Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Computer slow loading web pages.  (Read 3039 times)

0 Members and 1 Guest are viewing this topic.

The Bubba

    Topic Starter


    Hopeful

    Thanked: 1
    • BIG BLUE HEAVEN
  • Experience: Familiar
  • OS: Windows XP
Computer slow loading web pages.
« on: September 05, 2007, 06:34:57 AM »
I've ran several virus scans along with adware and spyware programs to no avail. I've also defraged. Some pages load like I'm on dial up while in fact I'm on cable. Below is a hijack this log.


Logfile of HijackThis v1.99.1
Scan saved at 7:22:06 AM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\john\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigblueheaven.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Freecell Solitaire - http://presence.games.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138381294296
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://63.241.168.237/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freeware/cab/installprivacyprotector.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


The Bubba

    Topic Starter


    Hopeful

    Thanked: 1
    • BIG BLUE HEAVEN
  • Experience: Familiar
  • OS: Windows XP
Re: Computer slow loading web pages.
« Reply #1 on: September 05, 2007, 07:14:12 AM »
I stand corrected on the virus scan not finding anything. I had aome errands to do this morning and after getting dressed, went down to check my post before turning the computer off. My avg was in the process of scanning and had found a virus called feebs.

Spero-T

  • Guest
Re: Computer slow loading web pages.
« Reply #2 on: September 05, 2007, 07:25:03 AM »
So is that the problem solved ?

The Bubba

    Topic Starter


    Hopeful

    Thanked: 1
    • BIG BLUE HEAVEN
  • Experience: Familiar
  • OS: Windows XP
Re: Computer slow loading web pages.
« Reply #3 on: September 05, 2007, 09:19:46 AM »
I haven't had a chance to get rid of the virus yet. The scan wasn't finished and I had to leave hoping to deal with it when I got back. Well, after I got back, the scan had finished and removed itself from view. I don't know why scans don't wait until you deal with them before they leave. I tried to call it up on test results but it doesn't show today's scan. I have to leave in a few and don't have time to run a scan again.
« Last Edit: September 05, 2007, 08:21:42 PM by The Bubba »

patio

  • Moderator


  • Genius
  • Maud' Dib
  • Thanked: 1708
    • Yes
  • Experience: Beginner
  • OS: Windows 7
Re: Computer slow loading web pages.
« Reply #4 on: September 05, 2007, 01:39:16 PM »
Doesn't make sense that AVG would get rid of a test result...on the main menu at the top under Services choose Program Settings...the first page is the settings for test results.
I have mine set to save 60 days worth and they're all there.
My machine scans and updates daily at 4:00 AM.
Let us know if you have any questions...
   
 
" Anyone who goes to a psychiatrist should have his head examined. "

patio

  • Moderator


  • Genius
  • Maud' Dib
  • Thanked: 1708
    • Yes
  • Experience: Beginner
  • OS: Windows 7
Re: Computer slow loading web pages.
« Reply #5 on: September 05, 2007, 01:44:43 PM »
More info on your little bugger there:

This detection is for a new variant downloaded by the JS/[email protected] .

This worm bears the following characteristics:

    * it is a polymorphic worm
    * it configures  itself to load at startup
    * it creates copies of itself in folders containing the string shar (to propogate via P2P sharing programs such as Kazaa, Bearshare, Edonkey, etc.
    * it mails itself by creating messages that are constructed using the worm's SMTP engine, and sent to email addresses harvested from the victim machine
    * injects a ZIP attachment, including a copy of the worm, into outgoing SMTP sessions.
    * opens a backdoor port (80, 40729)

This worm downloads the Win32 executable (W32/[email protected]) by the user executing the polymorphic script detected as JS/[email protected]

Mail Propagation - Massmailing 
The worm constructs outgoing messages using its own SMTP engine. Target email addresses are harvested from the victim machine

The From: header of outgoing messages is spoofed (combining random strings together with domains of email addresses harvested from the victim machine).

The message body:
-----
You have received Secure Mail from HotMail.com user.
This message is addressed personally for you.
To decrypt your message use the following details:

ID: 22118
Password: amhqsqhnc

Keep your password in a safe place and under no circumstances give it to ANYONE.

Secure Mail and instruction is attached.

Thank you,
Protected Message System,
HotMail.com


Quote
This virus arrives as an email attachment or could get downloaded with P2P software. Executing the file infects the local system which is then used to propagate the virus further.

The above is the latest info from MacAffee...

So you may want to sometime this evening re-boot into safemode and run all your protection apps again with system restore turned off.
Then post a new HJT log for a looksee.
   
 
" Anyone who goes to a psychiatrist should have his head examined. "

The Bubba

    Topic Starter


    Hopeful

    Thanked: 1
    • BIG BLUE HEAVEN
  • Experience: Familiar
  • OS: Windows XP
Re: Computer slow loading web pages.
« Reply #6 on: September 05, 2007, 08:24:19 PM »
Thanks Patio, I'll give it a try.