Internet Explorer 6.0 loads pages slowly after removal of Trojans and tracking cookies

Hi Everyone;

        Recently, I have removed various forms of malware including various variants of Win32 Trojans along with tracking cookies from my main pc.  The tools used to accomplish this included SpyBot Search and Destroy, AVG 7.5, AVEST, SuperAntiSpyware, and HiJack This.  Before using these tools, I could not get any page to actually load.  Now, the pages are loading, but, very slowly.  With this in mind, can anyone give me some suggestions for getting the speed back on Internet Explorer 6.0?  I assume that the malware may have gone in and actually changed the configuration of the browswer itself, thus, explaining the lag time in loading pages.  However, this is conjecture on my part.  

          Any shared advise and/or resourceful links to getting Internet Explorer 6.0 to start loading pages faster will greatly be appreciated.  The OS in this situation is Windows XP Pro SP2.  The ISP is AT & T Broadband DSL.  

          If further information is needed, please feel free to let me know.  In the meantime, I will look forward to hearing from everyone.

          Thank you

          George
GMartinAsked:
Who is Participating?
 
IndiGenusConnect With a Mentor Commented:
These 2 items are nasty backdoor bots.

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: Window Domain Services (windowndns) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe

SDFix should get them.

Please download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.

A text file should automatically open,
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Please also upload a fresh HijackThis log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Also, on a side note, you need to get an AV on here ASAP.
0
 
IndiGenusCommented:
Can you post the most recent HijackThis log you have.
0
 
GMartinAuthor Commented:
Hi

        Please find attached the latest HiJack This file for purposes of evaluation and troubleshooting.  I hope this helps.

          Thank you in advance for your willingness to look it over.

           George
012908.txt
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
GMartinAuthor Commented:
Hi There;

         Please find attached a copy of the SDFix log file for purposes of evaluation and troubleshooting.

         Thank you.

         George

 
       
Report.txt
0
 
GMartinAuthor Commented:
Hi

        In addition, please find attached a new HiJackThis log file.  

        Thanks again for assisting me with cleaning up the malware on this pc.  Incidentally, what AV program do you recommend?  Since there are so many of them out there, it is hard to pick the best one.  

         Thanks again.. I will look forward to hearing reviewing further suggestions.

         George
013008.txt
0
 
IndiGenusCommented:
Hi George,

Can you post a new HijackThis log also please.

Thanks,
Dave
0
 
IndiGenusCommented:
Ooops...beat me to it...
0
 
IndiGenusConnect With a Mentor Commented:
Better...

Download and Run ComboFix (by sUBs) You must run it directly from your Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.  

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
or
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.
0
 
GMartinAuthor Commented:
Hi;

       Please find attached the ComboFix Log File.  

       Thank you

       George
ComboFix.txt
0
 
GMartinAuthor Commented:
Hi

       Please find attached a new HiJackThis Log File following the successful completion of ComboFix.

       Thank you

       George
New-HiJackThis-Log.txt
0
 
IndiGenusCommented:
Hi George,

Before I post any thing a question, or 2. Where did you get the AnyDVD and Slysoft programs from? Are they from legit. sources?
0
 
GMartinAuthor Commented:
Hi

        Well, I am not totally sure since I am not the only one who uses this pc.  I really do not need this programs.  If you think it will help, I can uninstall them.

         Thank you

        George
0
 
GMartinAuthor Commented:
Hi

        I just looked in my Add/Remove Programs list and I do not see these applications.  Could you provide instructions for removing any remaining entries to these programs?  I really do not want them on the pc if they are malware and causing issues.

        Thank you

        George
0
 
GMartinAuthor Commented:
Hi Everyone;

          I believe the main pc is performing better.  However, if there are still some loose ends which need further attention, I am certainly interested in providing proper closure to this question.  

          Thank you

         George
0
 
IndiGenusCommented:
OK George give me a few minutes and I'll post a cleanup script.
0
 
GMartinAuthor Commented:
Wonderful!!!  Thank you so much... You certainly have  been very helpful so far.  Your help is so deeply appreciated.

      George
0
 
IndiGenusConnect With a Mentor Commented:
1. Open Notepad.

2. Now copy/paste the text between the lines below into the Notepad window:

---------------------------------------------------------------------------------------------------------------

File::
C:\WINDOWS\system32\drivers\drtya
C:\WINDOWS\S0ABDCD21.tmp

Folder::
C:\Recycle
C:\Documents and Settings\All Users\Application Data\SlySoft
C:\Program Files\SlySoft
C:\Program Files\DVD Clone Factory

Driver::
Audios

---------------------------------------------------------------------------------------------------------------

3. Save the above as CFScript.txt on your desktop.

4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please upload the following reports/logs.

-Combofix.txt
-A new HijackThis log
0
 
GMartinAuthor Commented:
Hi

        Please find attached a new ComboFix text log file.

        Thank you

         George

       
       
ComboFix.txt
0
 
GMartinAuthor Commented:
Hi

         Additionally, please find attached a new HiJackThis log file.

        Thank you

        George
New-HiJackThisLog2.txt
0
 
GMartinAuthor Commented:
Hi

       I need to go into work for a few hours.  I will follow by up on this post tomorrow afternoon if that is agreeable with you.  From everything discussed and done so far, I realize you have put a lot of time and thought into this thread.  And for that, I certainly deeply appreciate all of your efforts.

       In closing, I will look forward to reviewing any more suggestions you have.  And, once again, many thanks for everything you are doing here.

      George
0
 
IndiGenusConnect With a Mentor Commented:
Looks clean. How's it running?

Next you need to get Antivirus software here. Install, update, and run a full system scan. There are a couple of good free-for-home-use ones like AVG and Avast (just google them).
0
 
GMartinAuthor Commented:
Hi There;

        I just got back in from work.  Tomorrow evening, I plan on surfing the internet on the main computer and see what happens.  I am optimistic everything is much better.

        I will post back tomorrow evening regarding the outcome.  Many thanks once again for sharing your insights and expertise into this pc concern.

        George
0
 
GMartinAuthor Commented:
Hi There;

         I am very happy to report this problem is resolved thanks to your professional guidance.  All pages within Internet Explorer load fast now without any unnecessary delay.  The only exception was Middle Tennessee State University's home page (e.g. http://www.mtsu.edu) this morning.   Since this was the only page which showed any kind of delay in loading, we believe it had something to do with their network possibly being busy or being flooded by visitors.  

          In any case, I sincerely thank you for getting me through this.  You certainly have an indepth understanding of what it takes to remove malware.  Not only did you give me the title of the tools needs along with their respective download links, but, you also gave the necessary steps for using them as well.  Your instructions were easy to follow and understand.  It was almost like having you here with me resolving this issue.  

           Once again, many thanks for being so helpful and patient with me.  I don't think I could had gotten through this without your guidance.  

            Great job!!!

            George
0
 
IndiGenusCommented:
Your welcome George, and good luck to you in the future.

Regards,
Dave
0
All Courses

From novice to tech pro — start learning today.