Dear Forum,
I recently got great help from this forum for a problem I was having on my work computer, so I thought I would ask for help for my home computer.
I recently (within the last ~6 months) noticed that opening and running applications (internet and otherwise) has become very slow. It got a lot slower over a short time period, so I don't think it was due to an accumulation of installed/running programs, as I haven't installed anything in over two years.
I am following the KRC AntiSpyware tutorial (http://www.greyknight17.com/spyware.php) to try to clean up my computer.
I already ran the ATF Cleaner (step 1 from the tutorial), I ran a full AVG Anti-Virus free edition (it found and got rid of 1 tracking cookie), and I have the Windows Firewall running.
I have just run Malwarebyte's AntiMalware scan. It found 10 things, but I wasn't sure I could safely delete everything b/c some of them seem to be registry key/registry data things and I don't know if it is ok to delete them.
Below are the logs from the AntiMalware scan (before and after deleting the objects I was sure of). I deleted the 7 MyWay objects, but am not sure what to do about the 2 registry and 1 userinit objects. Can someone take a look at the log, advise me and help me as I go through the remainder of the malware tutorial?
Any and all help is greatly appreciated!
***********BEGIN LOG BEFORE DELETION of MYWAY objects*********************
Database version: 1701
Windows 5.1.2600 Service Pack 2
1/27/2009 11:59:29 PM
mbam-log-2009-01-27 (23-59-21).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 163355
Time elapsed: 1 hour(s), 51 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> No action taken.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> No action taken.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.
C:\Program Files\MyWay\SrchAstt (Adware.MyWay) -> No action taken.
Files Infected:
C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
C:\WINDOWS\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
*********END LOG ERE DELETION****************
*****************BEGIN LOG AFTER DELETION*****************
Malwarebytes' Anti-Malware 1.33
Database version: 1701
Windows 5.1.2600 Service Pack 2
1/28/2009 12:01:35 AM
mbam-log-2009-01-28 (00-01-35).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 163355
Time elapsed: 1 hour(s), 51 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Not selected for removal.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
Folders Infected:
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\SrchAstt (Adware.MyWay) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Not selected for removal.
************END LOG AFTER DELETION*********************
General