Sign In
Create Account
0
This topic is locked
Hi,
Since last night, my Internet Explorer has becom extremely slow.
The rest of my system so far sees unaffected, ping and download times ae normal. Browsing is the onl thing that has become a crawl.
I can open Internet Explorer (ver8) just fine and it opens as quickly as usal. The moment I press Enter on an URL or pick a webpage from my history, it takes about a full minute for anything to happen in the status bar during which time the browser is unresponsive. Once it has "connected" to the webpage, it then takes extremely long to load and even when it has mostly finished loading it then stalls again and takes is time. Clicking any link on the webpage or going to another page or using a separate window or tab results in the exact same sloth again.
Even the autosave as I type this message slows it enough to swallow every 9th character.
The other notable thing is that if I rightclick any link to bring up the context menu, it takes about 4-6 seconds for it to appear during which time Internet Explorer stalls too.
I've run several scans with MBAM, AVG, Panda, Bitdefender and have installed TM's Browser Guard, all to no avail.
HiJackThis log also seems to not pick up anything strange.
Now as for when this happened last night:
I was browsing onto rlslog.net and about a few seconds into page load, the browser stalled and download/installed something (felt like it). Then I got a security popup saying "do you want to allow XXX.info access to your computer"? or somesuch, where XXX was some strange address called nvigporta or something like that. I clicked No, but my browser was aleady slowed since then. I checked Task Manager and java.exe was running whic normally doesn't happen, suggesting it was some bad java which may have infected me?
Since the, trying to access the offending webpage has resulted in it not loading but asking whether I was to download a file called rlslog_net instead, which suggests maybe the site got hacked?
As for what I have done so far besides scanning:
Reset IE settings via advanced tab
Cleared all IE history
Cleared Temp folder
Upgraded from Java 6-27 to 7-04 making sure 6-27 and legacy is all removed using Revo Uninstaller.
Please, please help me fix this, it is driving me nuts.
Sorry this time with dds and attach files as well.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Igor at 20:01:36 on 2012-05-08
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1363 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Programme\Intel\WiFi\bin\WLKeeper.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\Browser Guard\BGUI.exe
C:\Programme\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 69.39.2.29:8080
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adblock IE: {667bee43-20bd-4ce3-94ac-e63e04d4b191} - c:\programme\mgtek\adblock ie\adblockie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\programme\trend micro\browser guard\TMAMS.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\programme\trend micro\browser guard\tmieg.dll
TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelZeroConfig] "c:\programme\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\programme\gemeinsame dateien\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes\mbamgui.exe" /starttray
mRun: [Trend Micro Browser Guard] "c:\programme\trend micro\browser guard\BGUI.EXE"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
Trusted Zone: visaforchina.org.uk\www
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261738854093
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257280810375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://icisremote.ad.ic.ac.uk/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7B55F1B9-B351-4207-952D-62A8F8A32998} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255);c:\windows\system32\drivers\NEOFLTR_650_15255.SYS [2010-7-12 85360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-19 22344]
R3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S1 SAVRKBootTasks;Boot Tasks Driver;\??\c:\windows\system32\savrkboottasks.sys --> c:\windows\system32\SAVRKBootTasks.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\programme\malwarebytes\mbamservice.exe [2010-2-19 654408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 253088]
S3 dugb.sys;dugb.sys;\??\c:\windows\system32\drivers\dugb.sys --> c:\windows\system32\drivers\dugb.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-5-19 9728]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\e2.tmp --> c:\windows\system32\E2.tmp [?]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2011-11-15 1052480]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-5-19 114688]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
2012-05-08 18:18:15 -------- d-----w- c:\dokumente und einstellungen\igor\lokale einstellungen\anwendungsdaten\Browser Guard
2012-05-08 18:18:11 -------- d-----w- c:\programme\Trend Micro
2012-05-08 18:14:14 388096 ----a-r- c:\dokumente und einstellungen\igor\anwendungsdaten\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-08 01:09:04 -------- d-----w- c:\dokumente und einstellungen\igor\lokale einstellungen\anwendungsdaten\MGTEK
2012-05-08 01:09:00 -------- d-----w- c:\programme\MGTEK
2012-05-08 01:08:46 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\MGTEK
2012-05-08 00:53:03 -------- d-----w- c:\programme\Oracle
2012-05-08 00:41:37 -------- d-----w- c:\programme\VS Revo Group
2012-05-07 23:17:54 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-21 11:49:32 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Battle.net
2012-04-18 14:42:52 -------- d-----w- c:\programme\Microsoft
2012-04-18 12:57:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-18 12:57:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 17:47:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 17:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00:09 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09:48 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09:48 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:02:22.54 ===============
Forgot to mention, after the permissions incident, going to another webpage (google) caused my laptop to lock up completely with everything unresponsive. Had to switch it off.
Attached Files
-
hijackthis.log 6.83K
3 downloads
-
dds.txt 9.16K
6 downloads
-
attach.txt 10.02K
4 downloads
Back to top
