1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow scrolling on the Web!

Discussion in 'Web & Email' started by Trentham, Oct 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    A friend of mine has reported a problem whereby his computer is very sluggish when scrolling a web page, I believe, using the scroll wheel.

    All used to be OK until about a month ago when he started experienceing this problem. Has anyone any experience of anything of this type? Is there any sort of 'mal-ware' which you've come across which might do this?

    He's running Windows ME and connecting via AOL usinf Internet Explorer on a machine which is about 3 years old. It doesn't seem to be site related and as yet I've not determined whether this happens on web pages stored locally on his machine or only when he's actually connected. Nor have I yet checked whether this also happens in Netscape.
     
  2. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Without looking at his Hijack This Log, I can't say for sure, but it sounds like a CWS Hijack, does he also get things like slow typing in web pages ?

    First Delete Temp files, Cookies and offline content.To do this,
    Open Internet Explorer/Tools/Internet Options/delete cookies/delete files
    select off-line content/clear history.


    Download cwshredder from here

    http://www.spywareinfo.com/~merijn/files/cwshredder.zip

    Close all browser windows (including minimized windows)
    Run cwshredder

    When it is finished Reboot your computer.
     
  3. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    I'm expecting to get to examine the machine on Monday/Tuesday when I shall run such things as HijackThis, Adaware, Spybot, etc.

    He's not mentioned slow typing, but then if he doesn't go to sites which require typing he probbably wouldn't have noticed.
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Download Adaware and Spybot...update them but dont run them yet until we have seen your HijackThis logfile.
    And your better posting it in our security forum for best feedback.

    ;)
     
  5. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    It's always a problem knowing where best to post a problem. Often you need to know the cause of the problem to decide on a forum! :)
     
  6. NicolaJane

    NicolaJane

    Joined:
    Oct 6, 2003
    Messages:
    99
    also, if you go to mouse properties there is a place where you can test the scroll wheel .. that could also be another factor.. and not the actual internets cause.. ?? just a thought..
    My computer/controlpanal/mouse.
     
  7. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    OK, I've got the HijackThis log now. It contains some very strange looking stuff!

    Also the cwshredder scan suggests that this is the cause of the original problem, though I think there's a lof of other nonsense there too!

    For interest (or otherwise) I've also included the shredder log at the end. Any comments would be appreciated.


    Logfile of HijackThis v1.95.1
    Scan saved at 11:03:23, on 21/10/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\AOL 7.0A\AOLTRAY.EXE
    C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\KENM\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://approvedlinks.com/sp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cool-homepage.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cool-homepage.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://cool-homepage.com/
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\WINDOWS\TEMP\SQLMMID.DLL (disabled by BHODemon)
    O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: Web Search - c:\windows\ex.htm
    O9 - Extra button: Kangaroo (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: ULTIMATE WEB ACCESS (HKCU)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
    O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/77.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://usa-download.nocreditcard.com/download/newdial-erp/1736/dialer.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37906.0941550926
    O19 - User stylesheet: c:\windows\system.css




    CWShredder v1.21.1 scan only report

    Windows ME (4.90.3000 )
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system

    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer,SearchURL
    Infected data: http://approvedlinks.com/sp.htm
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
    Infected data: http://ie-search.com/srchasst.html
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
    Infected data: http://approvedlinks.com/sp.htm
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    Infected data: http://ie-search.com/srchasst.html
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    Infected data: http://ie-search.com/srchasst.html
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
    Infected data: http://ie-search.com/srchasst.html
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    Infected data: http://ie-search.com/srchasst.html
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Infected data: http://ie-search.com/srchasst.html
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\TypedURLs,url5
    Infected data: http://ie-search.com
    Found Hosts file: C:\WINDOWS\hosts (76 bytes, A)
    Hosts file: #6.197.100.83 xuto.search.msn.com
    User stylesheet c:\windows\system.css is active (HKCU)
    Found file: c:\windows\system.css (6763 bytes, RAHS)
    Found file: C:\WINDOWS\system.css (6763 bytes, RAHS)
    Found Win.ini file: C:\WINDOWS\win.ini (8562 bytes, A)
    Found line in Win.ini: run=
    Found file: C:\WINDOWS\loader.exe (45056 bytes, A)
    Found file: C:\WINDOWS\iedll.exe (37376 bytes, A)

    - END OF REPORT -
     
  8. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Run Hijack This and have it Fix the following entries, then reboot and post another log. It would appear some dialler software has been downloaded.


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://approvedlinks.com/sp.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cool-homepage.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cool-homepage.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)

    Do You Use a proxy server ? If so leave the next line if not have HJT fix it.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://cool-homepage.com/
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\WINDOWS\TEMP\SQLMMID.DLL (disabled by BHODemon)
    O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL



    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O8 - Extra context menu item: Web Search - c:\windows\ex.htm
    O9 - Extra button: Kangaroo (HKLM)
    O9 - Extra button: ULTIMATE WEB ACCESS (HKCU)

    O16 - DPF: {89122070-4199-11D4-8BAF-0050045B552C} - http://download.rocketpipe.com/bundles/77.cab

    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://usa-download.nocreditcard.co...1736/dialer.exe

    O19 - User stylesheet: c:\windows\system.css
     
  9. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    Many thanks. I'll get back on this. Slowly I'm beginning to get to grips with this stuff... I'd identified about half of the things you mentioned... one day perhaps... :)
     
  10. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    The HijackThis log now shows...

    Logfile of HijackThis v1.95.1
    Scan saved at 14:53:20, on 22/10/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\AOL 7.0A\AOLTRAY.EXE
    C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\KENM\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37906.0941550926
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Clean one(y)
     
  12. Trentham

    Trentham Thread Starter

    Joined:
    Nov 9, 2002
    Messages:
    308
    Many thanks. It seems quite depressing how all this mal-ware can get into these systems! :-(
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/173029

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice