IE takes 20 minutes to load websites

[mstritt4302]

It takes 20 minutes for IE browser to load website. Once the site loads, IE works. But, if I click on a link that opens a new browser window, it takes another 20 minutes. Each new browser window opened takes 20 minutes. I am able to work in Netscape & Firefox without this problem.

Panda Antirootkit found no rootkits (5529 items scanned).

3 logs attached (combofix, HJT & AVG Antispyware)

Thanks,
Mike

 

[Rik]

You have a trojan keylogger on there. It's only purpose is to steal personal information.You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Let me know your decision.



This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

Hi Rik,

I would like to clean it. Could the keylogger be a program installed on my computer by my company's IT group? Would this cause my problem with IE taking so long to load?


Thanks,
Mike

 

[howard_hopkinso]

Hello and welcome to Techspot.

It looks to me like your system is infected with a possible awf trojan.

Please do the following.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Regards Howard :wave: :wave:

This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rik]

In regards to the keylogger, i suppose it's a possibility but i can see no reason for it being done.

You need to follow the instructions in this thread https://www.techspot.com/vb/topic89825.html very carefully.

This is only step 1, it will take a bit of time to get your pc truly clean.



This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

Hi Howard,

awf.txt is attached.

 

[howard_hopkinso]

No it aint.

Regards Howard

 

[mstritt4302]

Sorry,

How about now?

 

[howard_hopkinso]

Yes, you have an awf infection.

Please follow the instructions in the link that rik gave you in post #5.

Regards Howard

This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

Hi Guys,

I ran through all the steps and am still seeing several bak folders and duplicate files of bak. I guess it's possible I missed something in the directions (should I run through it again?). I have attached the last awf.txt and a new HJT log. Also, I'm still seeing the issue with IE. Could it be possible that my problem with IE is not even related to a virus, spyware or malware? It's odd, because it just started doing this overnight.

 

[howard_hopkinso]

Your awf.txt is clean.

Delete all files in AVG Antispyware quarantine.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} (Iqeye Control) - http://surfcam.castleinthesand.com/iqeye.ocx.gz

O16 - DPF: {1EC3FCEC-2C86-44F5-8B18-C4A4A08DF484} (ROVAUpdate Class) - https://qwestrova.com/rovacompany/defaultcomp/updates/rovaup2-3-110.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111. MmVrT/iTunesSetup.exe

O16 - DPF: {6257E290-5E8E-11D4-9B8D-00D0B72459DD} - https://portal.safenet-inc.com/Rainbow-iGate/Download/ikeydrvr2k.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} (Onyx Masked Edit Control Class) - https://onyx.safenet-inc.com/onyxemployeeportal_onyx/OnyxMaskEdit2Dual.cab

O16 - DPF: {AA688871-B978-4747-8278-788EE6F1AEAC} (Rainbow iGateBPI Class) - https://portal.safenet-inc.com/Rainbow-iGate/Download/igtcl.cab

O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://belonyxapp/onyxemployeeportal_onyx/msxml3.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab

Click on the fix checked button.

Close HJT and reboot your system.

Post fresh HJT and Combofix logs. Lets us know if you`re still having problems.

Regards Howard

This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

When I open IE now I receive the following Error:

Internet Explorer has encountered a problem with an add-on and needs to close.

The following add-on was running when this problem occurred:

File: googletoolbar5.dll
Company Name: Google Inc
Description: Google Toolbar for Internet Explorer

Also, without even opening IE I am getting IE application error boxes popping up.

I have attached new combofix and HJT logs.


Thanks

 

[howard_hopkinso]

Ok, uninstall and reinstall the Google toolbar, that should solve that problem.

Your HJT log is clean.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\5BA7F4F48ABE4F4788B13B4D2710E4F1.TMP
C:\Updater.exe

Folder::
C:\VundoFix Backups
C:\qoobox
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Regards Howard

This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

After uninstalling the Google Toolbar, IE loaded webpage instantly (great). But, after reinstalling the Google Toolbar and opening IE, I received the previous error I reported earlier: "Internet Explorer has encountered a problem with an add-on and needs to close". I uninstalled the Google Toolbar and ran the combofix procedure. When combofix was creating the log file after the machine restarted, I received an error message: "sed.cfexe has encountered a problem and needs to close". After I closed that message, combofix finished and created the log file attached. I again tried to install the Google Toolbar after this but received the same message about the add-on. I have uninstalled the Google Toolbar for now.

 

[howard_hopkinso]

Your log file looks clean.

I`m not sure what your problem is with the Google Toolbar. I suggest you either live without it or, start another thread for that particular problem in our Misc software and utilities forum.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

Thanks Howard,

I think I'm going to live without it for now.

I appreciate all your time and assistance on my issue.


Thanks again,
Mike

 

[Rik]

When you re-installed the google toolbar, did you do it from a file on your pc or did you download a new one?



This thread is for the use of mstritt4302 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mstritt4302]

I ran/installed it directly from Google.