[BeeCeeBee]

Hi everyone.
I had an earlier thread that was closed over issues that have been resolved but the problem remains. I began after I had to reinstall everything with a rescue disc that completely wiped the hard drive and reinstalled XP I then added all critical updates.

My problem is simple but finding the cause is not. I am using IE7 on XP. Getting pages to open in even a reasonable time is impossible. For example it takes 15 seconds to open basic Google as a home page and almost 45 seconds to get from there to here as a fully loaded page. I can navigate through here and most sites pretty quickly once there but if I click on a link or even go to a different bookmarked page I get the same slow browser speed. A lot of the time seems to be used searching for the page. In all other respects the PC actually a 3 year old Toshiba laptop, is working fine.

In order to save time I am going to list what I know not to be the problem or solution.

• There is no malware or virus based upon 3 different malware scans (2 suggested here) and at various times 4 different virus scans.
• I tried both Firefox and Safari and got the same results. I have uninstalled both.
• It acts the same way in safe mode
• I have reset IE7
• I have played with startup programs and applications per various suggestions with no improvement but probably missed something important that I just didn’t understand.
• I can download a program at very acceptable speed. For example the The ATF Cleaner downloaded quickly once I actually got to the download page.

Fixing this has now become a crusade and I am far to old for crusades. Any suggestions will be gratefully received. Thanks

PS current Hijack this log below.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6987 bytes

[Wolfeymole]

What I can't understand Barry is that you formatted then filled the machine full of junk again like party poker, spybot and other stuff.

Did you look at our recommendations for security software?

[BeeCeeBee]

Yes and No Bob. The answer is I had no reason to when I loaded them they worked fine for a long time. (although PP did just do a big update.) I did not even know this site existed before and had no reason to look. If I knew that my car was going to die after I started it I would call a mechanic. Before my prior disaster I had a perfecly (from my point of view)operating laptop. Spybot was a program that seemed to be ok. It is not running now and Part Poker has been uninstalled. Believe me had I known this was going to happen I would have found you sooner.

[RandyL]

It seems that you are still infected or your internet connectiion is being leeched. Many poker programs are known to do this. They use your computer to act as a server. P2P and torrents will also leech a connection.

I suggest formatting and re-installing again. At this point everything should work great. Then install those types of programs again one by one. The culprit will surely rear it's ugly head.

Then you will understand the second half of our position of these types of programs.

I also see that you have next to nothing for security programs. All I see is AVG which is not good enough. Where is your spyware protection? Are you running a firewall? It's really hard to tell since I expected to see much more in the HJT log.

[Wolfeymole]

We'll ask you once again to run the malware tools listed here.

This must be a system problem

[BeeCeeBee]

Sorry, I am running the normal windows firewall and a router firewall (netopia) set at medium as anything higher will block internet traffic and limit to local network. I was using Spybot with teatimer but disabled it. Probably should uninstall? I have Kept the SUPERantispyware but it has found nothing.

[RandyL]

Why is there a proxy over ride on this computer?

[BeeCeeBee]

I will run all the malware tools again now.

[BeeCeeBee]

OK I ran everything again and did get a result but I may have blown it. The malware found nothing but a few cookies (5) the ESET scan found 3 trojans. Apparently it removed 1 and reported an error in deleting the other 2. In trying to copy and paste I inadvertantly lost the information. However they all related to something called Recyclers C:/Windows/RECYCLERS ???

I ran the same scan again and nothing came up. I have restarted but do see any change.

Regarding Randy's Question I have no idea why there is a proxy over ride or even what it does.

Also I had a to do list when I re-formatted etc. After reinstalling my broadband service I updated windows and probably installed IE7 at that time. The disc must have had IE6.

I just get the feeling that whatever happened happened then or when I was downloading thie #$%& AVG>

As for leeching I tried looking for unaccounted for network activity while I was doing nothing and all I could find was a minimal amount of activity on the little icon. I opened the network connection status, the task manager and noticed that it was very minimal. I opened the connection to my router (through IE7 I guess) and noticed that each time there waas a little activity the page refreshed.

I really want to get rid of AVG what I do not know is whether I should keep it running while I either redownload Avast or get Avira. Or should I just wait until this is all sorted?

[Goku]

I generally do not condone the use of internet optimizers but seeing that your problem is limited to browsing the internet, I think you must give it a try.

Download TCP Optimizer from here. The program is quite basic but if you still need help using it, then you can use the FAQ available here. Perform the required changes and reboot the computer when prompted. Try again and see if there is any difference or not.

Quote:

I really want to get rid of AVG what I do not know is whether I should keep it running while I either redownload Avast or get Avira. Or should I just wait until this is all sorted?

Download the latest version of Avira from here and install it over AVG. After you have installed it, reboot the computer and remove AVG. Next, run a full system scan with Avira, after updating it with the latest virus definition files, and post back the results.

Hope that helps.

-- Goku

[BeeCeeBee]

Hi Goku
Tried optimizer. Nothing happened.

3 questions'
1. Could Randy's reference to a proxy over ride have anything to do with this?? If so how should I change it,
2. Where are these RECYCLER files? I could not find anything using internet explorer and search came up with nothing.
3. Is there any point in uninstalling IE7 considering that firefox etc. were no better when installed?

Thanks

[Goku]

I will try my best to answer your questions:

1. I am a complete novice at networking and do not understand the terms Randy talks of. Therefore, I don't think I am the right person to ask advice from regarding this question.

2. The Recycler folder is usually the folder which contains copy of the files deleted from the hard drive. Some copies may still remain even if the Recycle Bin is emptied. This information might come in handy if you are to check the traces of the files deleted on the system and the user who authorized the action.

3. No, there is no point to uninstall Internet Explorer 7 if you are using it to browse the internet. However, it does seem sensible to install Firefox or any other browser of your choice if you prefer it over Internet Explorer or just want better security.

I will review your problem and get back to you as soon as possible. Hope that helps.

-- Goku

[Seth]

This is a long shot, but run HijackThis and choose Scan Only. Now put a check on the these two items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab

Now click "Fix Checked" and restart the computer when complete.

If that doesn't help, then I would take Randy's suggestion to format and reinstall XP again. When complete, don't install AVG, but rather Avira. Once that's done, don't install anything else, but rather report back with how the internet is performing.

[BeeCeeBee]

OK AVG is Gone and Avira is in. I scanned and it found what may be DrMediaBack D. Found in System Value Inf A0002924.exe and Quaranteened.

Also wartned that 3 files could not be opened.

This is a paste of what seems relevent to me

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{95C8BA23-7DEC-40CD-A7C2-1ABB11423E47}\RP8\A0002924.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{95C8BA23-7DEC-40CD-A7C2-1ABB11423E47}\RP8\A0002924.exe
[DETECTION] Contains recognition pattern of the DR/MediaBack.D dropper
[NOTE] The file was moved to '4920ae0f.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

It seems to me that the problem relates to actually finding the website. Once it is found the page seems to open fairly quickly with more complicated sites a bit slower to add pics etc. Even this page which is bookmarked and obviously used often takes forever to find.

I can go through this site pretty quickly once I am here.

I keep looking at all those registry entries relating to IE and wonder if they are fighting each other. Does any of that make sense??

[Seth]

I just left you a post.

[BeeCeeBee]

Thanks would have missed it. Ill try and let you know.

[BeeCeeBee]

Well you said it was a long shot. Maybe a slight difference but Maybe Im just counting faster. Before I start all over again (and I'm sick of this today so not now) I know that it will install the same older version of Norton. I updated it and used it briefly but If I was going to pay for an AV program it wouldn't be that one. Are there basic instructions for getting rid of all that without messing up. Obviously other than uninstall. Maybe by deleting related files I messed things up.

Also I assume that it had IÊ6 installed. I know I downloaded 7 plus service packs etc. Are we all sure that uninstalling IE7 wont help??

I would imagine I should scan the portable hard drive with Avira before I reinstall any documents or email files.

I feel like a little kid about to throw a temper tantrum because I really do not want to do this.

oh well!!

[Wolfeymole]

Barry

We are getting nowhere fast because you are not doing what we are asking of you.

Please do as Randy suggested.

[Seth]

Once the installation of XP is complete, remove Norton with the following tool, then install Avira:

Download Norton Removal Tool 2009.0.0.41 - A program that can remove some Norton software from your computer - Softpedia

[BeeCeeBee]

Good Morning
Clearly you were right.

I have reformatted reinstalled etc. I have also installed Avira and did a scan with the bundled norton disabled. I then removed norton using the above tool. I have done nothing else. Reinstalled my router of course or I would not be here.

I am now using IE6. I have not done any critical updates as yet. To the extent that the poor Irish broadband allows I having no problems at all.


The following are things that I must do and safely.
1. Reinstall Office direct from original discs.
2. Put the bulk of my documents back into the Computer. They are now on portable hard drive.
3. Set up Outlook express and import old email from portable HD.

There are no malware programs installed. I have the .exe files on portable but do know whether I should use them or download fresh if at all.

Should I allow updates which I assume will include IE7 and SP3?