Slowww Browser/WWW After 2/13 MS Update

[SensualPhoenixx]

Gentlemen,

I'm puzzling over an extreme slowness issue that started nearly parallel with the last MS Security Updates on 2/13. I have two PC's Networked through a Netgear router connected to ATT/Yahoo DSL. Mine is W2K SP4, my Fiancees is XP Home 2002 SP2. I don't let the kids touch mine, and my Fiancee has pretty much allowed them to make a game machine out of hers. I'm really not sure WHAT is causing this problem.

I DO know that on 2/13, following MS Security updates, I did the required reboot on my machine before I went to bed. It was sitting still at the login prompt when I needed to use it a day later. At that point, web browsing was PAINFULLY slow. This slowness is even more sluggish on my fiancee's PC, so I want to make sure that it is totally cleaned up first before moving onto mine.

I found out there was nearly 0 protection on the XP machine. I installed AVG 7.5, caught up the updates and scanned. There were 17 threats that were removed. I scanned again to ensure it was clean. I installed MS 3.1 Installer and updated Windows Defender. I installed Kerio Personal Firewall 2.1.4 and let it learn the major connections. I installed Proxomitron and set the proxy in Internet Explorer to localhost for port 8080. I tried disabling IE pop up block, and even phishing filter. When the slowness continued, I tried bypassing, then exiting Proxomitron.

We see this slowness on more busy websites, like Yahoo, or VerizonWireless.com, or even Microsoft.com. I'm really not sure where to start on this. I've attached the HTJ file for the XP machine. Could you please give me some direction?

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your HJT log shows you have a couple of infections.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go to add remove programme in your control panel and uninstall anything to do with(if there).

MyWebSearch

Close control panel.

Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SensualPhoenixx]

11 Steps are Done- Logs Attached

Thank you for the guidance on getting the Viruses and Malware eliminated. I've completed the 11 steps and am attaching the resulting logs. I'm nearly through with those same steps on MY PC and will be submitting that under a separate thread unless you tell me differently.

Still seeing some aggravating slowness in browser navigating. Just getting into this thread requires 2 or 3 tries to progress beyond just the TechSpot main logo and main link bar.

Please let me know what to do next.

 

[howard_hopkinso]

When you`re done following the instructions on your other pc, please post the results in this thread. Thanks.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Remote Procedure Call (RPC) Controller<Not to be confused with Remote procedure Call (RPC)< Note the missing Controller entry.

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

cvpss.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab

O23 - Service: Remote Procedure Call (RPC) Controller - Unknown owner - C:\WINDOWS\system32\cvpss.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\cvpss.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SensualPhoenixx]

HJT and AVG Anti-Spyware Report for MY PC (W2K)

Thank you again. I'll get crackin' on doing the steps you recommended for Her PC and let you know how it goes. In the meantime, here are the HJT and Anti-Spyware report. I'd appreciate your input on what direction I need to take for making sure the PC is clean.

 

[howard_hopkinso]

Can we just deal with one system at a time if that`s ok by you? Otherwise it`s going to get confusing and may make it harder work for the both of us.

Follow the instructions In my last post and post a fresh HJT log only.

Regards Howard

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SensualPhoenixx]

I understand, dealing with one system at a time is just fine. Sorry for the confusion. Be back to you shortly...

Hi, I followed your steps. Seems like I'm still having the same sluggishness opening web pages. Here is the latest HJT Log. Thanks for your help.

 

[howard_hopkinso]

Your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

Run the programme and click the click "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
* Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

Download and run the Blacklight programme. Follow all the instructions carefully.

Go HERE and follow the instructions for speeding up your system.

Let me know the results of the rootkit scans and if you`re still having any problems.

Regards Howard

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SensualPhoenixx]

Still Slow Browser Navigation and Program Execution

The AVG rootkit tool found one thing- it was supposedly something to do with HP Imaging. It was removed as per your instructions. Blacklight didn't find anything at all. I'm really scratching my head about this one. In case this did happen to be something with the actual internet connection as well as local program performance, is there a recommended connection analyzing program you recommend? I have WinMTR, but that is basically just doing repeated tracert commands. I will try to do some of the recommendations for speeding up PC performance. Thanks for your help.

 

[howard_hopkinso]

If you continue to experience slow browsing problems, I suggest you contact your ISP and see if they know of any problems in your area. If that doesn`t help. Start a new thread in our storage and networking forum.

As far as I can tell, your system is clean.

With that in mind, we can now start with cleaning the other system.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SensualPhoenixx]

Slow Computers 2: MY PC

I've done the preliminary cleanup steps for MY PC (W2K) and have attached the HJT log- please advise, and thanks for the help.

 

[howard_hopkinso]

You seem to have forgotten to attach an AVG Antispyware log. Please do so in your next reply.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [Yahoo! Pager] 1

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab

Click on the fix checked button.

Close HJT and reboot your system. Other than the above none dangerouse entries, your HJT log is clean.

Post an AVG Antispyware log and let me know if you`re having any problems.

Regards Howard

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[SensualPhoenixx]

Anti-Spyware Report for MY PC (W2K)

Hello Howard,

Thanks for all your skilled patience. Here is the Anti-Spyware report for MY PC. I got into online chat with my ISP (I think it was automated) and even though I was mildly annoyed by some of the suggestions that I'd already covered, I went ahead and tried the one where you disconnect the power to your dsl modem and router, wait 10 seconds, then power each one back on. I had to leave on errands right after that for about an hour, so either that action helped, or my chat session complaints reached a breathing person who fixed something by the time I got back home. Things are running normal again finally.

I don't think what you have helped with corrected the original issue, but it was certainly not a waste, was very educational, and helps to reaffirm the value of a secured structure (one need only compare the infestation on HER PC to the relative sterility of MY PC). Thanks so much for everything. Do you have any suggestions for where I might look to find even more value from this site?

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Do you have any suggestions for where I might look to find even more value from this site?

The sticky(READ) Threads at the top of each forum are very informative. You`ll find some really good info there.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of SensualPhoenixx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.