Tech Support Forum - View Single Post - slow. constant crashes. tried everything.

tetonbob · 11-30-2005, 07:52 AM

This log looks like it was taken in safe mode, due to the lack of running processes. Please be sure all logs are taken from normal mode. We will run this entire fix in normal mode this time.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. We will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Launch KillBox.exe & select the following options:

delete on Reboot

Highlight all the filenames below & then right-click & select Copy

C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
C:\WINDOWS\Tasks\34C5CECB918CF6A8.job
C:\WINDOWS\Tasks\6850E1D791874A00.job
C:\WINDOWS\Tasks\212850856E7C4E56.job
C:\WINDOWS\Tasks\A331F246918A2F27.job
C:\WINDOWS\Tasks\DF27A4E29183E28F.job
C:\WINDOWS\Tasks\C45CDC5291830EE7.job
C:\WINDOWS\Tasks\3608D3EC91809FD5.job
C:\WINDOWS\Tasks\3DBEF19291813FD1.job
C:\WINDOWS\Tasks\98B2975491822767.job
C:\WINDOWS\Tasks\0FAE04996E6F7064.job

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MessengerPlus! 3

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qplgjwovfrlweo.org/CowaT9...9fJY7jKNy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {51DB4DF2-2D68-E485-9135-6A5C42E85865} - C:\WINDOWS\APPLICATION DATA\GRAM AIM DEFAULT\LONG BLEH.EXE (file missing)
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab

Ensure Hidden Files are still visible:

Go to My Computer->View->Folder Options->View tab and make sure that 'Show all files' is checked under the 'Hidden Files' section. Also make sure there is no checkmark beside 'Hide file extensions for known file types'.

Delete the following Folders if they exist:

c:\program files\mp3ooz~1<<<this will be a folder which begins with the first six characters "mp3ooz"
C:\WINDOWS\APPLICATION DATA\GRAM AIM DEFAULT
C:\Program Files\MessengerPlus! 3

Please let me know if you can't find them, or they resist deletion, as there are folders present which were to be deleted last run.

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

Restart and run a new HijackThis scan. Save the log file and post it here.

Create a uninstall list:

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notebook onto your post

Run FindLOP again, and post the results here.

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

Choose Save, NOT run, and save to your desktop
Double-click the tmas-web-scan.exe icon
It will say "Loading TrendMicro definitions".
Click "Start Scan"

After it's done scanning, click "Scan Results"

Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

11-30-2005, 07:52 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,787 OS: 2000 Pro; XP Pro; XP Home	This log looks like it was taken in safe mode, due to the lack of running processes. Please be sure all logs are taken from normal mode. We will run this entire fix in normal mode this time. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. We will use this later. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175) Launch KillBox.exe & select the following options: delete on Reboot Highlight all the filenames below & then right-click & select Copy C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf C:\WINDOWS\Tasks\34C5CECB918CF6A8.job C:\WINDOWS\Tasks\6850E1D791874A00.job C:\WINDOWS\Tasks\212850856E7C4E56.job C:\WINDOWS\Tasks\A331F246918A2F27.job C:\WINDOWS\Tasks\DF27A4E29183E28F.job C:\WINDOWS\Tasks\C45CDC5291830EE7.job C:\WINDOWS\Tasks\3608D3EC91809FD5.job C:\WINDOWS\Tasks\3DBEF19291813FD1.job C:\WINDOWS\Tasks\98B2975491822767.job C:\WINDOWS\Tasks\0FAE04996E6F7064.job * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: MessengerPlus! 3 Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qplgjwovfrlweo.org/CowaT9...9fJY7jKNy.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {51DB4DF2-2D68-E485-9135-6A5C42E85865} - C:\WINDOWS\APPLICATION DATA\GRAM AIM DEFAULT\LONG BLEH.EXE (file missing) O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab Ensure Hidden Files are still visible: Go to My Computer->View->Folder Options->View tab and make sure that 'Show all files' is checked under the 'Hidden Files' section. Also make sure there is no checkmark beside 'Hide file extensions for known file types'. Delete the following Folders if they exist: c:\program files\mp3ooz~1<<<this will be a folder which begins with the first six characters "mp3ooz" C:\WINDOWS\APPLICATION DATA\GRAM AIM DEFAULT C:\Program Files\MessengerPlus! 3 Please let me know if you can't find them, or they resist deletion, as there are folders present which were to be deleted last run. Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions 4. Click OK 5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! Restart and run a new HijackThis scan. Save the log file and post it here. Create a uninstall list: Open HiJackThis Click on the configure button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notebook onto your post Run FindLOP again, and post the results here. Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button). Choose Save, NOT run, and save to your desktop Double-click the tmas-web-scan.exe icon It will say "Loading TrendMicro definitions". Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009