1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Painfully slow browser--HJT log

Discussion in 'Virus & Other Malware Removal' started by Dance mom, May 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Hello,

    Since yesterday, surfing the net has become painfully slow. As I type this, the page is still loading and I have Hi speed cable-- so I am spoiled I suppose. Our other household computer is connected to this one and it is also slow..

    I ran Adaware and CWShredder and Spybot and cleaned up what was there.

    Could someone check my HJT log?

    Logfile of HijackThis v1.97.7
    Scan saved at 9:04:01 AM, on 5/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Quickenw\Qwdlls.exe
    C:\Program Files\Norton Personal Firewall\ATRACK.EXE
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Tom\Desktop\HijackThis2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O4 - Global Startup: Forget Me Not.lnk = C:\PROGRA~1\BRODER~2\AG CreataCard\agremind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Netnews (HKCU)
    O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab
    O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.yorkphoto.com/YorkImageEditor.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.yorkphoto.com/YorkUploader.cab
    O16 - DPF: {715A3997-ADE8-4399-AD92-353958D75076} (XUpdater Control) - http://www.bluefalcon.com/software/streamer/1.5.00.01/SS_POC.cab
    O16 - DPF: {83CC9124-6C79-11D4-A64A-00500487DAB3} (AMActiveSetup Class) - http://download.audible.com/AM35/ActiveSetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38032.627337963
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    Thanks so much!
    Lisa
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and check:

    O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
    O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.yorkphoto.com/YorkUpload.cab
    O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.yorkphoto.com/YorkImageEditor.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.yorkphoto.com/YorkUploader.cab
    O16 - DPF: {715A3997-ADE8-4399-AD92-353958D75076} (XUpdater Control) - http://www.bluefalcon.com/software/...0.01/SS_POC.cab

    Close all applications and browser windows before you click "fix checked".
     
  3. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Thanks Cybertech. I fixed checked items. Here is the list now. Still slow however...

    This page is still loading..

    Logfile of HijackThis v1.97.7
    Scan saved at 12:04:43 PM, on 5/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Quickenw\Qwdlls.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Norton Personal Firewall\NISSERV.EXE
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
    C:\Program Files\Norton Personal Firewall\ATRACK.EXE
    C:\Documents and Settings\Tom\Desktop\HijackThis2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O4 - Global Startup: Forget Me Not.lnk = C:\PROGRA~1\BRODER~2\AG CreataCard\agremind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Netnews (HKCU)
    O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.charter.com/sdccommon/download/tgctlsi.cab
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://support.charter.com/sdccommon/download/tgctlins.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {83CC9124-6C79-11D4-A64A-00500487DAB3} (AMActiveSetup Class) - http://download.audible.com/AM35/ActiveSetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38032.627337963
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    Any other suggestions?
    Thanks!
    lisa
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I didn't think that would do it. Have you tried resetting the modem?
     
  5. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Wouldn't that be nice if that was all it needed? Do I reset it just by unplugging it and then replugging it? I tried that. Even waited a bit between steps.
     
  6. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Anyways, it is still slow..
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Sorry I didn't notice you are running HJT from your desktop, you should move that to a folder, I'm sure you have backup files on the desktop now :(

    If both machines are slow since yesterday and they were both fine before that it must be the connection somehow. Are you sharing a connection through the other computer or do you have a router?
     
  8. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Some information to go on?...
    When the computer is trying to load a page. ( some pages never load competely) a check of the Windows task manager shows CPU usage at 100%. I never checked this before, so I don't know what it is supposed to be.

    This page is loaded and CPU reads at anywhere from 0 to 4%.

    A stop at bandwidthplace.com shows the following:
    Communication- 710.6 kilobits/sec
    Storage- 86.7 kilobits/sec
    1MB filedownload--11.8 seconds
    Subjective rating-Good

    Thanks so much for your help!
    lisa
     
  9. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Wireless router. The other computer is not on. Oh my! I see the desktop needs a bit of tidying! -- No problem.

    lisa
     
  10. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    I take that back. I think hubby uses the wireless for his laptop. Router connection with cable between the two computers.

    I'm going to turn off the modem for a bit longer and see if that does it.

    thanks!
    lisa
     
  11. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Hi,
    Me again. Decided to call my local internet cable provider. Worked with a tech on the phone. She was able to speed things up a bit, but still not the 2M I am paying for...

    Bandwidth speed is now 1.1 megabits/sec.
     
  12. Dance mom

    Dance mom Thread Starter

    Joined:
    Jun 10, 2003
    Messages:
    108
    Still very slow. Sometimes can't get the pages to load at all. My hubby decided to see if things would speed up without Norton Personal Firewall enabled and viola- things got faster. Bandwidth check is twice as fast. Checking task manager when loading a page-- slowly--shows that Symproxysvc.exe is using 98%. CPU at 100%.-- when firewall is enabled.

    So we thought we check a few sites to figure this out-- including this one, however at that point even with the firewall disabled, pages only half loaded.

    I am on our second computer-- hubby's. He downloaded the newest Symantec Internet Security package. This seems to have worked here.

    Hubby found an article titled 'SymproxySvc.exe shows high CPU usage' on the Symantec site. However this covers a problem that was fixed with an update patch in 2002. Perhaps they are having this problem again?

    Maybe this is just Symantec's way of telling us to buy their newer version? The current version on my computer is 2002 with Live Update.

    Thanks for listening!
    lisa

    Thanks
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Thank you for sharing what you found!!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/230563

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice