Something Happened, slow..

Status
Not open for further replies.

gtbnyc

Posts: 21   +0
HI, in the last couple weeks it started takling like a minute or 2 for IE to open after clicking the link from my desktop. Once it's opened all seems fine, but than when I try to click any link from my desktop it again takes forever to open any folders or programs. I have run a bunch of spyware and cleared everything, but the problem still exists. I am just out of ideas and sooo frustrated . Here is my Hijack result

attached. It won't let me post it here because this system sees some links in the log file I can't find.

I really really appreciate anyone with knowledge to help.


Thanks. ss
 
Hi gtbnyc,

Please attach .txt or .log files not .doc files, I do not open .docs

Please have a read here-> Is your system infected? Read this before Cleaning or Formatting

If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)AVG log
2)Combofix log
3)Hijackthis log (Step 15)

This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you very much for responding. I am currently not at the computer with the problem, but I wanted to attach the current log file just if you could take a minute to see if you notice anything. I will go through the steps detailed in the post, but can not from here.
 
Your Hijack this is an older version and is also running from the wrong location.

First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,

'To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the
Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.'


Go to Start > Run and copy/paste or type: taskmgr
  • Under the Processes tab find the following tasks or processes:
    ViewpointService.exe
    ViewMgr.exe
  • Highlight and click "End Process".
  • Exit Task Manager.
Click on Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab".
  • Scroll down the list and find the service called "Viewpoint Manager Service"
  • When you find the service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Disabled".
  • Now click "Apply", then "OK" and close any open windows.
Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder

Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder


I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    o Extended (If available, otherwise use standard)
    o Scan Options:
    o Scan Archives
    o Scan Mail Bases
  • Click OK
  • Under select a target to scan, select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Kas-SaveReport-1.gif

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file
  • In the Save as type prompt, select Text file (see below)

    Kas-Savetxt.gif

  • Include the report in your next post.

Navigate to C:\Program Files\Trend Micro\HijackThis

open the folder and right click on HijackThis.exe rename the file to xplook.exe and then send a shortcut to the desktop.

Run a scan using the newly named file with the shortcut which is now on your desktop.

In your next post you should have,

1) Kaspersky scan
2) Fresh HijackThis scan


This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I did what you said

Thanks, I did what you said and will attach the files. The only problem was that when the Kasp[ersky was running it got locked up in the outlook which was at 7% of the scan. I didn;t move 1 file after 16920 for 45 minutes so I think there is a problem.

Here are the files.
 
Ran 1 more - please check

I did all you stated and here is the Kas Scan from today.

Thank you very much,
 
It looks like the infection is in your archive.pst file,
C:\Documents and Settings\Stuart Sherman\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/26 Jul 2004 22:01 from stuart sherman:FW: Returned mail: Data xxxxxxxxxxxxxx@xxxxxxxxxxxx.zip

Delete this and then empty your recycle bin.

After this is done then Reboot your pc and run a fresh HJT log.

This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
done and

HI, thank you for responding. I cleared the archives and rebooted. I'll attach the file.

The problem I can still see is 2 things. After booting up when I launch IE it takes a few minutes before it connects. The other computer here takes just a second. After I finally get onine all is fine, but when i go to the desktop and try to click any file or folder it again takes forever to load up and locks all the tabs on the bottom so I can no longer click on them to view the things in other windows. I need to alt tab to go back and forth.

I hope this sheds some light, what do you think.

ss
 
No firewall

You should get a firewall as well, either, these firewalls are all free,

Fix entries with HijackThis
  • Open HijackThis and select do a system scan only,
  • Put a check next to the following entries
  • Close all browser windows including this one and select fix checked.
O2 - BHO: (no name) - {12ED245D-57AF-4EF8-A10B-B8A8C19429BB} - C:\xp2008.dat

Boot into safe mode and show all hidden files and folders,

Search for and delete if found,
C:\xp2008.dat

Reboot back into normal mode and rehide all your files and folders

uninstall list

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

: rename hijackthis :

There is some infection hiding in your log.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to xplookout.exe after you have renamed hijackthis
right click on it and create a new shortcut and put it on your desktop
then post back a new Hijackthis log.

also do a fresh Kaspersky scan.

So inyour next post you should have,
1)Hijackthis uninstall list
2)Fresh HJT scan
3)fresh Kaspersky scan


This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You still dont have a firewall,

Go to add remove programs and remove these, if still present

LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)


You also didnt rename HijackThis, you just renamed the log file,

Go to start then run or press the windows key and r
then copy and paste this into the run box
C:\Program Files\Trend Micro\HijackThis
and rename this HijackThis.exe to xplookout.exe

Some spyware can hide from HijackThis so thats why we rename the executable.

How is the computer running now?

Do the above and then post the log again

in this log I would like to see a firewall installed and hijackThis.exe renamed.

This thread is for the use of gtbnyc only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
added please check

Hi,

I added Online Armor. It keeps saying incoming Port and outgoing Port from my desktop tray. Is that normal?

I change the hijack this to the name you said again so hopefully it is what you wanted.

I'll attach the new file and the doc for teh online armor, i wasn't sure how to hnadle the items it displayed. Please let me nkow what you think/see.

I unistalled the symantec you said as well

Thank you.
 
Thats better, the firewall still isnt showing up so im assuming that you ran the scan first.

Ive never used online armor so im not 100% sure about that, the kaspersky scan is clean and the HJT one looks clean but ill have a proper look later on.

How is the computer running?
 
update

The computer def. seems to be running 80% better.

There are some programs that always seem to pop up when shutting down the computer wher I click end now and I'm not sure how this firewall works or if it's turned on exactly. Should I be comfortable when it says in a baloon everytime something incoming Port or outgoing Port etc.

I can do more scans if you want?

Thanks very much again for your time.
 
Try the other firewalls that I gave you if you want, just remember to always unistall one before putting a new one on.

Im looking over the HJT log properly now so ill let you know.

EDIT||||||||||||||||||||||

Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entrieslisted below
    O16 - DPF: {F9463571-87CB-4A90-A1AC-2284B7F5AF4E} (Persits Software XEncrypt) - https://www.merch_app.eps-na.com/aspencrypt.dll
  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

There was just that one entry,

Probably not much point running another scan, there is nothing in either log to warrant it, you appear to be all clean, here are some simple steps to help you keep your computer clean and secure:

Now we can remove all the tools that we used.

Please download OTMoveIt2 and save it to desktop.
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

    or

    Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for Spybot S & D

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

If you have any more problems then just let us know.
 
Status
Not open for further replies.
Back