?
Solved

Virus - Starting IE takes too much resources

Posted on 2004-03-25
10
Medium Priority
?
2,981 Views
Last Modified: 2010-04-12
I am running windows 2000. When starting IE, too much resources are consumed that CPU and Memory usage runs low. Is my PC affected by any viruses. Any fixes? Also logging into the system takes too long right after rebooting.

Thanks in Advance.
0
Comment
Question by:namasi_navaretnam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10682932
Check for Spyware:
  HijackThis -->http://www.spychecker.com/program/hijackthis.html
  Spybot-S&D -->http://www.safer-networking.org/
  Ad-Aware --> http://www.netsecurity.about.com/library/blfreespyware.htm
  Web Shredder -->http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

Check for Viruses with online scanners:
  Norton/Symantec --> http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
  Trend Micro --> http://housecall.antivirus.com/housecall/start_corp.asp
  Panda ActiveScan --> http://www.pandasoftware.com/activescan/
  McAfee Security --> http://us.mcafee.com/root/mfs/default.asp
  Individual File Scanner --> http://www.kaspersky.com/remoteviruschk.html

Post the log from the first link (HJT) for further review...
0
 
LVL 15

Author Comment

by:namasi_navaretnam
ID: 10683236
Here is the log

Logfile of HijackThis v1.97.7
Scan saved at 7:49:04 PM, on 3/25/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\mdm.exe
C:\WINNT\system32\starter.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Program Files\Common Files\InstallShield\DigitalWizard\dwMon.exe
C:\Program Files\Common Files\InstallShield\DigitalWizard\ISWizard.exe
C:\Program Files\Navnt\POPROXY.EXE
C:\WINNT\Svchost.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINNT\System32\SahAgent.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\n-CASE\msbb.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Forbes\ForbesAlerts.exe
C:\WINNT\System32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\RECOMM~1\v15\rh.exe
C:\Program Files\RBEnhance\rbenh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\scbar\v2\scbar.dll
F0 - system.ini: Shell=explorer.exe winupdate.exe
F2 - REG:system.ini: Shell=explorer.exe winupdate.exe
O1 - Hosts: 1089288654 auto.search.msn.com
O1 - Hosts: 1089288654 auto.search.msn.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v2\scbar.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\ycomp5_1_3_0.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINNT\hhU.dll
O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINNT\3_0_1browserhelper3.dll
O2 - BHO: (no name) - {C8847EEA-72D6-11D4-AB4F-00B0D02332EE} - C:\PROGRA~1\COMMON~1\INSTAL~1\DIGITA~1\PHook.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O2 - BHO: surebar Helper - {D3F01312-8A3D-4D41-A4FA-FB61D295CB6B} - C:\WINNT\System32\surebar.dll
O2 - BHO: (no name) - {FD09D03F-CCA6-522C-799E-AF24F307ED30} - C:\WINNT\system32\arbsriau.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_1_3_0.dll
O3 - Toolbar: Search Bar - {270B845C-712C-4773-BEE0-AE2D2001CD0F} - C:\WINNT\System32\surebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [DigitalWizard Monitor] C:\Program Files\Common Files\InstallShield\DigitalWizard\dwMon.exe
O4 - HKLM\..\Run: [DigitalWizard] C:\Program Files\Common Files\InstallShield\DigitalWizard\ISWizard.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Navnt\POPROXY.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Canada] c:\program files\dialers\canada\canada.exe /noconnect
O4 - HKLM\..\Run: [SystemBoot] C:\WINNT\wer.exe
O4 - HKLM\..\Run: [SystemReg] C:\WINNT\Svchost.exe run
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [NCplDeamon] SVCH0ST.EXE
O4 - HKLM\..\Run: [windowsupdate] winupdate.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [rbenh ml744e] "C:\Program Files\RBEnhance\rbenh.exe"
O4 - HKLM\..\Run: [<H] c:\WINNT\System32\<HEAD>
O4 - HKLM\..\Run: [  <TITLE>Error</TI] c:\WINNT\System32\  <TITLE>Error</TITLE>
O4 - HKLM\..\Run: [</H] c:\WINNT\System32\</HTML>
O4 - HKLM\..\Run: [<B] c:\WINNT\System32\<BODY>
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINNT\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINNT\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINNT\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINNT\System32\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
O4 - HKLM\..\Run: [</B] c:\WINNT\System32\</BODY>
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [SwimSuitNetwork] "C:\Program Files\SwimSuitNetwork\SwimSuitNetwork.exe" /H
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [msbb] C:\Program Files\n-CASE\msbb.exe
O4 - HKLM\..\Run: [ILOSVY] C:\WINNT\ILOSVY.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v2\scbar.exe" /U
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKLM\..\RunServices: [WebSiteServer] C:\WebSite\httpd32.exe
O4 - HKLM\..\RunServices: [SystemReg] C:\WINNT\Svchost.exe run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SystemReg] C:\WINNT\Svchost.exe run
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [<H] c:\WINNT\System32\<HEAD>
O4 - HKCU\..\Run: [  <TITLE>Error</TI] c:\WINNT\System32\  <TITLE>Error</TITLE>
O4 - HKCU\..\Run: [</H] c:\WINNT\System32\</HTML>
O4 - HKCU\..\Run: [<B] c:\WINNT\System32\<BODY>
O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINNT\System32\The site you have requested doesn't exist.
O4 - HKCU\..\Run: [] c:\WINNT\System32\
O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINNT\System32\The associated domain name has probably been reserved by a client from
O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINNT\System32\<A HREF="http://www.gandi.net/">GANDI</A> then parked.
O4 - HKCU\..\Run: [</B] c:\WINNT\System32\</BODY>
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &DigitalWizard - C:\Program Files\Common Files\InstallShield\DigitalWizard\Menu
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: DigitalWizard (HKLM)
O9 - Extra 'Tools' menuitem: &DigitalWizard (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.greatplugin.com/diallerfiles/012970.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://jobs.tntlogistics.com/CFIDE/classes/CFJava.cab
O16 - DPF: {0FEBDCE8-1435-11D1-B8DA-00001C500B3F} (dwRotatePic.RotatePic) - http://www.desaware.com/Controls/dwrotpic.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll
O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06fa3d57297557c57e18/netzip/RdxIE601.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37957.8512731481
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.greatplugin.com/diallerfiles/014601.exe
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} - http://www.isurfplus.com/sure.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {E3DB227E-CE9D-11D3-9740-00105A088F97} (InstallShield ZUICmd Control) - http://www.installshield.com/downloads/dw/DigitalWizard1790.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4023.cab
O19 - User stylesheet: C:\WINNT\Web\tips.ini
O19 - User stylesheet: C:\WINNT\hh.htt (HKLM)

Thanks.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10683660
Uh...Wow.
Quite a bit here...

I'd suggest running the other spyware cleanup tools...update them first though.

I only went through the first few of these (there's A LOT).  
Here's some examples: (Highlight these from HJT and click Fix Checked)

C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe - (don't have a link, but believe this to be spyware as well)
C:\WINNT\System32\SahAgent.exe - http://www.liutilities.com/products/wintaskspro/processlibrary/sahagent/
C:\Program Files\Bargain Buddy\bin\bargains.exe -http://www.liutilities.com/products/wintaskspro/processlibrary/bargains/
C:\Program Files\Common Files\CMEII\CMESys.exe - http://www.liutilities.com/products/wintaskspro/processlibrary/CMESys/
C:\Program Files\Common Files\GMT\GMT.exe - http://www.liutilities.com/products/wintaskspro/processlibrary/GMT/
C:\Program Files\n-CASE\msbb.exe - http://www.liutilities.com/products/wintaskspro/processlibrary/msbb/
C:\PROGRA~1\ezula\mmod.exe - http://www.liutilities.com/products/wintaskspro/processlibrary/mmod/
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\scbar\v2\scbar.dll - http://www.allentech.net/parasite/SCBar.html
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v2\scbar.dll -http://www.allentech.net/parasite/SCBar.html
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - again, no link - but I'd clear this one

You could probably fix these as well...Maybe not 'harmful' but probable causes for your slowdown...
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?cxlow (obfuscated)
O1 - Hosts: 1089288654 auto.search.msn.com
O1 - Hosts: 1089288654 auto.search.msn.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com


These are suspicous - if you don't know what they are, you may consider removing them (or at least disabling them)
C:\Program Files\RBEnhance\rbenh.exe
C:\PROGRA~1\RECOMM~1\v15\rh.exe
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINNT\hhU.dll
O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINNT\3_0_1browserhelper3.dll

Again, run the others: Spybot, Adaware, Cool Web Shredder.  Get those updated and clean up your system (run them all).
Then, repost the HJT log and we can review it again...

<Whew>  :D
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 15

Author Comment

by:namasi_navaretnam
ID: 10684083
sirbounty,

I scanned my PC using those utilities and removed suspicious ones. IE starts just fine now. But logging in after re-booting still takes too long. Any ides?

Thanks for your help so far.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10684189
Repost the log from HJT...there are other items to clear out - just wanted to get rid of the spyware first...
0
 
LVL 15

Author Comment

by:namasi_navaretnam
ID: 10684406
Here is the log file again.

Logfile of HijackThis v1.97.7
Scan saved at 12:07:52 PM, on 9/25/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mdm.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 2000 total points
ID: 10686529
Wow - what a difference, eh?
Have you also run the online virus scanners?  I saw at least 3 dialers there and would be concerned of 'what' home they were phoning....
Please try at least the first 3 from my first post.

Afterwards, run a scandisk of your system:
  Double-click My Computer, and then right-click the C drive
  Click Properties, and then click Tools.
  In Error-checking, click Check Now.  (You may be asked to reboot.  Expect this to take a while)
  ref: (http://support.microsoft.com/?kbid=156571)

Next, run a defrag of your drive:
  I always prefer booting into safe mode to run defrag...(http://www.microsoft.com/windows2000/en/server/help/boot_failsafe.htm)
  The procedures are as for scandisk, just run disk defragmenter instead.
  ref: (http://www.microsoft.com/windows2000/techinfo/administration/fileandprint/defrag.asp)

Lastly, go through this site to determine what services can be shut off or disabled to gain back wasted resources:
  http://www.blackviper.com/WIN2K/servicecfg.htm
0
 
LVL 15

Author Comment

by:namasi_navaretnam
ID: 10686701
Thanks for you help!!!

I am just going to accept your solution. I just have one more question if you could answer.

> I saw at least 3 dialers there and would be concerned of 'what' home they were phoning....

Not sure what you mean here. What is the name of process?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 10686741
One was called canadadialer - can't seem to locate the other two in the first list though.
These programs download themselves on your system during web browsing.  Then they place themselves in your startup, much like a virus, and when you're sound asleep, they dial into a server using your internet connection.  Once connected, who knows what they'll do (some just report statistics, others may do more harm).

I'd highly recommend a good firewall for your system.  www.zonelabs.com has one called ZoneAlarm - the 'lite' version is free (the Pro version costs $), but it's a very good product.

Thanx for the points.  Take care.

~sirbounty
0
 
LVL 15

Author Comment

by:namasi_navaretnam
ID: 10686807
Thanks again, You da man!!!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The Summer 2017 Scholarship Winners have been announced!
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question