Okay, let's try and finish this up. It is not necessary for you to tell me the things you have done. If you follow my directions, I will know what you have done.
IF you have a question or an answer to a question I've asked, type it into the reply- short if possible. I don't open .doc files here.
I went back and read all the posts-again and don't understand about the Safe Mode problem. It can't be missing. My thought is that you aren't starting the F8 tapping at the right time, so once more:
Boot into Safe Mode
[*] Restart your computer: let the logo load first. Then start pressing the F8 key on your keyboard right before Windows would load.
[*] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Your HijackThis log is clean.
Please give me a rundown of the problems you are having. These were the original problems:
Symptoms
I don't see anything in HJT to account for this. You're starting up with a few extras but nothing unusual. How much RAM do you have installed.
IF you have Spysweeper set to scan on Startup, that can be part of the delay. Open the program and uncheck the scan on startup entry.
Use the msconfig utility to take Spysweeper off of Startup.
2. I need to manually power down the PC-
Please explain this. Are you getting the message of the Task Manager that a program won't shut down? What program is hanging? What are you doing to 'manually power down?
3." I do have trojan-backdoor-stinkbreath found by spysweeper but I could not clear it because I could not log into spysweeper via internet to pay for it"
Spysweeper is a paid program. IF you have it on the system, you either paid for it or it was pirated. Spysweeper has both an antispyware program alone and also has an AV program combined with the spyware/adware program. Yous is the spyware only.
I see a Service for Spysweeper: with no other entries:
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
Make sure this Service is set to Manual Startup type:
Start> Run> services.msc> double click on WRConsumerService> set to Manual Startup> Stop the Service.
If you paid the $30 for this program and if it finds spyware or adware that it can remove, it should not require any payment. I don't know if it has a trial use, but if it does and that's all you have, then you have to buy the complete program to get the full version.
4. Cannot run most antivirus, anti spyware programs. Try this online scan:
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
I advise uninstall Office XP. A legitimate version pre-installed does not show up as :
\Documents and Settings\All Users\Documents\Downloads\
Cracks\officeXP_
Crack\OfficeXP_Activator.exe
[DETECTION] Is the TR/Agent.21438.B Trojan
It appears that the infected OfficeXP_Activator.exe was gotten in the download from a file sharing site.
Edit: Forgot to add:
I am transferring some files from the bad PC to the good one.
Chances are you now have two malware infected systems.
Here you will get the available restorable dates and click the date earlier to the infected date
Since it is usually not known the exact date that malware got on the system, it is not recommended a System Restore be done.