Completed 8 steps - Logs posted

By bboystillin
Nov 12, 2008
Topic Status:
Not open for further replies.
  1. Freewebportals.net! VIRUS ATTACKS

    I did ever single step in the 8 step process and things seem to be cleaned up. The original problem was my homepage was set on freewebportals.net and I couldn't change that. Superantispyware seemed to fix that by blocking the website from becoming my homepage so i then switched it back to google.com. Also I had significant slowdowns while using the pc and had 100% cpu usage often. I'm sure i had other viruses before but i never bothered to get anymore involved in removing them then just using spybot and scanning every week. The Avast program moved many trojans and viruses to its chest but the program is just a 60 day trial so I'm worried that after the 60 days, these viruses will be released back into my computer. I need some solutions to totally get rid of the viruses and other problems and prevent future ones. Another thing is I currently use dial up to connect to the internet and larger files take forever to download (to get a grasp of how slow let's say 30 min to download a 10 mb file, transfer rate is about 4-7 kbps) so if possible, recommend smaller programs.

    I attached the 3 logs as stated in the 8 step guide and also an avast log.

    Any recommedations of any kind will be greatly appreciated.
  2. bboystillin

    bboystillin Newcomer, in training Topic Starter

    I got a bit of a slowdown every once in awhile now. Not sure why.
  3. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi bboy

    Good job on logs.

    Use HJT Scan only select and remove the below

    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O20 - Winlogon Notify: geebx - C:\WINNT\system32\geebx.dll (file missing)
    O20 - Winlogon Notify: pmnnk - pmnnk.dll (file missing)
    O21 - SSODL: shsysset - {1EDEBB80-54D9-64D8-90E2-084C8D63EB5E} - C:\Program Files\vuafaae\shsysset.dll (file missing)
    O23 - Service: Application - America Online, Inc - (no file)
    O23 - Service: Logon Event (Logon) - Unknown owner - c:\winnt\system32\system.exe (file missing)

    Part of your slowdown is Norton, a bloated cpu hog and another Full Virus scanner Avast. Get rid of one! I vote for Norton.

    But first run both MalwareByes and SAS until they come up clean post log each time.

    But before next run tweak the config as below:

    SuperAntispyware config

    After installed double-click the icon on your desktop to run it.

    It asks to update the program definitions, click Yes.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    In MalwareBytes after update but before running
    Click settings and confirm all are Checked.

    Your ball!

    I repeat Update these 2 programs.

    Post new HJT log last!

    Mike
  4. bboystillin

    bboystillin Newcomer, in training Topic Starter

    I did all that you have said. However what am I suppose to do about the viruses in the Avast Chest? Read my very first post in this thread. I want to get rid of those viruses or fix them somehow. I do not know how to go about this.

    I have attached the 3 logs and check the avast log on my first post if needed.
  5. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Bboy

    The Avast is the Chest/Quarantine go to Avasts chest and clear them all.

    You have some issues with SQL and Evtmgr

    I will have to look at them and a few performance tweaks tomorrow as I am off to bed.

    Otherwise you are clean. No woory!

    Mike
  6. bboystillin

    bboystillin Newcomer, in training Topic Starter

    I have deleted everything in the Avast Chest. Hopefully I didn't delete anything that didn't need to be deleted. Thank you mflynn very much! I feel much better now that i know i got rid of viruses. I will greatly appreciate anymore suggestions! Thanks once again!!
  7. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Bboy

    I would not have told you to delete them if I did not recognize them as all bad.

    D/L Startup CPL http://mlin.net/StartupCPL.shtml

    Use it to Control Startups un-check something you are not sure you need and reboot. If you do need it just check it reboot and it is back. Or delete!

    In startups these 2 are not needed.
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\mdm.exe

    Use HJT Scan only select the below for removal
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Note the next errors are Related to Coral and SQL, the reference to Sys Event Manager (EvtMgr) is not the Windows event manager. Likely MySQL!
    If you want or need to keep them then repair reinstall My SQL or delete them and uninstall My SQL. You decide.

    O23 - Service: Sys Event Manager (EvtMgr) - Unknown owner - c:\winnt\system32\Evtmgr.exe
    O23 - Service: Logon Event (Logon) - Unknown owner - c:\winnt\system32\system.exe (file missing)
    O23 - Service: MSSQLService - Unknown owner - c:\winnt\system32\service.exe (file missing)
    O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe (file missing)

    This last one is from an uninstalled Norton/Symantec Firewall. To fix it before using HJT, I would run http://service1.symantec.com/support/nsw.nsf/docid/2001101612274407 and
    http://service1.symantec.com/SUPPOR...docid=2001101612274407&nsf=nsw.nsf&view=docid

    To complete Norton/Symantec removal I would Search the HD for Norton*.* and Symantec*.* and chose Advanced Options at bottom of search to look for System folder, Hidden, Subfolders. Delete all it finds.
    I always use Regseeker Find in Registry for norton then symantec and delete them all.

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    ----------------------------------------------------------------------------------------------------------------------------------

    Clean and update Java
    Cleanup old Java and update to newest version this program will do it all for you.

    Download JavaRa http://prm753.bchea.org/JavaRa.html

    Unzip it, run it, to update chose Jucheck (Suns updater) first, and if you do not have Jucheck then chose Update using Sun.

    After update chose Cleanup old versions. Give it a minute and after it pops up the log file you will see what it removed.

    Then click "Additional tasks" and check "remove Useless JRE files and Remove JavaRa log files.

    After that run Search for Updates again to confirm you are up to date.
    After that run remove older versions again. This time the Log file should be empty.
    ----------------------------------------------------------------------------------------------------------------------------------

    For protection later

    ERUNT
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    ERUNT http://www.larshederer.homepage.t-online.de/erunt/
    Yes! Even if you use system restore and other backups Registry and Images.
    ----------------------------------------------------------------------------------------------------------------------------------
    Finally

    Clean and tweak services ( Note you may not have all of these) some apply to XP and you have 2k.

    In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.

    Nothing is un-installed or deleted only disabled from running!

    They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

    Disabled uses no memory (RAM) and no CPU cycles.
    Manual uses the RAM but a small amount of CPU.
    Auto and not started they use even more RAM and CPU.
    Auto and started even more RAM and CPU ..

    Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles!

    Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is!

    So if you need most of them (or just think you do because you don't) then just as well enable them all)!

    Distributed Link Tracking Client
    Distributed Transaction Coordinator
    DNS Client
    Fast User switching
    Health Key and Certificate Management Service
    Indexing service
    Messenger
    Net logon (only needed to log into a Domain Controller) which you don't have
    Net.TCP Port Sharing
    NetMeeting Remote Desktop Sharing
    IPsec services
    QoS RSVP
    Remote Registry (a securtity risk also)
    Uninterruptable power supply
    Universal Plug and play
    Web Client
    Windows media player Network Sharing

    IF you are using a wired network card and "NOT" using wireless on this computer then you can also disable...

    Wireless Zero configuration

    Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop.

    Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.

    In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.

    This is not to be confused with Wired Auto Config do not disable that!

    Ok that sould keep you busy for a while and out of my hair!:D

    Mike
  8. bboystillin

    bboystillin Newcomer, in training Topic Starter

    I did most of what you said except Erunt and I did not need to upgrade Java since I already had the latest. also the System Event Manager (evtmgr.exe) still keeps showing up in my hijack this log and also the log on event. Also how do you uninstall MySQL. I deleted it from hijack this log and i saw MySQL in my services. Should I disable it?

    Attached is new HijackThis Log
  9. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Morning

    1. Erunt is a registry backup and Optimizer if you think System Restore always works, yeah right! And that you like reinstalling windows then skip it. Your choice.

    2. The JavaRa I gave does more than update it cleans old Java and useless jre files.
    Again your choice.

    3. On the MySQL if you don't use it then yes disable in Services then uninstall it from Add/Remove.

    Mike
  10. bboystillin

    bboystillin Newcomer, in training Topic Starter

    I can't find MySQL in Add/Remove. There's nothing there by that name. Is there some other way to locate and uninstall it? Thanks for your help again!!
  11. mflynn

    mflynn Newcomer, in training Posts: 2,793

    First browse with My Computer into Program Files.

    Look for a MySQL folder if found enter the folder and look for an unstall or unwise.exe run them to uninstal.

    I think you had a Program Files on D: also so look there.

    After running uninstaller delete the MySQL folders. If no uninstallers delete the folders anyway.

    Then do a window search like this:
    Files and folders
    In the Search for files or folders named put mysql*.*
    In Look in: My Computer
    Check Advanced Options then check the top 3 boxes.

    Search and delete all found.

    Download Regseeker http://www.hoverdesk.net/freeware.htm

    Run it click find in Registry and look for mysql

    Delete all found still in Regseeker Clean Registry!

    Wa La!

    Mike
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.