Spyware, Malware, slow computer?

By cuegt
May 13, 2007
Topic Status:
Not open for further replies.
  1. I have a Hp ze4805 laptop, and it's seems to be running alot slower as of lately, i added more ram and that sped it up some, but for dsl it's still running way to slow for me. Whenever i open up aol, or internet explorer, it takes a min or two before the the browser opens completely, it opens like i got dial up or something. I ran a disk clean up, then i ran spybot, adware se, and defender The disk defrag said it didn't need one. Spybot and adware picked up several spyware, defender picked up nothing, but the spyware, or maleware spybot and adwae se picked up is pretty much the same thing over and over again, is there anyway to block these issues from comming back, or is there something on my computer that's bringing them back. Any help will be appreciated, i'm not a pro at computers, but given step by step i can stay with u if there is help on this issue. Thanks in advanced.
  2. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste if not it will be ignored and/or removed by the moderators.
    The logs will enable us to understand that much more about the problems on your system.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    To be continued

    Wow, alot of steps there, but well worth it to be on the safe side, I'll have to go thru this later today as i have to be at work by 8am, but thanks for the tip and i will post back as soon as i get home, thanks again.
  4. momok

    momok Newcomer, in training Posts: 2,272

    Yes, better to be on the safe side definitely.
    That thread provides a comprehensive mix of steps to remove common malware, as well as provide us logs of your system to look at so we can further remove any tough nasties.
    So do follow them all if you can.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    step 3

    The virus scanner in step 3 came up with one infections (Need2Find) as far as grayware, and malware is concerned, and it said it cleaned it and reran the scan and it said everything was ok, so i'm wondering if i should go on to step 4 or stop here?
  6. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Please complete all the remaining steps where possible and post the requested logs (AVG Antispyware, HijackThis and ComboFix) as attachments to this thread. There is no 100% guarantee that your system is completely safe and clean from infections even after passing through one scanner.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    Running processes

    How many running processes are suppose to be running at one time. I ran Adware Se with no programs open and it showed i had 55 running process while it was scanning. Is this too many, and how can i cut down on some if it is. I went to task manager and tried to reset some priorties but it wouldn't let me. Any ideas?
  8. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Please complete the instructions from the Preliminary malware removal thread and post the requested logs.
    Without the logs, we cannot help you because we have nothing to work with. The logs will provide important information about your system that shows if it is infected.

    With regards to running processes, there is no fixed number as it varies for every individual according to their needs. Perhaps you can post HijackThis log and I can help provide advice (after ensuring your system is clean) on which processes are not necessary to be run.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    I just ran hijack and got this
  10. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

    Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    Viewpoint Manager

    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    ViewpointService.exe
    ViewMgr.exe


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O18 - Filter hijack: text/html - (no CLSID) - (no file)

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\Program Files\Viewpoint\

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    Ok, finally done as u asked, I've been noticing that everytime i run my Adware scan it always catch's spyware in My C drive documents and setting comp usa. Oh well i guess u can tell me why, here u go, and i reallt appreciate your time and help.
     
  12. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Download CCleaner via step 9 of the instructions HERE and run the cleaner a few times.

    Your logs appear clean now. However you still have the Viewpoint folder in your system. Please navigate in windows explorer to:

    C:\Program Files\Viewpoint < delete this folder and its contents

    Turn off system restore (XP/ME only). Learn how to do that HERE.

    This will remove all the remaining nasties from your old restore points.
    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  13. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    I'm not exactly sure what your asking me to do when u say navigate in windows explorer. can u explain what u want me to do a little more in depth, sorry about the lack of knowledge

    Ok, i did some guessing and just went to my computer, program files, and saw the viewpoint folder. So i right clicked on it and tried to delete it a couple of times, but this error kept comming up


    can not delete AxMetaStream.dll it is being used by another person or program.

    I closed everything that was open and tried it again, but to no avail. Is there another way i can delete it? I havent run the CCscan yet, nor have i stopped my system restore, i wanted to know if u wanted me to delete this file before i did any or the other steps?

    Ok i been up doing all kinds of guessing and as far as this viewpoint file i just can't get it to delete, but explain this too me. I booted up in safe mode and was able to delete the file, but when i restarted, and checked my C drive it was there again. So i robooted in safe mode again and deleted it, then went to the recycle bin and deleted from there and checked my c drive and it was gone, and again i rebooted in normal mode and it's back again, U guys have any way of telling me how i can delete this file? I'd really like to. Thanks as always.
  14. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Please try rebooting into safe mode and unhide all your system files and folders. Then do the following.

    Go to Control Panel, Add and Remove programs and find anything related to Viewpoint and uninstall them.

    Next delete the C:\Program Files\Viewpoint folder.

    Do a search in Windows Explorer for AxMetaStream.dll and delete it. Let me know its filepath.

    Reboot into normal mode and rehide your OS files.

    Next, run AVG Antirootkit via Step 11 of the instructions HERE. Let me know the results of the scan.

    Finally, please post fresh HijackThis, ComboFix and AVG Antispyware logs from normal mode as attachments to this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  15. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    Finally

    Oh man i'm proud to say the Avg Root kit came up with nothing, and so did AVG anti spyware. I'm ever more relieved that the viewpoint folder was gotten rid of using the steps u gave me, i can't thank u enough for your help, i've been up all night trying to get rid of that. Now i just need u to check these logs and tell me some more good news.
  16. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Glad to be of help. Your logs look clean now.

    Please delete all file in the AVG Antispyware quarantine folder.

    Turn off system restore (XP/ME only). Learn how to do that HERE.

    This will remove all the remaining nasties from your old restore points.
    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.

    Now you're good to go ;)


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  17. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    Thanks Momok

    Man u really helped me out alot with this malware problem, After i posted my last logs, i went straight to sleep after fighting with this problem. I just checked again to be on the safe side and the Viewpoint did not come back so i did as u said with erasing the files in AVG, and i did as the article said the link and started a limited account, now that was of big help, i'm still reading up on how it can help and the rest of it, but again i can't thank u enough for staying with me on this. Great staff.
  18. momok

    momok Newcomer, in training Posts: 2,272

    You're welcome cuegt. =)

    Should you have any further problems, techspot will always be ready to help you out. Enjoy your clean system ;)

    Regards,
    Your friendly Momok =)
  19. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    From my PC this time

    Hey Momok man thanks again for helping me feel safer on my laptop, and getting rid of the malware. I felt so good about it i decided to do my PC the same way. I followed the steps above and ran a AVG 1st, then Hjk, then Combo fix report last. If u or someone else gets a chance i'd like to have thoes posts looked over to see how clean my Pc is, and thanks a bunch guys you really do great deeds for thoes of us who arent computer literate.
  20. momok

    momok Newcomer, in training Posts: 2,272

    Hi

    I noticed that your AVG log displays 'No Action Taken' for all the files detected.

    I suggest you run AVG again and quarantine the files. Pictorial instructions HERE. Do this after the following instructions in safe mode.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    AlcxMonitor
    DDCM
    DDCActiveMenu


    Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    Viewpoint
    DDC / WildTangent


    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    DDCMan.exe
    DDCActiveMenu.exe
    ALCXMNTR.EXE


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file)
    O2 - BHO: WIN Tools - {4E7BD74F-2B8D-469E-D0EA-F878F4D5FA7D} - C:\WINDOWS\DOWNLO~1\tgtb.dll (file missing)

    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
    O3 - Toolbar: WIN Tools - {4E7BD74F-2B8D-469E-D0EA-F878F4D5FA7D} - C:\WINDOWS\DOWNLO~1\tgtb.dll (file missing)

    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
    C:\Program Files\WildTangent
    C:\WINDOWS\DOWNLO~1\tgtb.dll

    You may run your AVG scan and quarantine the infected files now. Save the report after that.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  21. cuegt

    cuegt Newcomer, in training Topic Starter Posts: 32

    Finally

    Finally finished, many more files on my pc. but here are the latest. thanks again man, i really appreciate it. after i did all of the above i just checked my add and recieve and deleted a file called viewpoint manager.
  22. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Please also delete the following folder.
    C:\Program Files\Viewpoint

    Your logs look clean now.

    Delete all files in AVG Antispyware Quarantine folder.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of cuegt only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.