1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow Startup/Shutdown, & Slow Browsing/Xfers

Discussion in 'Virus & Other Malware Removal' started by SoCalGuy619, Jul 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. SoCalGuy619

    SoCalGuy619 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    4
    I've ran the latest Ad-Aware and SpyBot and found nothing. I run Trend-Micro Internet Security and its found nothing. Startup and Shutdown seems to take much longer than before. System is defragged. Web Browsing and File Transfers seem to take much longer than before as well. Any help would be appreciated.

    Here is my HijackThis! log:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:53:53 PM, on 7/19/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\PROGRA~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
    C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Documents and Settings\Master User\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.falcon-nw.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: TREND MICRO HouseCall (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.falcon-nw.com
    O15 - Trusted Zone: http://www.cox.com
    O15 - Trusted Zone: http://usercenter.cox.net
    O15 - Trusted Zone: http://www.cox.net
    O15 - Trusted Zone: http://classic.zone.msn.com
    O15 - Trusted Zone: http://zone.msn.com
    O15 - Trusted Zone: http://housecall.trendmicro.com
    O15 - Trusted Zone: http://www.trendmicro.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon...oad/tgctlcm.cab
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...dia/zoomviewer/
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
    O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
    O16 - DPF: {96B0F9A1-AD48-41F0-A1ED-093D66CF1AD9} - http://a1917.g.akamai.net/f/1917/8668/1d/s...moviessetup.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7914.0129861111
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
    O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
     
  2. SoCalGuy619

    SoCalGuy619 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    4
    And here is my Startuplist Log...


    StartupList report, 7/19/2004, 6:55:58 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Amir Zarrin\Desktop\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\PROGRA~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
    C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Documents and Settings\Master User\Desktop\StartupList.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    WFXSwtch = C:\PROGRA~1\WinFax\WFXSWTCH.exe
    WinFaxAppPortStarter = wfxsnt40.exe
    pccguide.exe = "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    PCClient.exe = "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    TM Outbreak Agent = "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    nwiz = nwiz.exe /install
    HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PlaxoUpdate = C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
    ProtoWall =

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    HP DArC Task #Hewlett-Packard#hp psc 2400 series#1066633439.job
    HP DArC Task #Hewlett-Packard#hp psc 2400 series#1080948809.job
    HP DArC Task #Hewlett-Packard#hp psc 2400 series#1086362419.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{01113300-3E00-11D2-8470-0060089874ED}]
    CODEBASE = http://usercenter.cox.net/rsuite/sdccommon...oad/tgctlcm.cab

    [{02BED220-FBC7-4392-93A2-3A50B056F78E}]
    CODEBASE = http://down.plaxo.com/down/release/instub.cab

    [MetaStreamCtl Class]
    InProcServer32 = C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
    CODEBASE = https://components.viewpoint.com/MTSInstall...dia/zoomviewer/

    [iPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
    CODEBASE = http://www.ipix.com/viewers/ipixx.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

    [SurferNETWORK Plugin]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\SURFER~1.OCX
    CODEBASE = http://rd1.surfernetwork.com/surferplugin.ocx

    [Microsoft.WinRep]
    InProcServer32 = C:\WINDOWS\System32\Winrep.dll
    CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    [HouseCallButton.setup]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\HouseCallButton.dll
    CODEBASE = http://de.trendmicro-europe.com/file_downl...eCallButton.CAB

    [{96B0F9A1-AD48-41F0-A1ED-093D66CF1AD9}]
    CODEBASE = http://a1917.g.akamai.net/f/1917/8668/1d/s...moviessetup.exe

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7914.0129861111

    [WebResponseAttachments Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
    CODEBASE = https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab

    [ActiveDataInfo Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

    [MS Investor Ticker]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\ticker9.ocx
    CODEBASE = http://fdl.msn.com/public/investor/v9.5/ticker.cab

    [ActiveDataObj Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
    CODEBASE = https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

    [QDiagHUpdateObj Class]
    InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
    CODEBASE = http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316

    [MSN Money Ticker]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ticker13.ocx
    CODEBASE = http://fdl.msn.com/public/investor/v13/ticker.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    0aMCPClient: *Registry key not found*
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 8,850 bytes
    Report generated in 0.032 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  3. SoCalGuy619

    SoCalGuy619 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    4
    I wanted to add that I am running an AMD XP 2100 processor with 1GB ram. After startup, I'm at about 240MB pagefile usage. Hope this helps!
     
  4. SoCalGuy619

    SoCalGuy619 Thread Starter

    Joined:
    Jul 19, 2004
    Messages:
    4
    Any help with this would really be appreciated folks! I'm at my wit's end with this thing and don't know what to do. Thanks!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/252283

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice