system32\tjipf.dll
C:\WINDOWS\system32\ZICORN002.exe
Now reboot into normal mode and after reboot double check the same HJT entries I had you fix above and if any still remain, fix them again a second time.

Now attach a new HJT log and a new log from FindQool

Also tell me how things are working!

 

This is a backup folder that Killbox creates when it deletes files. You can safely delete the folder.

Your logs are clean! I'm not sure why your system would boot slower. It should be faster now with this malware removed. What is your reference point? Don't forget that MS Windows Defender will have an impact on boot up, but you need the protection!!

 

You're welcome. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!