Thread: IE6 Application start slow on XP_sp2
View Single Post
  #5  
Old 01-05-2006, 04:38 PM
Jonno
 
Posts: n/a
Default Re: IE6 Application start slow on XP_sp2
Paxi, just in case you've tagged this thread, I note you have npdocbox in you
HJT log. I would not profess to be an expert, but that can certainly go.

I don't know why the MVP's are so down on HJT logs. I would have thought
any communication which helps to compbat spyware is useful.

"paxi_9@yahoo.com" wrote:

> Hi,
>
> Herewith I am sending 3 different "HijackThis" reports. (1) taken
> before IE6 started (2) talen after IE6 started without dialup net
> connection (3) taken after IE started with dialup net connection.
>
> (1) taken before IE6 started :-
> *******************************
> Logfile of HijackThis v1.99.1
> Scan saved at 3:47:19 AM, on 04/12/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> D:\Progra~1\SYMANT~1\DefWatch.exe
> D:\Progra~1\SYMANT~1\Rtvscan.exe
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\WINDOWS\Explorer.EXE
> D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
> D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> D:\Progra~1\SYMANT~1\vptray.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Messenger\msmsgs.exe
> D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Documents and
> Settings\Padma\Desktop\downloads-file-328\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: QAPHlprObj Class - {297caf50-e4f7-11d1-a380-00600896eccc} -
> d:\PROGRA~1\Segue\SilkTest\qaphlpr.dll (file missing)
> O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} -
> C:\WINDOWS\system32\BHOManager.dll
> O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
> C:\Program Files\Yahoo!\Common\yiesrvc.dll
> O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
> - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -
> D:\PROGRA~1\STARDO~1\SDIEInt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar2.dll
> O4 - HKLM\..\Run: [Zone Labs Client]
> D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
> O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft
> AntiSpyware\gcasServ.exe"
> O4 - HKLM\..\Run: [vptray] D:\Progra~1\SYMANT~1\vptray.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O8 - Extra context menu item: &Google Search - res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O8 - Extra context menu item: Backward Links - res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: Download with Star Downloader -
> D:\Program Files\Star Downloader\sdie.htm
> O8 - Extra context menu item: Similar Pages - res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
> O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
> Files\Yahoo!\Common/ycmap.htm
> O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
> Files\Yahoo!\Common/ycsms.htm
> O9 - Extra button: Yahoo! Services -
> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
> Files\Yahoo!\Common\yiesrvc.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - (no
> file)
> O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
> O18 - Protocol: vfsp - (no CLSID) - (no file)
> O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
> O23 - Service: DefWatch - Symantec Corporation -
> D:\Progra~1\SYMANT~1\DefWatch.exe
> O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
> Symantec Corporation - D:\Progra~1\SYMANT~1\Rtvscan.exe
> O23 - Service: OracleOraHome81ClientCache - Unknown owner -
> D:\progra~1\Oracle\Ora81\BIN\ONRSD.EXE
> O23 - Service: OracleOraHome81TNSListener - Unknown owner -
> D:\progra~1\Oracle\Ora81\BIN\TNSLSNR.exe
> O23 - Service: OracleServicePADMAXI - Oracle Corporation -
> d:\progra~1\oracle\ora81\bin\ORACLE.EXE
> O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
>
>
>
> (2) talen after IE6 started without dialup net connection :-
> ************************************************** *************
> Logfile of HijackThis v1.99.1
> Scan saved at 3:48:04 AM, on 04/12/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> D:\Progra~1\SYMANT~1\DefWatch.exe
> D:\Progra~1\SYMANT~1\Rtvscan.exe
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\WINDOWS\Explorer.EXE
> D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
> D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> D:\Progra~1\SYMANT~1\vptray.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Messenger\msmsgs.exe
> D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Documents and
> Settings\Padma\Desktop\downloads-file-328\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: QAPHlprObj Class - {297caf50-e4f7-11d1-a380-00600896eccc} -
> d:\PROGRA~1\Segue\SilkTest\qaphlpr.dll (file missing)
> O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} -
> C:\WINDOWS\system32\BHOManager.dll
> O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
> C:\Program Files\Yahoo!\Common\yiesrvc.dll
> O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
> - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -
> D:\PROGRA~1\STARDO~1\SDIEInt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar2.dll
> O4 - HKLM\..\Run: [Zone Labs Client]
> D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
> O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft
> AntiSpyware\gcasServ.exe"
> O4 - HKLM\..\Run: [vptray] D:\Progra~1\SYMANT~1\vptray.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O8 - Extra context menu item: &Google Search - res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O8 - Extra context menu item: Backward Links - res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: Download with Star Downloader -
> D:\Program Files\Star Downloader\sdie.htm
> O8 - Extra context menu item: Similar Pages - res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
> O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
> O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
> Files\Yahoo!\Common/ycmap.htm
> O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
> Files\Yahoo!\Common/ycsms.htm
> O9 - Extra button: Yahoo! Services -
> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
> Files\Yahoo!\Common\yiesrvc.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - (no
> file)
> O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
> O18 - Protocol: vfsp - (no CLSID) - (no file)
> O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
> O23 - Service: DefWatch - Symantec Corporation -
> D:\Progra~1\SYMANT~1\DefWatch.exe
> O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
> Symantec Corporation - D:\Progra~1\SYMANT~1\Rtvscan.exe
> O23 - Service: OracleOraHome81ClientCache - Unknown owner -
> D:\progra~1\Oracle\Ora81\BIN\ONRSD.EXE
> O23 - Service: OracleOraHome81TNSListener - Unknown owner -
> D:\progra~1\Oracle\Ora81\BIN\TNSLSNR.exe
> O23 - Service: OracleServicePADMAXI - Oracle Corporation -
> d:\progra~1\oracle\ora81\bin\ORACLE.EXE
> O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
>
>
>
> (3) taken after IE started with dialup net connection.:-
> ************************************************** *********
>
> Logfile of HijackThis v1.99.1
> Scan saved at 3:49:39 AM, on 04/12/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> D:\Progra~1\SYMANT~1\DefWatch.exe
> D:\Progra~1\SYMANT~1\Rtvscan.exe
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\WINDOWS\Explorer.EXE
> D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
> D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> D:\Progra~1\SYMANT~1\vptray.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Messenger\msmsgs.exe
> D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Documents and
> Settings\Padma\Desktop\downloads-file-328\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: QAPHlprObj Class - {297caf50-e4f7-11d1-a380-00600896eccc} -
> d:\PROGRA~1\Segue\SilkTest\qaphlpr.dll (file missing)
> O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} -
> C:\WINDOWS\system32\BHOManager.dll
> O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
> C:\Program Files\Yahoo!\Common\yiesrvc.dll
> O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
> - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -
> D:\PROGRA~1\STARDO~1\SDIEInt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar2.dll
> O4 - HKLM\..\Run: [Zone Labs Client]
> D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
> O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft
> AntiSpyware\gcasServ.exe"
> O4 - HKLM\..\Run: [vptray] D:\Progra~1\SYMANT~1\vptray.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O8 - Extra context menu item: &Google Search - res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
> Files\Yahoo!\Common/ycsrch.htm
> O8 - Extra context menu item: Backward Links - res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: Download with Star Downloader -
> D:\Program Files\Star Downloader\sdie.htm
> O8 - Extra context menu item: Similar Pages - res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
> O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
> Files\Yahoo!\Common/ycdict.htm
Reply With Quote