[beeceebee]

Hi everyone.
I had an earlier thread that was closed over issues that have been resolved but the problem remains. I began after I had to reinstall everything with a rescue disc that completely wiped the hard drive and reinstalled XP I then added all critical updates.

My problem is simple but finding the cause is not. I am using IE7 on XP. Getting pages to open in even a reasonable time is impossible. For example it takes 15 seconds to open basic Google as a home page and almost 45 seconds to get from there to here as a fully loaded page. I can navigate through here and most sites pretty quickly once there but if I click on a link or even go to a different bookmarked page I get the same slow browser speed. A lot of the time seems to be used searching for the page. In all other respects the PC actually a 3 year old Toshiba laptop, is working fine.

In order to save time I am going to list what I know not to be the problem or solution.

• There is no malware or virus based upon 3 different malware scans (2 suggested here) and at various times 4 different virus scans.
• I tried both Firefox and Safari and got the same results. I have uninstalled both.
• It acts the same way in safe mode
• I have reset IE7
• I have played with startup programs and applications per various suggestions with no improvement but probably missed something important that I just didn’t understand.
• I can download a program at very acceptable speed. For example the The ATF Cleaner downloaded quickly once I actually got to the download page.

Fixing this has now become a crusade and I am far to old for crusades. Any suggestions will be gratefully received. Thanks

PS current Hijack this log below.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6987 bytes

[Wolfeymole]

What I can't understand Barry is that you formatted then filled the machine full of junk again like party poker, spybot and other stuff.

Did you look at our recommendations for security software?

[beeceebee]

Yes and No Bob. The answer is I had no reason to when I loaded them they worked fine for a long time. (although PP did just do a big update.) I did not even know this site existed before and had no reason to look. If I knew that my car was going to die after I started it I would call a mechanic. Before my prior disaster I had a perfecly (from my point of view)operating laptop. Spybot was a program that seemed to be ok. It is not running now and Part Poker has been uninstalled. Believe me had I known this was going to happen I would have found you sooner.

[RandyL]

It seems that you are still infected or your internet connectiion is being leeched. Many poker programs are known to do this. They use your computer to act as a server. P2P and torrents will also leech a connection.

I suggest formatting and re-installing again. At this point everything should work great. Then install those types of programs again one by one. The culprit will surely rear it's ugly head.

Then you will understand the second half of our position of these types of programs.

I also see that you have next to nothing for security programs. All I see is AVG which is not good enough. Where is your spyware protection? Are you running a firewall? It's really hard to tell since I expected to see much more in the HJT log.

[Wolfeymole]

We'll ask you once again to run the malware tools listed here.

This must be a system problem

[beeceebee]

Sorry, I am running the normal windows firewall and a router firewall (netopia) set at medium as anything higher will block internet traffic and limit to local network. I was using Spybot with teatimer but disabled it. Probably should uninstall? I have Kept the SUPERantispyware but it has found nothing.

[RandyL]

Why is there a proxy over ride on this computer?

[beeceebee]

I will run all the malware tools again now.

[beeceebee]

OK I ran everything again and did get a result but I may have blown it. The malware found nothing but a few cookies (5) the ESET scan found 3 trojans. Apparently it removed 1 and reported an error in deleting the other 2. In trying to copy and paste I inadvertantly lost the information. However they all related to something called Recyclers C:/Windows/RECYCLERS ???

I ran the same scan again and nothing came up. I have restarted but do see any change.

Regarding Randy's Question I have no idea why there is a proxy over ride or even what it does.

Also I had a to do list when I re-formatted etc. After reinstalling my broadband service I updated windows and probably installed IE7 at that time. The disc must have had IE6.

I just get the feeling that whatever happened happened then or when I was downloading thie #$%& AVG>

As for leeching I tried looking for unaccounted for network activity while I was doing nothing and all I could find was a minimal amount of activity on the little icon. I opened the network connection status, the task manager and noticed that it was very minimal. I opened the connection to my router (through IE7 I guess) and noticed that each time there waas a little activity the page refreshed.

I really want to get rid of AVG what I do not know is whether I should keep it running while I either redownload Avast or get Avira. Or should I just wait until this is all sorted?

[Goku]

I generally do not condone the use of internet optimizers but seeing that your problem is limited to browsing the internet, I think you must give it a try.

Download TCP Optimizer from here. The program is quite basic but if you still need help using it, then you can use the FAQ available here. Perform the required changes and reboot the computer when prompted. Try again and see if there is any difference or not.

Quote:

I really want to get rid of AVG what I do not know is whether I should keep it running while I either redownload Avast or get Avira. Or should I just wait until this is all sorted?

Download the latest version of Avira from here and install it over AVG. After you have installed it, reboot the computer and remove AVG. Next, run a full system scan with Avira, after updating it with the latest virus definition files, and post back the results.

Hope that helps.

-- Goku