Slow Computer

[Angelfish316]

I'm having trouble with my computer being really slow all of a sudden. I have a 550 mghz processor and 192 mb of RAM. I have DSL so the pages used to just pop up, now they take forever to load. My OS is Windows 2000. I have a We-blocker on here for the kids, but they say it shouldn't make it slow. Only other thing I can think of is I recently got a digital camera, maybe the pics I am storing are taking up too much room? I've scanned for ads and spyware, and cleaned out all the junk. Any help would be appreciated. Thank you.

[dammit]

Defragged recently? Scandisk?

[AnnMarie]

Hi Angelfish316 - If this has just happened, there is also a possiblity that your browser may have been hijacked. The newer hijackers are not yet picked up by Spybot and Ad-Aware.

Go here and download and run a scan with Hijack This. Most of the files listed will be harmless and/or required so do not make any changes, just click on Save Log, copy it and post it back in this thread.

[Angelfish316]

Quote:

Originally Posted by AnnMarie

Hi Angelfish316 - If this has just happened, there is also a possiblity that your browser may have been hijacked. The newer hijackers are not yet picked up by Spybot and Ad-Aware.

Go here and download and run a scan with Hijack This. Most of the files listed will be harmless and/or required so do not make any changes, just click on Save Log, copy it and post it back in this thread.

Hi AnnMarie!
You helped me last time and I so appreciated it! Thanks again for your response. I thought Spyguard would keep these things off, but I guess there's always new strains coming out. Here are the results, thanks again!

Logfile of HijackThis v1.97.3
Scan saved at 6:37:27 PM, on 11/5/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\drivers\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\program files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINNT\system32\SYSWB6.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINNT\system32\Winkb6.exe
C:\Program Files\BellSouth\FastAccessConnectionAgent\fastacc. exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\DESKTOP\MAINFO~1\WINZIP\winzi p32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6711
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray. exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [tgcmd] "c:\program files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_1215022.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot4_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potb_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/...2/ComCtl32.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/12...v6/brix6ie.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://63.236.66.10/em/images/nocach...tup1.0.0.5.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://raven.veloz.com/pub/download/oodlz_8bl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/...3/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/17644700e5e4ebe...zip/RdxIE2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_0.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/6...ll/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/contro.../msnchat42.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} - http://install.anark.com/client/vers...n/AMClient.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...2/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...579.3387615741
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/adver...ing/wtinst.cab
O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.totalvelocity.com/MemoryMeterbb.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontown.com/toontown/s...2.4/ttinst.cab
O16 - DPF: {C2D116ED-2466-4909-A75C-F8030A39A77D} - http://www.cursorzone.com/cursors/angel_setup_td035.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/contro...C/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Te...loads/outc.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yaho...bio5_1_3_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D0F214F-60A9-4B79-BBD4-A852E0CB6AA8}: NameServer = 205.152.144.235 205.152.132.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D0F214F-60A9-4B79-BBD4-A852E0CB6AA8}: NameServer = 205.152.144.235 205.152.132.235

[AnnMarie]

Hi Angelfish316 - you are very welcome. Close all open windows and run Hijack This again and use it to fix the below entries. Reboot afterwards.

O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com

There are also a few programs that can be disabled from your Startups which should speed things up a bit however it would be better if you used msconfig to do this. You can download msconfig and the help topic for Win2K from here. Have a look here for help in deciding which startups can be safely disabled. (btw BackWeb is also in your Global Startups - to remove it, rightclick on your Start button and select Open or Open All Users. Doubleclick on Programs and open the Startup Folder and delete the link).

It would also be a good idea to clean out your ActiveX Controls. Open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each and choose Properties. If there is anything there that you dont know what it is (microsoft, apple, macromedia etc are OK) or where it came from, delete it. If there are any damaged controls there, delete those also.

Let us know if this helps.

[Angelfish316]

I tried the Hijackthis, and when I tried to fix the two things you told me about here is the message that came up:


>54LlHYlbm#bVRm^YYRaepesic^H`d'do;:ebVUShtD\#gMKl8 #b{"

I think that's it, it wouldn't let me copy it so I typed it out. I'll try the rest of the stuff in the meantime. Thanks.

[AnnMarie]

Hmmm, thats odd. OK, run a search for a file called hosts (there may be more than one). When you find it, open it in Notepad and delete the below entries

204.244.184.143 SafeWeb.com
204.244.184.143 WWW.SafeWeb.com

Save your changes and exit. Post back a new Hijack This log when you have made all the changes.

[Angelfish316]

Couldn't find SafeWeb that way either. Can't I just delete the whole Hosts folder? Also couldn't find the Backweb. I did clean some stuff out of ActiveX controls. I guess I'll have to really study that page that tells which start ups can be safely disabled. Argh, computers!! Thanks.

[AnnMarie]

Hi Angelfish316 - yes you can delete the hosts file however I am not sure how Spyware Guard operates. I run Spyblocker and it uses the hosts file to block undesirable sites. Still, I understand a large hosts file will slow Win2K so it might well be the cause of your problem.

Re Backweb, it is listed twice, see below. Look for LDM or Logitech Desktop Messenger.

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Post back a new Hijack This log when you have made all the changes.

[Angelfish316]

Quote:

Originally Posted by AnnMarie

Hi Angelfish316 - yes you can delete the hosts file however I am not sure how Spyware Guard operates. I run Spyblocker and it uses the hosts file to block undesirable sites. Still, I understand a large hosts file will slow Win2K so it might well be the cause of your problem.

Re Backweb, it is listed twice, see below. Look for LDM or Logitech Desktop Messenger.

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Post back a new Hijack This log when you have made all the changes.

So, I went into the Startup, and found Logitech Desktop Messenger. It won't let me open it, I'm not sure if I'm to delete the whole thing? Maybe I should try Spyblocker. Also, am I looking to check the Backweb and Logitech on the Hijack this log? Thanks again.

[AnnMarie]

Hi Angelfish316 - no dont use Hijack This. Have you downloaded msconfig? If so, go to Start > Run and type:

msconfig

and then OK. Click on the Startup Tab and uncheck LDM or BackWeb-8876480.exe (Logitech Desktop Messenger entry) and then reboot. This means that the program will no longer load at startup but you will still be able to use it if you wish.

Also, rightclick on your Start button and select Open or Open All Users. Doubleclick on Programs and open the Startup Folder and delete the Logitech Desktop Messenger.lnk