Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet connection slow [Solved]


  • This topic is locked This topic is locked

#16
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey, sorry for delay, I had been away for couple days.

So first of all, issue with slow internet browsing is still there.

When I returned to computer after MBAM finished, I noticed balloon popups appearing like this:

Posted Image

So I had looked in MBAM and found log file with more of these messages (attaching it too). I am not sure if it's normal, but something is making connections without even browser opened. Maybe could be source of the problem as connectivity is occupied with such hidden things. Anyway, I had to turn off MBAM after that, whole computer was way too slower than before.

 

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: ANDREA [administrator]

Protection: Enabled

9.12.2012 15:54:35
mbam-log-2012-12-09 (15-54-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186861
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

2012/12/09 15:50:47 +0100 ANDREA Admin MESSAGE Starting protection
2012/12/09 15:50:47 +0100 ANDREA Admin MESSAGE Protection started successfully
2012/12/09 15:50:47 +0100 ANDREA Admin MESSAGE Starting IP protection
2012/12/09 15:50:53 +0100 ANDREA Admin MESSAGE IP Protection started successfully
2012/12/09 15:50:56 +0100 ANDREA Admin MESSAGE Executing scheduled update: Daily
2012/12/09 15:53:04 +0100 ANDREA Admin MESSAGE Starting database refresh
2012/12/09 15:53:04 +0100 ANDREA Admin MESSAGE Stopping IP protection
2012/12/09 15:53:04 +0100 ANDREA Admin MESSAGE IP Protection stopped successfully
2012/12/09 15:53:11 +0100 ANDREA Admin MESSAGE Database refreshed successfully
2012/12/09 15:53:11 +0100 ANDREA Admin MESSAGE Starting IP protection
2012/12/09 15:53:26 +0100 ANDREA Admin MESSAGE IP Protection started successfully
2012/12/09 15:53:26 +0100 ANDREA Admin MESSAGE Starting database refresh
2012/12/09 15:53:26 +0100 ANDREA Admin MESSAGE Scheduled update executed successfully: database updated from version v2012.09.29.05 to version v2012.12.09.03
2012/12/09 15:53:26 +0100 ANDREA Admin MESSAGE Stopping IP protection
2012/12/09 15:53:26 +0100 ANDREA Admin MESSAGE IP Protection stopped successfully
2012/12/09 15:53:33 +0100 ANDREA Admin MESSAGE Database refreshed successfully
2012/12/09 15:53:33 +0100 ANDREA Admin MESSAGE Starting IP protection
2012/12/09 15:53:39 +0100 ANDREA Admin MESSAGE IP Protection started successfully
2012/12/09 15:53:52 +0100 ANDREA Admin MESSAGE Starting database refresh
2012/12/09 15:53:52 +0100 ANDREA Admin MESSAGE Stopping IP protection
2012/12/09 15:53:53 +0100 ANDREA Admin MESSAGE IP Protection stopped successfully
2012/12/09 15:54:00 +0100 ANDREA Admin MESSAGE Database refreshed successfully
2012/12/09 15:54:00 +0100 ANDREA Admin MESSAGE Starting IP protection
2012/12/09 15:54:07 +0100 ANDREA Admin MESSAGE IP Protection started successfully
2012/12/09 15:55:39 +0100 ANDREA Admin IP-BLOCK 222.65.84.187 (Type: incoming)
2012/12/09 15:55:40 +0100 ANDREA Admin IP-BLOCK 222.65.84.187 (Type: incoming)
2012/12/09 15:56:14 +0100 ANDREA Admin IP-BLOCK 222.76.95.3 (Type: outgoing)
2012/12/09 15:57:30 +0100 ANDREA Admin IP-BLOCK 89.28.42.219 (Type: incoming)
2012/12/09 15:59:49 +0100 ANDREA Admin IP-BLOCK 89.28.80.194 (Type: outgoing)
2012/12/09 16:01:34 +0100 ANDREA Admin IP-BLOCK 178.90.90.182 (Type: outgoing)
2012/12/09 16:02:15 +0100 ANDREA Admin IP-BLOCK 79.135.136.201 (Type: incoming)
2012/12/09 16:03:43 +0100 ANDREA Admin IP-BLOCK 89.28.123.66 (Type: outgoing)
2012/12/09 16:05:30 +0100 ANDREA Admin IP-BLOCK 222.69.2.34 (Type: outgoing)
2012/12/09 16:07:51 +0100 ANDREA Admin IP-BLOCK 89.28.124.76 (Type: outgoing)
2012/12/09 16:08:41 +0100 ANDREA Admin IP-BLOCK 194.44.234.230 (Type: incoming)
2012/12/09 16:13:34 +0100 ANDREA Admin IP-BLOCK 31.133.33.218 (Type: incoming)
2012/12/09 16:14:49 +0100 ANDREA Admin IP-BLOCK 89.28.80.194 (Type: outgoing)
2012/12/09 16:17:58 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:18:11 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:18:18 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:18:21 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:18:27 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:19:34 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:19:37 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:19:43 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:20:32 +0100 ANDREA Admin IP-BLOCK 213.186.115.241 (Type: outgoing)
2012/12/09 16:21:13 +0100 ANDREA Admin IP-BLOCK 89.28.120.4 (Type: outgoing)
2012/12/09 16:21:47 +0100 ANDREA Admin IP-BLOCK 78.26.179.10 (Type: outgoing)
2012/12/09 16:24:04 +0100 ANDREA Admin IP-BLOCK 89.28.18.228 (Type: outgoing)
2012/12/09 16:34:49 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:34:52 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:34:58 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:37:50 +0100 ANDREA Admin IP-BLOCK 58.241.131.204 (Type: outgoing)
2012/12/09 16:38:28 +0100 ANDREA Admin IP-BLOCK 85.234.174.243 (Type: incoming)
2012/12/09 16:39:59 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:40:02 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:40:08 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:41:47 +0100 ANDREA Admin IP-BLOCK 222.76.95.3 (Type: outgoing)
2012/12/09 16:46:03 +0100 ANDREA Admin IP-BLOCK 213.163.64.43 (Type: outgoing)
2012/12/09 16:51:05 +0100 ANDREA Admin IP-BLOCK 78.26.179.10 (Type: outgoing)
2012/12/09 16:52:57 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:53:00 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:53:06 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 16:53:12 +0100 ANDREA Admin IP-BLOCK 109.163.227.100 (Type: outgoing)
2012/12/09 16:56:47 +0100 ANDREA Admin IP-BLOCK 31.133.57.204 (Type: incoming)
2012/12/09 17:00:34 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 17:00:43 +0100 ANDREA Admin IP-BLOCK 31.133.57.204 (Type: incoming)
2012/12/09 17:00:50 +0100 ANDREA Admin IP-BLOCK 58.240.177.250 (Type: outgoing)
2012/12/09 17:00:51 +0100 ANDREA Admin IP-BLOCK 109.95.112.152 (Type: outgoing)


 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:04, on 9.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\WLTRYSVC.EXE
C:\WINXP\System32\bcmwltry.exe
C:\WINXP\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINXP\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
F:\Repair\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINXP\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1344340525578
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINXP\System32\WLTRYSVC.EXE

--
End of file - 5763 bytes

Edited by FredyC, 11 December 2012 - 10:51 AM.

  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Download Malwarebytes Anti-Rootkit from the link to the right. - http://www.malwareby.../products/mbar/
Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.
  • 0

#18
FredyC

FredyC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello. Unfortunately even this one didn't helped at all. It didn't found any threats. This is really tough nasty thing sitting on the laptop.

Girlfriend is going away together with laptop and will not be back till Monday. So I will not be able to run any tools till then.

She is also kind a desperate and wants to reinstall that computer rather than trying to solve it. So unless you have more magic in your sleeves, it will probably end up there.
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
At this point that may be the fastest way to get it back to normal
  • 0

#20
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP