Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SWS Antispyware 2007

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby bluey1970 » October 18th, 2007, 11:16 am

The computer is still running very slow, I am still getting pop-ups from sws antispyware

I am still having problems with RA, I can only do it if I turn windows firewall off. Obviously this is not ideal as I then have no firewall working.
I went into control panel and yes the firewall is all enabled correctly so i'm not sure wot the problem is, I know it worked fine before. I am normallly the "client" but it doesn't work as the "helper" either
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am
Advertisement
Register to Remove

Unread postby beynac » October 18th, 2007, 11:32 am

Hi.

It looks as if the problem with RA is just a firewall setting. I will get some advice about this and get back to you. The infection is one that hides itself. I thought that ComboFix had found it and got rid of it. Obviously, it hasn't. We therefore need to try another tool. This one specifically targets this type of infection.

-----------------------------------------

Navilog1

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
  • Extract its contents to the desktop.
  • Double click on navilog1.exe to install it on your computer.
  • When the installation is complete, the tool will start automatically.
  • If it doesn't start automatically, please double click on the Navilog1 shortcut on your desktop to run it.
  • Press E for English from the language menu.
  • Type 1 in the next menu to select Search and press Enter.
  • Wait for the Scan to finish (It may take a reasonable amount of time)
  • Press any key as requested .
  • A new document will be produced: fixnavi.txt.
  • Please copy/paste the contents of this report in your next reply.
The report is also saved in the root of the directory, "%SystemDrive% fixnavi.txt". (usually C: fixnavi.txt)
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby bluey1970 » October 18th, 2007, 11:36 am

Do you also want a hijackthis log done afterwards?
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby beynac » October 18th, 2007, 11:41 am

No, not at the moment thanks.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby bluey1970 » October 21st, 2007, 9:07 am

Here you are:

Search Navipromo version 3.3.0 began on Sun 10/21/2007 at 13:55:45.06

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 17.10.2007 at 20h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11

Done in normal mode

*** Searching for installed Software ***




*** Search folders in C:\WINDOWS ***



*** Search folders in C:\Program Files ***



*** Search folders in C:\Documents and Settings\All Users\Application Data ***




*** Search folders in C:\Documents and Settings\Giggles\Application Data ***


*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found in :

- C:\WINDOWS\system32
- C:\DOCUME~1\GIGGLES\LOCALS~1\APPLIC~1



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in C:\DOCUME~1\GIGGLES\LOCALS~1\APPLIC~1 *



*** Search files ***


C:\WINDOWS\prefetch\INTERNETGAMEBOX.EXE-1EE9EDEF.pf found !


*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search known files:

2)Heuristic Search :



3)Certificates Search :

Egroup certificate not found !


*** Search completed on Sun 10/21/2007 at 13:57:42.32 ***
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby beynac » October 21st, 2007, 10:08 am

This is very strange. ComboFix appeared to remove the malware and Navilog confirms that it has gone.

Are you still getting the SWS Antispyware popups?
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby bluey1970 » October 21st, 2007, 10:11 am

Don't think I am getting pop-ups now but has left computer very slow.
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby bluey1970 » October 21st, 2007, 10:14 am

Could it be all the stuff I have loaded on?
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby beynac » October 21st, 2007, 10:51 am

Don't think I am getting pop-ups now...

That's good news. :)

Running ComboFix shouldn't do anything that slows your computer down and you don't seem to have an excessive amount of processes running. We need to run a scanning program but let's clean up a bit first. Hopefully, that will speed things up a bit.

-------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------------

Reboot in Normal Mode.

-------------------------------------------------------

Please post, as a reply to this post:
  • The AVG Anti-Spyware report
  • A new HijackThis log
Please let me know if your computer is still running slow.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby bluey1970 » October 22nd, 2007, 11:36 am

Here they both are, computer is still very slow though:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:54:46 PM 10/22/2007
+ Scan result:

C:\Documents and Settings\Giggles\Cookies\giggles@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Giggles\Cookies\giggles@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:21 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RileysPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\RILEYS~1\rileyspoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7806159034
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7806022337
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://giggsgigglesno28.spaces.live.com ... nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://eur.i1.yimg.com/eur.yimg.com/i/uk/any/u/mail.gif

--
End of file - 9190 bytes
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby beynac » October 22nd, 2007, 12:36 pm

The HijackThis log is clean. I note that your Zone Alarm firewall is not running. Was this because you switched it off to run Remote Assistance or has it been switched off by something else?
computer is still very slow though

Did this slowness start when first got the malware or was it slow before? Could you please give me a bit more detail. Is it browsing that's slow or opening programs/files or is it just in general? I can't see that the slowness is due to current malware. If you give me the details I requested, I will look further into it.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby bluey1970 » October 22nd, 2007, 1:55 pm

Have took Zone Alarm Firewall off as didn't like the programme and I am going to get a different firewall. The computer is a lot slower than it was before the Malware problem. The start-up takes ages to load (can take up to 5-10mins), the internet browsing is very slow, programmes open up eventually. I have checked my gb memory and I still have enough so don't know whether there is a conflict of software on it or not. Any advice would be greatly appreciated.

I still also have the problem with RA in that I can't use it unless I turn Firewall off.
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby beynac » October 22nd, 2007, 3:06 pm

I have a theory about the slowness of your computer. You have Windows Desktop Search (WDS) running in your latest HijackThis log. Have you recently installed this? There is a process called SearchIndexer.exe running. This goes through every file on your computer to index it. This apparently takes a lot of the computer's resources. I have no experience of this program but, from my research, it seems that this is not such a resource hog once the indexing has been completed. It is your choice, but I suggest that you uninstall Windows Desktop Search using Control Panel > Add or Remove Programs. There are a few things we can do to speed up startup but nothing which would appear to make much difference apart from WDS.

Please let me know what you decide to do and how you get on.

------------------------------------

Firewalls

I hope that you've switched on Windows firewall while you decide about a new third-party one!

Here's some recommendations for firewalls. These all have a free version:
Note: The free Outpost version is the one you fill in your email address for (and click the red OK button), not the one shown on the right of the screen. This is Outpost Pro 4.0 and is a conditional offer for the paid-for version.

I think that installing a different firewall may solve your Remote Assistance problem. Make sure that you 'allow' it when/if asked to do so by the firewall.

------------------------------------

Are you aware that you have a Yahoo Mail picture as a desktop component? Please let me know whether you want this on your desktop.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby bluey1970 » October 23rd, 2007, 6:36 am

Not sure when Windows Desktop Search was installed but I am uninstalling it to see if this helps. What are the other things that we could do to possibly help the start-up?

Windows firewall is back on for the moment until I decide which one to put on, thanks for the three suggestions, I will look into them.

I wasn't aware that I have a Yahoo Mail picture as a desktop component. I don't want this on my desktop, is this just a case of drag/drop in to my recycle bin?

Thanks
bluey1970
Regular Member
 
Posts: 19
Joined: October 15th, 2007, 8:35 am

Unread postby beynac » October 23rd, 2007, 9:08 am

First, let's get rid of the tools we used. You can delete the following:
  • SmitFraudFix and its report (c:\rapport.txt) .
  • ComboFix, its logs and the folder C:\Qoobox\
  • Navilog1 and its report (C:\fixnavi.txt)
I suggest that you keep ATF Cleaner and AVG Anti-Spyware as they are both useful programs. If you don't want to keep them, uninstall AVG Anti-Spyware through Control Panel > Add or Remove Programs. You can just delete ATF Cleaner.

-----------------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 3.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
-----------------------------------------------------

I wasn't aware that I have a Yahoo Mail picture as a desktop component. I don't want this on my desktop, is this just a case of drag/drop in to my recycle bin?

It can't be deleted in that way. We need to remove it from the registry. We can do this with HijackThis. There are some other 'fixes' we can do with HijackThis, which should improve the startup time. This will prevent the programs from running at startup, but does not delete any files. The programs can still be run manually, if required.

I will list them, with some explanations. Please 'fix' the ones which you're sure that you want to get rid and, obviously, leave those you want to keep. Let me know if you have any questions.

Run HijackThis and click Scan and then check (tick) the following, as required:

These first three can be fixed.

O24 - Desktop Component 0: (no name) - http://eur.i1.yimg.com/eur.yimg.com/i/uk/any/u/mail.gif
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


This appears to relate to a webcam. Does it need to run from startup?

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe

You have realsched.exe (RealPlayer's autoupdate program) running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. realsched.exe is a program which schedules for manual update checks for Real Networks products. This is a non-essential process. Disabling or enabling this is down to user preference however disabling may prevent notification of updates. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself. Item to fix in HijackThis:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Communications_Helper.exe (LogitechCommunicationsManager) process can be removed to free up resources without compromising system performance. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. Item to fix in HijackThis:

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

googletoolbarnotifier or googletoolbarnotifier.exe process can be removed to free up resources without compromising system performance. googletoolbarnotifier or googletoolbarnotifier.exe is a process associated with the GoogleToolbarNotifier from Google Inc.. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Close down all programs, browsers and other open windows. Make sure that only the above items which you want to remove are checked and then click on Fix checked.

---------------------------------------------------

Please post a new HijackThis log and let me know how the computer is running.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware