Arrrgh! - Somebody please help me fix my lame PC b4 I end up throwing it out!

[Benj69]

Hi!
I really hope there is some kind soul out there who can help me as my PC is really griefing me at the moment by being extremely slow.
It has been playing up for the last few months and inspite of having AVG, Norton and AdwareAlert on the machine it is still telling me that I have some infections. AVG tells me I have 5 quarantined files: bgates.exe (x3), Dc1.exe, Win403.tmp.exe, which I think are causing the problems (mainly very slow running PC and that my network has not let me connect via my wireless for a couple of weeks! (related(?))
I have run the Hijackthis program below and would like now to remove any of the problems once and for all and before I go removing the wrong things, I hope you can take a look at the log and tell me what and how to remove! Otherwise I think my only other option is to flatten it which will take some time to plan and back up!
Thanks in advance for your help and keep up the good work - cheers, Benj 69
p.s. Another thing, (but not sure if you can help, but great if you can), is that my mouse functions correctly but randomly (once every few days) the little white arrow pointer 'freezes' on the screen, (but can still be moved in the background!?) As you can imagine this is a MASSIVE pain as I then have to either 'use the force' and tab around the programs or restart and then the problem is gone... till the next time it occurs! Any ideas?

Logfile of HijackThis v1.99.1
Scan saved at 20:51:29, on 21.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Log please see attached log file (I think I have done it right now!?)

 

[Rage_3K_Moiz]

Benj69, copy the HJT log file into a notepad file(.TXT) and attach it to ur post instead. It will make it easier.

 

[Benj69]

Thanks - done that now - its been a loooong day!

It should be there now ?!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with a nasty trojan or two.

Go HERE and follow the instructions exactly.

Post fresh HJT and ewido logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Benj69 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Benj69]

Hi Howard,
thanks a lot for the info - I will take a look at the instructions and see what I have to do ... I hope it sorts the problem then... speak soon ...

 

[Benj69]

Hi Howard
I've just come back from a nice weekend away and just finished off the clean up on the PC! Mate - there was so much junk on there and it seems to now be running better already.
I have attached the HJT log and Ewido log which would be great to see if you think it looks sorted now or if you think there is still sth lurking out there??!!

One thing my PC didnt seem to let me uncheck the deactivate system restore on all drives as one of the last steps and just gave an error message that trying to activate or deactivate all drives and should be retryed after rebooting but still didnt work. Any ideas why?

ALso - what firewall and antivirus would you recommend that I run as I seem to have a lot on there which I am sure is not the optimum for it!

Thanx a million for your reply, excellent assistance and help, Paul

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AdwareAlert

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

AdwareAlert.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

O2 - BHO: CBTBPos01 Class - {22BF413B-C6D2-4D91-82A9-A0F997BA588C} - (no file)

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O4 - HKLM\..\Run: [adwarealert] D:\Programme\AdwareAlert\AdwareAlert.exe -boot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP

Fix all 018-Protocol entries.

O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

D:\Programme\AdwareAlert Delete the entire folder.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into killbox.

C:\windows\system32\winjyp32.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

As far as antivirus/firewall programmes, you should get rid of that resource hogging Symantec/Norton crapware.

Download and the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE, HERE and HERE.

Disconnect from the net and uninstall Symantec/Norton completely. If you have any problems in doing so, see this thread HERE.

Install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Reconnect to the net and run the antivirus updates.


Regards Howard

This thread is for the use of Benj69 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Benj69]

Hi Howard

well I have just gone through the steps you described and so please find attached the latest HJT log.

Generally my PC is working as lot quicker now, (although it still takes approx 5 mins from log in till all processes have started, internet connection is established and I can start using the PC).

Also I found that there were a couple of things that I couldnt do from your instructions:

1. Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
--> I still cannot uncheck the system restore box as it still gives the same error message that enable/ disable of that function causes an error and that I should try a restart, but it still doesnt work. (Currently the box is still therefore checked).

2. This is the filepath you need to enter into killbox.
C:\windows\system32\winjyp32.dll
--> When I entered this filepath it said it could not find this file and when I manually searched, the file is not to be found in C:\windows\system32\winjyp32.dll

As I mentioned I carried out all of the other tasks and really hope it is all sorted now. What do you think?

Also, my 'disappearing mouse' still occurs (see original post). Have you any ideas on this too?

OK - I will now get rid of the Symantec/ Norton crapware too ;-)

Thanks again a million for your help and kind regards

Paul

 

[howard_hopkinso]

First, you HJT log is now clean.

The winjyp32.dll is no longer showing in your HJT log. However, I think it`d be a good idea to search your entire system for this file. If you find it, use killbox to get rid of it.

As for your system restore problem and maybe your mouse problem as well, I suggest you try a windows repair as per this thread HERE. It could be that your virus problem has damaged some of your OS files.

Let me know how you get on.

Regards Howard

This thread is for the use of Benj69 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.