trouble loading home page and slow performance

Discussion in 'adware, spyware & hijack cleaning' started by mursy, Feb 25, 2004.

Thread Status:
Not open for further replies.
  1. mursy

    mursy Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    5
    Hi

    I am having trouble loading my home page it if very slow and sometimes i must hit the home button on ie to get it to load

    i find my performance has dropped quite a bit and i need to reboot quite often, which was never necessary before

    i ran spybot and it did not find any problems not even tracking cookies which made me wonder, so i downloaded adaware and ran it. It found a lot of tracking cookies only and i removed them.

    i downloaded hijack this and ran it. this is the log file and i am not sure what to do with it.ogfile of HijackThis v1.97.7
    Scan saved at 11:02:55 AM, on 2/25/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
    O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37968.3231712963
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    any help would be appreciated, thank you
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi mursy,

    Have you tried uninstalling the REAL toolbar?
    I agree with AdAware and Spybot S&D on your log. Clean.

    Regards,

    Pieter
     
  3. mursy

    mursy Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    5
    thank you for your fast reply.

    i will remove the real toolbar, but that has only been there for 2 days, and my problems started before that.

    i do run Norton Internet Security 2003 and is it possible that it takes a very large bite out of my performance and slows me down.

    whatever the answer, i will have to put up with it because i wouldn't feel safe on line without it

    i am running windows me, on a IBM with a AMD duran 700 i think, 128 ram

    thank you
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi mursy,

    You are right in not wanting to go online without proper protection. But if a program does not agree with your system, for whatever reason, I would look for alternatives.
    Here is a good place to start:
    http://www.wilders.org/firewalls.htm

    Regards,

    Pieter
     
  5. mursy

    mursy Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    5
    Hi Again

    Thank you for the info.

    I don't know if this is the right place to ask this question, but it has been suggested to me to do a memory upgrade from 128 to 512.

    I don't mind doing this but would it really help this computer?

    Thanks Mursy
     
  6. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi mursy,

    You will see a considerable difference in speed that's true, these days 256MB is mostly a minimum to run. But that's for win2k and XP systems.

    Your OS is ME though, and 128 should still be ok.

    have you installed anything recently or noticed some strange event the last 2 weeks?

    Cheers,
     
  7. mursy

    mursy Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    5
    Hello Again

    I had to think about that and i have come up with two things that have happened.

    When i go on in the morning lets say my performance may read 77%, the first thing i do is check my email. When i close the program i have dropped about 10% in my performance, that is new.

    I run Office 2000 and use Microsoft Outlook for my email, now i am wondering if there is something wrong with my Office, i do keep it updated.

    I tested that before i wrote this, i rebooted and checked the performance and then opened and wrote a email in Outlook Express, there was no drastic drop in performance

    The other odd thing that has happened is that when i reboot and come back on i will periodically get a blue screen with an error message a sym event which i take is symantec. At that point i will open symantec and run live update, sometimes there will be a live update, this morning there was not.

    I did check the knowledge base at symantec a couple of weeks ago and could not find an answer. The problem had seem to correct it's self untill this morning, guess i better look again, lol

    My thought is at this point to uninstall and reinstall Office, i have never had this problem with it before, maybe bad install.

    thanks Mursy
     
  8. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Yes that's a good idea and never harms.

    My thought would be that it's NAV that's using lots of resources. If a blue screen pops up once in a while relating to symantec, then I guess there's where we have to look for the slowdown problem.

    Symantec is known for slowing systems down. In that case an upgrade from 128MB ram to let's say 512 could very well help your problem and speed up your system.

    What can happen is that NAV is active on your PC doing whatever it does (liveupdate, autoprotect etc..) and if one or more extra apps are running like office etc 128mb maybe just is not enough to cope with that, thus the error.

    Cheers,
     
  9. mursy

    mursy Registered Member

    Joined:
    Feb 25, 2004
    Posts:
    5
    Hi

    Once again thank you for all your help.

    I have uninstalled Office for now, i will watch and see how things are running before i reinstall.

    I think i will consider adding the memory because i do like Norton Internet Security, that of course is because that is the only one I have used in my short 3 years of computing, lol.

    It is nice to know that there is a great forum like this to come to for help.

    Mursy
     
  10. Minera

    Minera Registered Member

    Joined:
    Oct 31, 2003
    Posts:
    42
    Location:
    Canada
    Hi
    I had the same problems with the homepages in IE. I have WindowsXP
    and ZA firewall and Norton for the viruses.. I also use a separate program for my email although my kids use the messenger.
    My system slowed to a crawl the other night so I checked to see what was
    running. Everything seemed ok but one file in quotations including the" C:"
    was isvchost.exe. I checked what the program was and found it was connected to something called india111. I did have a gaobot infection but it appears that the email attachment loaded a special folder etc. in services
    While the virus itself was gone and cleaned the remains were still trying to connect through my home network. I went into regedit and did a search for -Services and found some registry key changes still there which I deleted (also connected with india111) It was causing a buffer overflow and some form of chat relay or something. After cleaning those files connected that I could remove manually (in safe mode) the system seems to be running normally up till now. I did get memory messages before but just surfing shouldn't have had them also the program india111 was an 'unknown' for everything I checked it for that is why I became suspicious that something was still there. I did all sort of checks before and even sent my hyjack this logs to Pieter but couldn't find anything. Just that my firewall would sometimes load stuff I wasn't using or did not need to be run and port explorer had some strange connections to some of my ports that made me suspicious that something must be still lurking. So Pieter if you have any suggestions for checking registry keys for stuff left behind by gaobot or 'agobot' it would be great. The virus itself terminates the ativirus processes so it could slip past it . It seems to be a problem with networks....I did get a 'malware' notice about a week ago from my virus program but it had quaranteed it. Also it autoloads so you have to do all the removing in the 'safe' mode then scan again for viruses.
    Regards
    Minera
     
  11. Minera

    Minera Registered Member

    Joined:
    Oct 31, 2003
    Posts:
    42
    Location:
    Canada
    Me again:
    I forgot to mention that the Office was also attached to the india111. I rarely use it except word, but I checked the info in the word program itself and you can get all the necessary information about your computer THROUGH MSOffice by opening word, and then help and click on system info. It has everything about everything on your computer including what is loaded, running and all software and hardware info. Im not sure why Microsoft would make another program that can access all that stuff on one's system. I would have thought Windows would have been enough, but it seems everytime something went out of my computer it was associated with MS Office or in particular MSWord or MSAccess. It also included anything Microsoft checked on my computer when I upgraded. Im not sure if that is normal for that program but its pretty powerfull to have all that access to the computer and everything in it. Wonder if it is intentional? BTW I use an old Office97 version. o_O
     
  12. Minera

    Minera Registered Member

    Joined:
    Oct 31, 2003
    Posts:
    42
    Location:
    Canada
    Me AGAIN:
    I was just wondering about the line:

    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    What exactly does that MEAN? Also its in quotations and has the -reg key
    Mine was similar but it was "C:\Program Files\Microsoft Office\ etc.
    and at the end it had "isvchost.exe -services" all that in quotations.
    also in the registry it had the following:
    HKEY_Local_Machines>Software>Microsoft>Windows>CurrentVersion>run
    and had the entry on right side panel
    Configuartion Loadings "iSVCHOST.exe -services"
    further searches connected it to india111 etc. which is why I'm asking. :eek:
     
Thread Status:
Not open for further replies.