Bad Spyware Problem

[Wearhouse51]

Everytime I open up internet explorer it starts loading the website then says it is downloading something from that website. This causes the entire computer to freeze. I've never had this happen before. Here is my Hijackthis log. Hopefully you guys can help me out. Thanks.


Wearhouse

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\pxwma.dll

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log and let us know how your system is running.


Regards Howard

 

[Wearhouse51]

Ok

Alright here is my new log. The internet is now working, but the computer is still generally running slow, but I don't know if that is a problem with spyware anymore. Not really sure. Thanks for your help.



Wearhouse

 

[howard_hopkinso]

Your HJT log is clean.

In order to speed up your pc do the following.

Go to add remove programmes in your control panel and uninstall anything you don`t need or use.

Download the free AVG antivirus programme and the free Zonealarm firewall from HERE and HERE.

Disconnect from the net and completely uninstall McAfee and reboot your computer.

Install Zonealarm, followed by AVG. Reboot again, then reconnect to the net. Run the AVG updates.

Click start/run and type msconfig into the run box and press the enter key.

When the window appears click on the startup tab and disable anything you don`t want to start with winows. Click apply/ok. You will be prompted to restart your computer.

Once your system has restarted, you will see a window that says you have used msconfig to make changes etc. Tick the little box that says not to run msconfig the next time you start your system and click ok.

Download and run the Ccleaner programme from HERE. Run the programme a few times. Also click on the issues button and click on the scan for issues button. Click the fix select button followed by fix all slected issues button. Do this several times until no more issues are found.

Run a disk defrag twice.

Reboot your system and see how it runs.

Regards Howard

 

[Wearhouse51]

Thanks

Thank you for all your help Howard. My computer is running much faster now. Thanks again.



Wearhouse

 

[Wearhouse51]

I've got some problems with spyware on my computer. It has shut down my internet access and made other programs unusable. If you could help that would be great. My hijackthis log is attached. Thank you so much.



Wearhouse

What I believe to be spyware/malware on my computer has stopped me from sharing files with other computers on my network. When I try and go run the repair tool on my network connection it has an error message that says "Windows cannot finish repairing the problem because the following action cannot complete: Clearing NetBT". If you guys could help me with this at all I would really appreciate it. Thanks.



Wearhouse

 

[howard_hopkinso]

I have merged your new thread into this one.

Have HJT fix the following.

O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} (Gif89 Lite Class) - http://71.136.8.221/xplugDL.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Other than the above, your HJT log is clean.

However, you should go HERE and follow the instructions exactly. If your problem is cause by a virus or spyware, it should hep you to clean your system.

Regards Howard

This thread is for the use of Wearhouse51 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.