TechSpot

Something Happened, slow..

By gtbnyc
Mar 20, 2008
  1. HI, in the last couple weeks it started takling like a minute or 2 for IE to open after clicking the link from my desktop. Once it's opened all seems fine, but than when I try to click any link from my desktop it again takes forever to open any folders or programs. I have run a bunch of spyware and cleared everything, but the problem still exists. I am just out of ideas and sooo frustrated . Here is my Hijack result

    attached. It won't let me post it here because this system sees some links in the log file I can't find.

    I really really appreciate anyone with knowledge to help.


    Thanks. ss
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Hi gtbnyc,

    Please attach .txt or .log files not .doc files, I do not open .docs

    Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

    If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

    1)AVG log
    2)Combofix log
    3)Hijackthis log (Step 15)

    This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    Thank you very much for responding. I am currently not at the computer with the problem, but I wanted to attach the current log file just if you could take a minute to see if you notice anything. I will go through the steps detailed in the post, but can not from here.
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Your Hijack this is an older version and is also running from the wrong location.

    First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

    This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    New log file

    Here is the new log file that i uploaded with the new text file.
     
  6. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    Ok, here it is Pleease Read

    Here is the new HJT file. Please take a look.
     
  7. kritius

    kritius TS Guru Posts: 2,084

    This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,


    Go to Start > Run and copy/paste or type: taskmgr
    • Under the Processes tab find the following tasks or processes:
      ViewpointService.exe
      ViewMgr.exe
    • Highlight and click "End Process".
    • Exit Task Manager.
    Click on Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab".
    • Scroll down the list and find the service called "Viewpoint Manager Service"
    • When you find the service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Disabled".
    • Now click "Apply", then "OK" and close any open windows.
    Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Finally, delete the following folders if they still exist:
    C:\Program Files\ViewManager\ <-- and delete this folder
    C:\Program Files\Viewpoint\ <-- and delete this folder

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder


    I would like you to do an online scan so that we can what else may be in your system,
    Run Kaspersky online scanner
    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
    Do not go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      o Scan using the following Anti-Virus database:
      o Extended (If available, otherwise use standard)
      o Scan Options:
      o Scan Archives
      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)

      [​IMG]
    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)

      [​IMG]
    • Include the report in your next post.

    Navigate to C:\Program Files\Trend Micro\HijackThis

    open the folder and right click on HijackThis.exe rename the file to xplook.exe and then send a shortcut to the desktop.

    Run a scan using the newly named file with the shortcut which is now on your desktop.

    In your next post you should have,

    1) Kaspersky scan
    2) Fresh HijackThis scan


    This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    I did what you said

    Thanks, I did what you said and will attach the files. The only problem was that when the Kasp[ersky was running it got locked up in the outlook which was at 7% of the scan. I didn;t move 1 file after 16920 for 45 minutes so I think there is a problem.

    Here are the files.
     
  9. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    Ran 1 more - please check

    I did all you stated and here is the Kas Scan from today.

    Thank you very much,
     
  10. kritius

    kritius TS Guru Posts: 2,084

    It looks like the infection is in your archive.pst file,
    C:\Documents and Settings\Stuart Sherman\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/26 Jul 2004 22:01 from stuart sherman:FW: Returned mail: Data xxxxxxxxxxxxxx@xxxxxxxxxxxx.zip

    Delete this and then empty your recycle bin.

    After this is done then Reboot your pc and run a fresh HJT log.

    This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    done and

    HI, thank you for responding. I cleared the archives and rebooted. I'll attach the file.

    The problem I can still see is 2 things. After booting up when I launch IE it takes a few minutes before it connects. The other computer here takes just a second. After I finally get onine all is fine, but when i go to the desktop and try to click any file or folder it again takes forever to load up and locks all the tabs on the bottom so I can no longer click on them to view the things in other windows. I need to alt tab to go back and forth.

    I hope this sheds some light, what do you think.

    ss
     
  12. kritius

    kritius TS Guru Posts: 2,084

    No firewall

    You should get a firewall as well, either, these firewalls are all free,

    Fix entries with HijackThis
    • Open HijackThis and select do a system scan only,
    • Put a check next to the following entries
    • Close all browser windows including this one and select fix checked.
    O2 - BHO: (no name) - {12ED245D-57AF-4EF8-A10B-B8A8C19429BB} - C:\xp2008.dat

    Boot into safe mode and show all hidden files and folders,

    Search for and delete if found,
    C:\xp2008.dat

    Reboot back into normal mode and rehide all your files and folders

    uninstall list

    Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

    : rename hijackthis :

    There is some infection hiding in your log.

    Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    Right-click on HijackThis.exe & select Rename to xplookout.exe after you have renamed hijackthis
    right click on it and create a new shortcut and put it on your desktop
    then post back a new Hijackthis log.

    also do a fresh Kaspersky scan.

    So inyour next post you should have,
    1)Hijackthis uninstall list
    2)Fresh HJT scan
    3)fresh Kaspersky scan


    This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    3 files asked for -

    Hi, here are the 3 files. Let me know what you think.

    Thanks as always.
     
  14. kritius

    kritius TS Guru Posts: 2,084

    You still dont have a firewall,

    Go to add remove programs and remove these, if still present

    LiveReg (Symantec Corporation)
    LiveUpdate 2.6 (Symantec Corporation)


    You also didnt rename HijackThis, you just renamed the log file,

    Go to start then run or press the windows key and r
    then copy and paste this into the run box
    C:\Program Files\Trend Micro\HijackThis
    and rename this HijackThis.exe to xplookout.exe

    Some spyware can hide from HijackThis so thats why we rename the executable.

    How is the computer running now?

    Do the above and then post the log again

    in this log I would like to see a firewall installed and hijackThis.exe renamed.

    This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    added please check

    Hi,

    I added Online Armor. It keeps saying incoming Port and outgoing Port from my desktop tray. Is that normal?

    I change the hijack this to the name you said again so hopefully it is what you wanted.

    I'll attach the new file and the doc for teh online armor, i wasn't sure how to hnadle the items it displayed. Please let me nkow what you think/see.

    I unistalled the symantec you said as well

    Thank you.
     
  16. kritius

    kritius TS Guru Posts: 2,084

    Thats better, the firewall still isnt showing up so im assuming that you ran the scan first.

    Ive never used online armor so im not 100% sure about that, the kaspersky scan is clean and the HJT one looks clean but ill have a proper look later on.

    How is the computer running?
     
  17. gtbnyc

    gtbnyc TS Rookie Topic Starter Posts: 21

    update

    The computer def. seems to be running 80% better.

    There are some programs that always seem to pop up when shutting down the computer wher I click end now and I'm not sure how this firewall works or if it's turned on exactly. Should I be comfortable when it says in a baloon everytime something incoming Port or outgoing Port etc.

    I can do more scans if you want?

    Thanks very much again for your time.
     
  18. kritius

    kritius TS Guru Posts: 2,084

    Try the other firewalls that I gave you if you want, just remember to always unistall one before putting a new one on.

    Im looking over the HJT log properly now so ill let you know.

    EDIT||||||||||||||||||||||

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entrieslisted below
      O16 - DPF: {F9463571-87CB-4A90-A1AC-2284B7F5AF4E} (Persits Software XEncrypt) - https://www.merch_app.eps-na.com/aspencrypt.dll
    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    There was just that one entry,

    Probably not much point running another scan, there is nothing in either log to warrant it, you appear to be all clean, here are some simple steps to help you keep your computer clean and secure:

    Now we can remove all the tools that we used.

    Please download OTMoveIt2 and save it to desktop.
    • Double-click OTMoveIt2.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.

    Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

    • Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

      You can find instructions on how to enable and re-enable system restore here:

      Windows XP System Restore Guide

      or

      Windows Vista System Restore Guide

    Re-enable system restore with instructions from tutorial above

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

      This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

      Instructions for Spybot S & D

    • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    Here are some additional utilities that will enhance your safety

    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software

    Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

    Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

    If you have any more problems then just let us know.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...