Windows Running Slow and Uninstalling Anti-Virus

[bluecountry]

I followed your steps

1)  I could not find ashDISP.exe.
            -I tried searching
     
     I did install unlocker....and in program files....unlocked and deleted ALWILSOFTWARE.
     It no longer appears.
     Does this mean I am finished?
     Is it removed?

2)  Should I get rid of unlocker?

3)  Is there anything else to do...or am in good health and just follow the guidelines?
        Would you like logs to confirm?

Thanks!

[Broni]

You may want to keep Unlocker. It's a very handy tool.

Post another HJT log, so I can see, if everything is gone.

[bluecountry]

OK.....here are my logs.


Super Anti-Spyware 3-12-2008

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/12/2008 at 06:44 PM

Application Version : 4.0.1154

Core Rules Database Version : 3417
Trace Rules Database Version: 1409

Scan type       : Quick Scan
Total Scan Time : 00:13:46

Memory items scanned      : 389
Memory threats detected   : 0
Registry items scanned    : 349
Registry threats detected : 0
File items scanned        : 10696
File threats detected     : 0




Super Anti-Spyware  3-23-2008

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2008 at 01:58 AM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type       : Quick Scan
Total Scan Time : 00:13:50

Memory items scanned      : 379
Memory threats detected   : 0
Registry items scanned    : 355
Registry threats detected : 0
File items scanned        : 10679
File threats detected     : 6

Adware.Tracking Cookie
   C:\Documents and Settings\Trent Berger\Cookies\[email protected][2].txt
   C:\Documents and Settings\Trent Berger\Cookies\[email protected][2].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@2o7[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@atwola[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@tribalfusion[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@revsci[1].txt



Dr. CureIt  3-23-2008


setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;Incurable.Deleted.;

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Deleted.;

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1;Probably BACKDOOR.Trojan;Incurable.Deleted.;

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Deleted.;

aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Deleted.;

[bluecountry]

hi jack this 3-23-2008


Logfile of HijackThis v1.99.1
Scan saved at 6:23:24 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

[bluecountry]

I'd like to know

1)  Is my system clean and fine?

2)  If so....any advice from here on?

3)  If not what needs worked?

4)  How come in the spyware scan adawre showed up....when I already deleted it?

5)  How come when I ran CCleaner.....it can not delete 21.82 kb....it always remains?
         -Also why does it show active Xcom and viewpoint unistaller and avast uninstaller?
         -Are all of these deleted and if not...what and how?


Thanks!

[Broni]

HJT log is clean.

1. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

2. Restart computer.

3. Turn System Restore on. Create new Restore Point.

4. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

6. Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares.
It won't interfere with your antivirus, nor firewall.

7. Let me know, how your computer is doing.

P. S. I partially answered your questions above, then...
- I'd definitely add another 512MB stick of RAM
- Some extra entries showed up only in cache entry, and some old downloaded files; sometimes, it takes couple of runs to remove everything
- CCleaner, 21.82KB left - I'd need to know what kind of files are those leftovers; possibly some temporary files, being in use

[bluecountry]

1) System Restore was ALREADY TURNED OFF.
-I simply turned it back on

-What does this indicate?
-Did I do the right thing?
-What is the next step?


2) I'm confused with CCleaner...why install it when I already have it?
-How can I post details of the scans/what was cleared and what remains?

3) Downloaded threatfire
-What do I do with the program?

4) I have windows unlocker...can I delete?

5) Computer has been running slower since I downloaded threatfire.

Thanks.

[Broni]

1. You did right thing. Nothing else to do in this department.
2. Sinnce you have it, already, run CCleaner, using instruction from the manual to which I provided the link. No need to post anything.
3. ThreatFire - you just install it, and let it run.
4. You can, but it's a very tiny program, which you can need in the future. I'd keep it.
5. Perform step 2, first.

[bluecountry]

Alright

1) I configuered and ran CCleaner according to the guidelines posted here
http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095

-Is that ok?


2) I ran the CCleaner...the log is a pain in the *censored* to post.
Here is the summary before I cleaned it
CLEANING COMPLETE - (10.928 secs)
------------------------------------------------------------------------------------------
52.1MB removed.
Secure file deletion enabled - Simple Overwrite (1 pass)
------------------------------------------------------------------------------------------

Details of files deleted


Here is the summary after I cleaned it
ANALYSIS COMPLETE - (0.376 secs)
------------------------------------------------------------------------------------------
21.82KB to be removed. (Approximate size)
Secure file deletion enabled - Simple Overwrite (1 pass)
------------------------------------------------------------------------------------------

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 21.82KB
------------------------------------------------------------------------------------------

3)  Notice it says 52 MB removed YET when I ran it seconds later 21 MB remained.
Why?
Problem?


4)  Here is the scan for issues summary
Missing MUI Reference   C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\SSUPDATE.EXE   HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference   C:\Documents and Settings\Trent Berger\Desktop\ccsetup205.exe   HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference   C:\Documents and Settings\Trent Berger\Desktop\tfinstall.exe   HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference   C:\DOCUME~1\TRENTB~1\LOCALS~1\Temp\is-92O9H.tmp\tfinstall.tmp   HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache


4)  Is my system clean?
-Is viewpoint unistaller/avast all gone?

5)  All set?

[Broni]

Notice it says 52 MB removed YET when I ran it seconds later 21 MB remained.

This is why:

Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 21.82KB

Not 28MB, but 21KB. Nothing to worry about. Leave it.


Your system seems to be perfectly clean. How is it doing overall?

[bluecountry]

It's doing better...is it all clean...no viruses or bad programs?

Should I run one last scan or is it good to run?

[Broni]

Concerning "bad guys", it's clean, good to go.

[bluecountry]

Thanks.
What regular steps can I do to have future prevention?

[Broni]

Keep your protection programs up, and up to date. That's all, you can do.

[bluecountry]

Thanks!