Help! My fonts look funnie and computer is slow

Now that you have Spybot, take advantage of the "Immunize" feature, and don't forget to update the definitions regularly. If you go into advanced mode, you can set it to check for updates when you run the program.

You will never "burden" anyone on the BBS with a legitimate question, and when someone takes the initiative to learn and fix their problems, like you just did, it makes all the typing worth it to us, every time!

Glad to hear things are much better and that you will be hanging around. Thanks for posting back and letting us know you were successful.

Johanna

ps Dave, you're awesome!

 

Wow! Alot happened while I slept. So glad to hear you found and flushed viruses! Should definitely help things run better. Is OE opening better now?

Your latest log looks clean. Make sure you have the latest version of Spybot, V 1.3, open it up and click immunize (to re-iterate what Johanna suggested) in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install and update. Click tools button then resident. Check the box for SD Helper. Then click IE Tweaks from the left and at the least, lock your hosts file.
Then download and install IESpyads.
That will give you an added layer of protection against unwanted parasites.

Jim, you did a great job of hanging in there, co-operating and following directions, allowing us to provide the assistance you needed. Your reward is a cleaner, better performing PC. Our reward is knowing that we helped. Tis a wonderful feeling!

ps Johanna, Thanks!

 

The Messenger service you are referring to is no doubt MSN Messenger. I see it is in your startups. The one I referred to, Windows Messenger, is a different animal. A link with more information about it. If you just disable rather than uninstall it, make sure it's not starting with OE like this. After reboot, open the task manager and by clicking options on it's toolbar, make sure always on top is selected. Click 'image name' on the processes tab to sort processes alphabetically. Open OE and watch for the process msmsgs.exe. If it starts, I recommend you run the uninstaller.

 

On Messenger . . .

I did as you said after reading the article. It is currently disabled according to the control panel / administrative tools / services. I did the task manager and opened OE and it did not appear. So I guess that may not be the problem. It's only a minor thing just irritating.

Thanks,
Jim in WV

 

OK Jim. Thanks for posting back. Check the IE/OE forum. The slow loading problem has been covered several times. Happy surfin'!

 

New problem!

My Sygate firewall just gave me a message that the LSA Executable has changed since the last time I used it and asked if I should let it connect. I was not on the net at the time but have 24-7 cable modem. I told it no - I went to google and googled LSA Executable and found references to the dreaded CoolWebSearch. Am I reinfected?
Jim

 

Post a log and we'll see.

 

Thanks for the quick reply!

Here's the log:
Jim
Logfile of HijackThis v1.97.7
Scan saved at 8:52:48 PM, on 6/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\VetMsgNT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\EXSHOW95.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINNT\system32\EXSHOW.EXE
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Iomega\Tools\Imgicon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Disk Utilities\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84 "
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "D:\Disk Utilities\Pop-Up Stopper\dpps2.exe "
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [Q828026] "C:\WINNT\INF\unregmp2.exe" /UpdateWMP
O4 - Global Startup: Iomega Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: twksup.lnk = D:\Disk Utilities\Tweak 3-1\twksup.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://peeper.axisinc.com/AxisCamControl.ocx
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://communities.msn.com/scr/MsnUpld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37883.8742824074
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BC26D98E-4F8E-11D4-B523-94ED45C04971} (PrintQuickActiveXSetup Class) - http://www.pqvalet.com/plugin/win/ie/printQuick.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/resources/neutral/controls/MsnPUpld.cab?4,0,1009,0
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

Lets hope there's nothing to fix!

 

Looks clean to me. Did you update anything since yesterday? Change any passwords?

 

The only thing . . .

I changed was to up the security level in IE\ tools\internet options\security. Would that have done it? It was suggested in an article I read.

Thanks again,
Jim in WV

 

Yep looks like you've ran an update or two thats all
RunOnce: [Q828026]

Its normal I believe and nothing to worry about

 

Thanks

I guess you live and learn. I hope I didn't ***** up by telling Sygate no. Everything seems to be running normally though. I guess I am a bit paranoid because that CoolWebSearch was so hard to get rid of. That's why I upped the security level. Thanks again to all. Hope to just be a lurker for a while! Have a great 4th of July!
Jim in WV