Homepage takes 20 minutes+ to load

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by matrixtna, Jan 28, 2005.

  1. matrixtna

    matrixtna Private E-2

    Hi, My friend asked me to do some maintenance on his laptop because it takes 20 Minutes+ for his homepage to load (http://start.earthlink.net/). He has DSL at 54 MBPS on a wireless card so it was never this slow (never slow at all)

    He also receives many popups not relating to the site (obviously spyware) I have already done the Sticky Basic Spyware removal twice and still no luck. Also when I try to install any Norton Internet Security(2004,2005) it either freezes or nothing happens when you click install on the autoplay screen.

    Should I just post a HJT log since i have already done the Basic Spyware removal?
     
    matrixtna, Jan 28, 2005
    #1
  2. matrixtna

    matrixtna Private E-2

    I NEED HELP!! I have used the Spyware removal guide but still vastly INFECTED

    bump (sorry but i need this answered by Sunday)
     
    matrixtna, Jan 28, 2005
    #2
  3. TheOldThug

    TheOldThug First Sergeant

    IF you have run through the tutorial PP and Chaslang would probably then ask you to do the following:

    After doing ALL of the TUTORIAL if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

    TheOldThug
     
    TheOldThug, Jan 28, 2005
    #3
  4. matrixtna

    matrixtna Private E-2

    Okay i have attached my HJT Log
     

    Attached Files:

    matrixtna, Jan 28, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should already know that leaving the below running when using HJT is a NO NO!

    C:\Program Files\Internet Explorer\iexplore.exe
     
    chaslang, Jan 28, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Disable Spybot's Teatimer function.

    To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer. Now quit Spybot!


    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [cosine] cosine.exe
    O4 - HKLM\..\RunServices: [cosine] cosine.exe
    O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\Windows\System32\cosine.exe or C:\Windows\cosine.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.


    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jan 28, 2005
    #6
  7. matrixtna

    matrixtna Private E-2

    Okay, i did everything in your post except when i went looking for cosine.exe in the locations you specified it was not there.

    Anyway here is the updated log
     

    Attached Files:

    matrixtna, Jan 28, 2005
    #7
  8. matrixtna

    matrixtna Private E-2

    bump cmn chaslang where are you???
     
    matrixtna, Jan 28, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Patience is a virtue!

    Why did you start deleting all the Symantec programs?
    Notice all the services with missing files:
    O23 - Service: Symantec Event Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Password Validation - Unknown - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
    O23 - Service: Symantec Settings Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
    O23 - Service: Symantec Network Drivers Service - Unknown - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

    These were okay before.
     
    chaslang, Jan 28, 2005
    #9
  10. matrixtna

    matrixtna Private E-2

    I deleted them because I dont have any symantec products installed on this laptop. I didnt remove them with HJT, Those were left over from the uninstallation of NIS 2004, I am trying to install NIS 2005.

    But other than that is it all good chaslang?

    Yea i just tryed installing NIS 2005 and its doesnt work.
    once i click install on the autoplay screen, it does nothing (the auto play screen goes away and the setup never loads)
     
    Last edited: Jan 28, 2005
    matrixtna, Jan 28, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should probably finish cleaning up all the stuff left over first! You have all of this still showing:

    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O23 - Service: Symantec Event Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Password Validation - Unknown - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
    O23 - Service: Symantec Settings Manager - Unknown - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
    O23 - Service: Symantec Network Drivers Service - Unknown - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

    If you are not having anymore issues with malware, software issues (like installation) belong in the Software Forum.
     
    chaslang, Jan 28, 2005
    #11
  12. matrixtna

    matrixtna Private E-2

    Well you see, Spyware or some junk like that is causing me to not be able to install

    Question can you install a program in safe mode?
     
    matrixtna, Jan 28, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Possibly!

    I still don't know if you have a malware problem.
     
    chaslang, Jan 28, 2005
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds