System running slow - spyware ??

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Marko, Feb 18, 2005.

  1. Marko

    Marko Private E-2

    Hey Guys,

    Need some help here. I went through your recommended pre-HJT suggestions.
    Nothing really stood out. I am experiencing a slow computer and cannot pinpoint a specific virus/trojan/spyware. Need your help. All scans came up clean. I ran HTJ and see some things that may be suspect. But, I am coming to you guys (the experts) for help. I have attached my HJT log for your review. All scans were done with system restore off, and viewing of all hiden files. I leave it up to you.

    Thanks in advance,
    Marko
     

    Attached Files:

    Marko, Feb 18, 2005
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please Update to Hijack This 1.99.1 and post a new HJT log with the new version, after you have completed the stickies!

    Please note that Hijack This is NOT the first step. Before we procede please follow ALL the steps in this Sticky thread

    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    bjgarrick, Feb 18, 2005
    #2
  3. Marko

    Marko Private E-2

    I did all the requested pre HJT scans. They were all updated b/4 scanning.
    Programs run.

    Trend micro free online scan
    Symantec security check - waste of time ??
    Avert
    CCleaner
    Adware with VX2
    Spybot with DSO patch.

    Online problem was not updating to new HJT 1.99.1

    I did use an attachment for my HJT log...

    Thanks
     

    Attached Files:

    Marko, Feb 19, 2005
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Lets go ahead and do another scan with HijackThis and Check the Boxes for the following:

    Again, make sure All Browser Windows are Closed when you Click FIX.


    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll

    O16 - DPF: {0A891521-685E-4B6D-A9FD-759BB2CD6A66} (SecureImage Control) - http://www.psbwebsurveys.com/secure/SecureImage.cab

    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab






    Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:



    C:\WINDOWS\SYSTEM32\igfxsrvc.dll



    NEXT: Download the following programs.


    CCleaner

    SpyBot S&D



    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.


    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin

    And Click OK.

    Reboot to Normal Windows and Scan with HijackThis and attach that log.
    Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

    Good Luck!:)
     
    bjgarrick, Feb 19, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds