Jump to content

dip12

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dip12
    Merged post Hi, Since last night, my Internet Explorer has becom extremely slow. The rest of my system so far sees unaffected, ping and download times ae normal. Browsing is the onl thing that has become a crawl. I can open Internet Explorer (ver8) just fine and it opens as quickly as usal. The moment I press Enter on an URL or pick a webpage from my history, it takes about a full minute for anything to happen in the status bar during which time the browser is unresponsive. Once it has "connected" to the webpage, it then takes extremely long to load and even when it has mostly finished loading it then stalls again and takes is time. Clicking any link on the webpage or going to another page or using a separate window or tab results in the exact same sloth again. Even the autosave as I type this message slows it enough to swallow every 9th character. The other notable thing is that if I rightclick any link to bring up the context menu, it takes about 4-6 seconds for it to appear during which time Internet Explorer stalls too. I've run several scans with MBAM, AVG, Panda, Bitdefender and have installed TM's Browser Guard, all to no avail. HiJackThis log also seems to not pick up anything strange. Now as for when this happened last night: I was browsing onto rlslog.net and about a few seconds into page load, the browser stalled and download/installed something (felt like it). Then I got a security popup saying "do you want to allow XXX.info access to your computer"? or somesuch, where XXX was some strange address called nvigporta or something like that. I clicked No, but my browser was aleady slowed since then. I checked Task Manager and java.exe was running whic normally doesn't happen, suggesting it was some bad java which may have infected me? Since the, trying to access the offending webpage has resulted in it not loading but asking whether I was to download a file called rlslog_net instead, which suggests maybe the site got hacked? As for what I have done so far besides scanning: Reset IE settings via advanced tab Cleared all IE history Cleared Temp folder Upgraded from Java 6-27 to 7-04 making sure 6-27 and legacy is all removed using Revo Uninstaller. Please, please help me fix this, it is driving me nuts. Sorry this time with dds and attach files as well. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1 Run by Igor at 20:01:36 on 2012-05-08 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1363 [GMT 1:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Programme\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programme\Intel\WiFi\bin\WLKeeper.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Trend Micro\Browser Guard\BGUI.exe C:\Programme\Trend Micro\Browser Guard\tmiegsrv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyServer = 69.39.2.29:8080 BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adblock IE: {667bee43-20bd-4ce3-94ac-e63e04d4b191} - c:\programme\mgtek\adblock ie\adblockie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\programme\trend micro\browser guard\TMAMS.dll TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\programme\trend micro\browser guard\tmieg.dll TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [synTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [intelZeroConfig] "c:\programme\intel\wifi\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\programme\gemeinsame dateien\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes\mbamgui.exe" /starttray mRun: [Trend Micro Browser Guard] "c:\programme\trend micro\browser guard\BGUI.EXE" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} Trusted Zone: visaforchina.org.uk\www DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261738854093 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257280810375 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://icisremote.ad.ic.ac.uk/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{7B55F1B9-B351-4207-952D-62A8F8A32998} : DhcpNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255);c:\windows\system32\drivers\NEOFLTR_650_15255.SYS [2010-7-12 85360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-19 22344] R3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S1 SAVRKBootTasks;Boot Tasks Driver;\??\c:\windows\system32\savrkboottasks.sys --> c:\windows\system32\SAVRKBootTasks.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\programme\malwarebytes\mbamservice.exe [2010-2-19 654408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 253088] S3 dugb.sys;dugb.sys;\??\c:\windows\system32\drivers\dugb.sys --> c:\windows\system32\drivers\dugb.sys [?] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-5-19 9728] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\e2.tmp --> c:\windows\system32\E2.tmp [?] S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2011-11-15 1052480] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?] S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-5-19 114688] S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] . =============== Created Last 30 ================ . 2012-05-08 18:18:15 -------- d-----w- c:\dokumente und einstellungen\igor\lokale einstellungen\anwendungsdaten\Browser Guard 2012-05-08 18:18:11 -------- d-----w- c:\programme\Trend Micro 2012-05-08 18:14:14 388096 ----a-r- c:\dokumente und einstellungen\igor\anwendungsdaten\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-05-08 01:09:04 -------- d-----w- c:\dokumente und einstellungen\igor\lokale einstellungen\anwendungsdaten\MGTEK 2012-05-08 01:09:00 -------- d-----w- c:\programme\MGTEK 2012-05-08 01:08:46 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\MGTEK 2012-05-08 00:53:03 -------- d-----w- c:\programme\Oracle 2012-05-08 00:41:37 -------- d-----w- c:\programme\VS Revo Group 2012-05-07 23:17:54 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-04-21 11:49:32 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Battle.net 2012-04-18 14:42:52 -------- d-----w- c:\programme\Microsoft 2012-04-18 12:57:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-18 12:57:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 17:47:36 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-04 17:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 11:00:09 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00:08 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:09:48 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:09:48 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 20:02:22.54 =============== Forgot to mention, after the permissions incident, going to another webpage (google) caused my laptop to lock up completely with everything unresponsive. Had to switch it off. hijackthis.log dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.