Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 dsounG

dsounG

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 27 December 2008 - 02:35 AM

I was told to ask for help here so here's my problem...


Okay, so here's the problem. A couple weeks ago I got the new iPod Nano which required me to have Windows XP SP2 and at that time I only had SP1(which was working fine btw), so I updated my computer, installed iTunes blah blah blah. Okay, so now that I have that done, I open up my task manager and I see that I have a virus which I removed before the update was done...I removed it once again well...at least I thought I did., then I open up my Firefox and try to browse around but it becomes VERY slow. When I say slow I mean just hanging for about 30 seconds then going back to normal...then hanging once again. So I'm like wtf? I try to Google for some help but I don't know exactly what the problem is, so I try using IE Explorer. It worked fine for about a day then after awhile...same problem.

I recently download Google Chrome and tried to see if it would work fine for me, but turns out that becomes pretty slow for me also. I don't know if it has to do with Flash, Java or anything because this site works fine for me on Firefox. I would do a system restore back to the checkpoint where I updated my computer but that would result in me losing all my songs for my iTunes. It's getting pretty damn annoying.

For my anti-virus protectors, I use BitDefender and Spyware Doctor. I also use MalwareBytes for a scanner also.

Anyone have a solution?

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2008 - 04:49 AM

Hi,

please do a full scan with MBAM, and post that logfile in your next reply. :thumbsup:

#3 dsounG

dsounG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 27 December 2008 - 11:51 PM

Malwarebytes' Anti-Malware 1.20
Database version: 950
Windows 5.1.2600 Service Pack 2

10:47:46 PM 12/27/2008
mbam-log-12-27-2008 (22-47-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124629
Time elapsed: 7 hour(s), 56 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2008 - 07:27 AM

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#5 dsounG

dsounG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 29 December 2008 - 01:16 PM

The scanner keeps stopping at the 3 Hour mark.

I'll try to get this log to you as soon as possible.

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 December 2008 - 01:29 PM

Ok. :thumbsup: Try to restart, nd try Kaspersky again.

If it won't do it, say it, we have alternatives. :flowers:

#7 dsounG

dsounG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 30 December 2008 - 12:23 PM

Can you give me some alternatives?

Kaspersky seems to stop at random times.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 December 2008 - 12:26 PM

Hi,

Download: zoek.exe
Run it, and there will open a logfile.
Post the contents of that logfile in your next reply. :thumbsup:

Edited by superbird, 30 December 2008 - 12:26 PM.


#9 dsounG

dsounG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 30 December 2008 - 10:24 PM

Hmm, for some odd reason, that won't download on my computer. Orrrr, it won't extract properly.

Got anything else?

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 December 2008 - 11:36 AM

Hi,

Which error do you get?
If it really won't, try to rename it to something like 1234.exe. :thumbsup:

Happy newyear.

#11 dsounG

dsounG
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 31 December 2008 - 12:56 PM

Okay I got it...I think.

======C:\WINDOWS====
----a-w 0 2008-12-31 03:30:24 C:\WINDOWS\0.log
----atw 0 2008-11-23 19:53:27 C:\WINDOWS\003015_.tmp
--s-a-w 2,048 2008-12-31 03:28:47 C:\WINDOWS\bootstat.dat
----a-w 116 2008-12-31 17:46:31 C:\WINDOWS\NeroDigital.ini
----a-w 1,409 2008-11-23 20:48:38 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-11-24 02:15:51 C:\WINDOWS\QTFont.qfn
----a-w 32,516 2008-12-31 03:27:52 C:\WINDOWS\SchedLgU.Txt
----a-w 1,133,273 2008-11-23 20:24:22 C:\WINDOWS\setupapi.log.1.old
--sha-w 9,216 2008-10-27 00:46:13 C:\WINDOWS\Thumbs.db
----a-w 159 2008-12-31 03:29:17 C:\WINDOWS\wiadebug.log
----a-w 50 2008-12-31 03:29:16 C:\WINDOWS\wiaservc.log
----a-w 814 2008-12-31 17:06:08 C:\WINDOWS\win.ini
----a-w 1,984,128 2008-12-31 16:32:36 C:\WINDOWS\WindowsUpdate.log
----a-w 316,640 2008-11-23 20:49:19 C:\WINDOWS\WMSysPr9.prx

Entries: 14 (11)
Directories: 0 Files: 14
Bytes: 3,534,525 Blocks: 6,909
======C:\WINDOWS\system32=====
----a-w 81,984 2008-12-31 17:51:36 C:\WINDOWS\System32\bdod.bin
----a-w 1,023,488 2008-10-16 10:37:04 C:\WINDOWS\System32\browseui.dll
----a-w 151,040 2008-10-16 10:37:02 C:\WINDOWS\System32\cdfview.dll
----a-w 92,696 2008-10-16 20:09:44 C:\WINDOWS\System32\cdm.dll
----a-w 1,054,208 2008-10-16 10:37:02 C:\WINDOWS\System32\danim.dll
----a-w 410,984 2008-12-25 03:43:51 C:\WINDOWS\System32\deploytk.dll
----a-w 87,336 2008-08-29 16:18:58 C:\WINDOWS\System32\dns-sd.exe
----a-w 61,440 2008-08-29 15:53:50 C:\WINDOWS\System32\dnssd.dll
----a-w 357,888 2008-10-16 10:37:02 C:\WINDOWS\System32\dxtmsft.dll
----a-w 205,312 2008-10-16 10:37:02 C:\WINDOWS\System32\dxtrans.dll
------w 55,808 2008-10-16 10:37:02 C:\WINDOWS\System32\extmgr.dll
----a-w 202,528 2008-11-24 23:46:09 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 283,648 2008-10-23 13:01:36 C:\WINDOWS\System32\gdi32.dll
----a-w 14 2008-12-31 17:06:07 C:\WINDOWS\System32\getfile.dat
----a-w 251,392 2008-10-16 10:37:02 C:\WINDOWS\System32\iepeers.dll
----a-w 96,256 2008-10-16 10:37:02 C:\WINDOWS\System32\inseng.dll
----a-w 144,792 2008-12-25 03:43:51 C:\WINDOWS\System32\java.exe
----a-w 73,728 2008-12-25 03:43:51 C:\WINDOWS\System32\javacpl.cpl
----a-w 144,792 2008-12-25 03:43:51 C:\WINDOWS\System32\javaw.exe
----a-w 148,888 2008-12-25 03:43:51 C:\WINDOWS\System32\javaws.exe
----a-w 16,384 2008-10-16 10:37:03 C:\WINDOWS\System32\jsproxy.dll
----a-w 6,587 2008-12-09 22:25:00 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log
----a-w 17,593,280 2008-12-02 21:26:30 C:\WINDOWS\System32\MRT.exe
----a-w 3,060,224 2008-12-12 17:33:23 C:\WINDOWS\System32\mshtml.dll
----a-w 449,024 2008-10-16 10:37:03 C:\WINDOWS\System32\mshtmled.dll
----a-w 146,432 2008-10-16 10:37:02 C:\WINDOWS\System32\msrating.dll
----a-w 532,480 2008-10-16 10:37:02 C:\WINDOWS\System32\mstime.dll
----a-w 1,106,944 2008-09-04 16:42:02 C:\WINDOWS\System32\msxml3.dll
----a-w 1,286,152 2008-09-30 22:43:34 C:\WINDOWS\System32\msxml4.dll
----a-w 332,800 2008-10-15 16:57:55 C:\WINDOWS\System32\netapi32.dll
----a-w 60,942 2008-11-23 21:24:05 C:\WINDOWS\System32\perfc009.dat
----a-w 398,326 2008-11-23 21:24:06 C:\WINDOWS\System32\perfh009.dat
----a-w 467,104 2008-11-23 21:23:59 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 39,424 2008-10-16 10:37:02 C:\WINDOWS\System32\pngfilt.dll
----a-w 57,344 2008-11-04 16:30:54 C:\WINDOWS\System32\QuickTime.qts
----a-w 90,112 2008-11-04 16:30:54 C:\WINDOWS\System32\QuickTimeVR.qtx
----a-w 1,494,528 2008-10-16 10:37:03 C:\WINDOWS\System32\shdocvw.dll
----a-w 474,112 2008-10-16 10:37:03 C:\WINDOWS\System32\shlwapi.dll
----a-w 269 2008-11-23 20:45:36 C:\WINDOWS\System32\spupdwxp.log
----a-w 247,326 2008-10-03 10:15:47 C:\WINDOWS\System32\strmdll.dll
------w 62,976 2008-10-22 09:47:07 C:\WINDOWS\System32\tzchange.exe
----a-w 435,838 2008-12-10 01:19:11 C:\WINDOWS\System32\TZLog.log
----a-w 615,936 2008-10-16 10:37:04 C:\WINDOWS\System32\urlmon.dll
----a-w 1,846,016 2008-09-15 11:57:41 C:\WINDOWS\System32\win32k.sys
----a-w 659,456 2008-10-16 10:37:03 C:\WINDOWS\System32\wininet.dll
----a-w 2,206 2008-12-22 03:08:26 C:\WINDOWS\System32\wpa.dbl
----a-w 561,688 2008-10-16 20:12:20 C:\WINDOWS\System32\wuapi.dll
----a-w 23,576 2008-10-16 20:07:44 C:\WINDOWS\System32\wuapi.dll.mui
----a-w 51,224 2008-10-16 20:09:44 C:\WINDOWS\System32\wuauclt.exe
----a-w 213,528 2008-10-16 20:12:20 C:\WINDOWS\System32\wuaucpl.cpl
----a-w 23,576 2008-10-16 20:07:46 C:\WINDOWS\System32\wuaucpl.cpl.mui
----a-w 1,809,944 2008-10-16 20:13:40 C:\WINDOWS\System32\wuaueng.dll
----a-w 18,456 2008-10-16 20:07:14 C:\WINDOWS\System32\wuaueng.dll.mui
----a-w 323,608 2008-10-16 20:12:22 C:\WINDOWS\System32\wucltui.dll
----a-w 31,768 2008-10-16 20:09:40 C:\WINDOWS\System32\wucltui.dll.mui
----a-w 34,328 2008-10-16 20:08:58 C:\WINDOWS\System32\wups.dll
----a-w 43,544 2008-10-16 20:09:44 C:\WINDOWS\System32\wups2.dll
----a-w 202,776 2008-10-16 20:13:40 C:\WINDOWS\System32\wuweb.dll
----a-w 351,744 2008-10-15 14:00:41 C:\WINDOWS\System32\xpsp3res.dll

Entries: 59 (59)
Directories: 0 Files: 59
Bytes: 40,100,204 Blocks: 78,343
======C:\WINDOWS\system32\drivers=====
----a-w 453,632 2008-10-24 11:10:42 C:\WINDOWS\System32\drivers\mrxsmb.sys
----a-w 333,056 2008-08-28 10:04:17 C:\WINDOWS\System32\drivers\srv.sys
----a-w 32,000 2008-11-07 20:23:30 C:\WINDOWS\System32\drivers\usbaapl.sys

Entries: 3 (3)
Directories: 0 Files: 3
Bytes: 818,688 Blocks: 1,600
======C:\WINDOWS\Tasks======
---ha-w 282 2008-12-31 17:00:00 C:\WINDOWS\Tasks\AAE2196C91DD8E58.job
----a-w 284 2008-12-31 13:20:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
----a-w 1,228 2008-12-31 06:12:27 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-2049760794-682003330-1004.job
---ha-w 6 2008-12-31 03:28:50 C:\WINDOWS\Tasks\SA.DAT
----a-w 362 2008-12-30 09:00:06 C:\WINDOWS\Tasks\XoftSpySE.job

Entries: 5 (3)
Directories: 0 Files: 5
Bytes: 2,162 Blocks: 7
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
--sha-r 211 2008-11-23 20:23:07 C:\boot.ini
--sha-r 47,564 2008-11-23 20:16:45 C:\NTDETECT.COM
--sha-w 792,723,456 2008-12-31 03:28:46 C:\pagefile.sys
---ha-w 268 2008-11-04 00:46:57 C:\sqmdata05.sqm
---ha-w 244 2008-11-04 00:46:57 C:\sqmnoopt05.sqm
----a-w 0 2008-12-26 05:45:20 C:\Tech_Vista.log

Entries: 6 (1)
Directories: 0 Files: 6
Bytes: 792,771,743 Blocks: 1,548,384
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
----a-w 12,058,624 2008-12-31 03:27:37 C:\Documents and Settings\Manny & Darin\ntuser.dat
---ha-w 32,768 2008-12-31 17:55:38 C:\Documents and Settings\Manny & Darin\ntuser.dat.LOG
--sh--w 178 2008-12-31 03:27:38 C:\Documents and Settings\Manny & Darin\ntuser.ini

Entries: 3 (1)
Directories: 0 Files: 3
Bytes: 12,091,570 Blocks: 23,617
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 December 2008 - 02:07 PM

Hi,

I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Also, inlcude a link to this topic, so your helper can see what already has been done.

Good luck. :thumbsup:

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,207 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:12 AM

Posted 02 January 2009 - 12:01 AM

Hello dsounG,

Now that you have posted your log here: http://www.bleepingcomputer.com/forums/t/191348/browser-problems/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users