Jump to content


Photo

IE runs at snail pace


  • Please log in to reply
2 replies to this topic

#1 Jaceyatkford

Jaceyatkford

    Member

  • New Member
  • Pip
  • 1 posts

Posted 01 June 2004 - 04:53 PM

My PC runs OK until I open Mailwasher or Internet Explorer.
My actions on Mailwasher are not always actioned and it sometimes exhibits strange behaviour such as changing the cursor to a black square and text distorts at random on the screen.
When I go into Internet explorer it runs at a very slow pace.
Prolonged discussions with my ISP have confirmed there is nothing wrong with my connection or settings.
Found relevant information on this site and after reading the FAQ undertook the following:-
Ran Adware 6 and removed 26 items.
Ran HijackThis! and log is below.

What next?

Logfile of HijackThis v1.97.7
Scan saved at 21:09:23, on 01/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cyberbrit...in.com/cb.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonde...onder/index.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cyberbrit...in.com/cb.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000\Search Bar.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.blueyonder.co.uk:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [cursor] C:\Program Files\Screendragon VS3\Screendragon VS3 Taskbar.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] c:\windows\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Lwinst Run Profiler] C:\PROGRAM FILES\STARTSTOP\STARTSTOP.EXE /norun reg -2147483646 "Software\Microsoft\Windows\CurrentVersion\Run" "Lwinst Run Profiler" TFIStartStop C:\Program Files\Logitech\WingMan Profiler\Lwtest.exe /detect /quiet /launch "C:\Program Files\Logitech\WingMan Profiler\Lwpevntm.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 EPSON Stylus C62 Series /O5 LPT1: /M Stylus C62
O4 - HKLM\..\Run: [EPSON Stylus C62 Serie (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P31 "EPSON Stylus C62 Serie (Copy 2)" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkService.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [FUIClearHis] C:\PROGRAM FILES\FRESHDEVICES\FRESHUI\FRESHUI.EXE 0 3 9 15 16 17
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\RunServices: [FUIClearHis] C:\PROGRAM FILES\FRESHDEVICES\FRESHUI\FRESHUI.EXE 0 3 9 15 16 17
O4 - HKLM\..\RunOnce: [StartStop] C:\PROGRAM FILES\STARTSTOP\STARTSTOP.EXE /startup
O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Startup: STARUPDATER.EXE.lnk = C:\Program Files\Star Alliance Timetable\StarUpdater.exe
O4 - Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O12 - Plugin for .sib: C:\PROGRA~1\INTERN~1\PLUGINS\NPSibelius.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {B057BA59-B3A7-4875-B920-6FB1915F33C8} (Button Control) - http://gaming.blueyo...ivex/button.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7867.1350694444
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbro...kes/FlashAX.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...on/uploader.ocx
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3uk.cab

Edited by Jaceyatkford, 01 June 2004 - 05:38 PM.


#2 Gwyrox732

Gwyrox732

    Gwy|is|here

  • Helper
  • PipPipPipPipPip
  • 514 posts

Posted 01 June 2004 - 05:12 PM

The log is not attached. However, could you please just paste it to the bottom of a post here instead of attaching it, just makes it easier on the helpers.

Thanks.
Quote from Original CWS Article at SWI: "There could be other domains involved in the future." ... We've come a long way since then

Malware esan mala, ji mi disaman. SWI ji kikan ekster!

PM me if you know what that says. Whoever gets it right gets put here!
Bagman wins, good job!

#3 sights0d

sights0d

    Member

  • Full Member
  • Pip
  • 57 posts

Posted 02 June 2004 - 12:06 PM

I see it at the bottom of the original.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button