About a week ago I noticed a profound slowdown in the speed of my web browser. The connection rate remained good, but the actual navigation of a webpage was sluggish, and typing in any textboxes crawled (hence why I am writing this in notepad before copying it).

I tried sifting through my system for any new programs that may have been downloaded, and eliminated quite a few spyware executables. However, the problem remains.

I've literally tried everything I can think of except a complete system format and reload (which I really don't want to do as I've broken my win2k disk and lost my antique modem drivers).

Does anyone have any idea how to help me?

My system is an old 500Mhz K6-3, with a Radeon 7200 card and 5gb HD. I'm running Win2k Pro.

Hi Walshicus, and welcome to the forums at http://www.pcguide.com/ubb/pcgubb.gif.

You did the right thing by starting with a spyware scan. I assume you used AdAware or Spybot S&D?

A virus or trojan could be eating up your bandwidth and cpu cycles when you get online. Try scanning for those as well. Look here (http://www.pcguide.com/vb/showthread.php?s=&threadid=15179).

A Hijack This (http://www.spywareinfo.com/~merijn/index.html) log might help us out. Instructions here (http://tomcoyote.org/hjt/).

I ran several virus and trojan scanners, which all came up negative. I downloaded the HijackThis! and StarupList programs. I'll paste their results below.

I am puzzled by this though. The slowdown only occurs to any significant degree when a text-input box is involved. The bigger the box the greater the slowdown (typical username entry sized boxes are sluggish but not unusable). Is it actually possible for the code used to display them being damaged? All non-internet input boxes work fine. I would attribute it to IE being broken, but I've tried different browsers, including the AOL browser.

Anyway, here is the HijackThis! log:

Logfile of HijackThis v1.94.0
Scan saved at 19:47:33, on 0208.14
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

O1 - Hosts: 66.250.171.136 auto.search.msn.com
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Go!Zilla\GoIEHlp.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Shell] C:\WINNT/DOWNLO~1/tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TVMD] C:\WINNT\TVMD.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll






And here is the StartupList log:

StartupList report, 0208.14, 19:28:11
StartupList version: 1.52
Started from : C:\Documents and Settings\Matthew Walsh\Desktop\startuplist\StartupList.EXE
Detected: Windows 2000 (WinNT 5.00.2195)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\loadqm.exe
C:\WINNT\TVMD.exe
C:\WINNT\System32\internat.exe
C:\Program Files\AOL 7.0\waol.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Documents and Settings\Matthew Walsh\Desktop\startuplist\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
Go!Zilla.lnk = C:\Program Files\Go!Zilla\gozilla.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
AtiPTA = atiptaxx.exe
LoadQM = loadqm.exe
NeroCheck = C:\WINNT\system32\NeroCheck.exe
RegTweak = C:\Program Files\Rage3DTweak\RegTwk.exe
LWBMOUSE = C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
Shell = C:\WINNT/DOWNLO~1/tray.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
AVGCtrl = C:\Program Files\AVPersonal\AVGNT.EXE /min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

internat.exe = internat.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Go!Zilla\GoIEHlp.dll - {CD4C3CF0-4B15-11D1-ABED-709549C10000}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 3,961 bytes
Report generated in 1.622 seconds

(no name) - C:\Program Files\Go!Zilla\GoIEHlp.dll - {CD4C3CF0-4B15-11D1-ABED-709549C10000}
Isn't Gozilla spyware? When you say you ran a check for spyware, was the program up to date and what was it?

Heh, nah I installed that a few minutes after I ran the spyware detector. I needed it to download the HALO 2 High Res trailer. Not enough bandwidth to download another download manager.

Close down all IE windows and have HJT fix the following...

O1 - Hosts: 66.250.171.136 auto.search.msn.com
O4 - HKLM\..\Run: [TVMD] C:\WINNT\TVMD.exe
"Secure commerce company that enables the ‘checkout’ process for our customers in order to safely and securely purchase our award winning software". Autointsalling spyware

These require a little more investigation....

O4 - HKCU\..\Run: [internat.exe] internat.exe

http://www.symantec.com/avcenter/venc/data/w32.ghotex.a.html

O4 - HKLM\..\Run: [Shell] C:\WINNT/DOWNLO~1/tray.exe

Unless this is a program you purposefully installed, it too is most likely a virus.....

All of them have been fixed, and yet the problem remains. I did a resource check, and even at the height of the slowdown, I'm left with a very comfortable CPU usage level.

Thanks very much for the help so far though. It's much appreciated.

Ok, now go into Internet Options and disable Active Scripting...(all of it, no, don't set it to prompt...disable it)

You sir, have solved it.

I really can't thank you enough. I would never have thought about Active Scripting. You've saved me from having to do a clean wipe of the entire system.

Ok....here is a little more elegant fix...

In IE:

1.Click Tools
2.Click Internet Options
3.Click Accessibility
Uncheck "Format documents using my style sheet"
(See if this is checked, it was for me, make sure before you uncheck to look at the path of the *.css file, mine was c:\windows\java\my.css)(I went to explorer and looked at the file and guess what date it had, June 10, BINGO!!!!)(I opened the my.css file and it had some eval running expression with a ton of numbers, I cannot figure out yet what it is doing but amazing)(I will get to the bottom of it as I am a programmer and will decode this file till death!!)
4.Click Ok
5.Click Ok
6. Now go to the c:\Windows directory were the file is and delete that *.css. (I am surprised that this was missed by Spybot)
7. Reboot!!

This fix is the result of a lot of hard work by a number of my friends over at Spywareinfo.com.

NeroCheck = C:\WINNT\system32\NeroCheck.exe

You do not need to have this running at bootup. I have this disabled and suffer no side effects.

Thanks a lot for this! The previous solution left me unable to run most Java applets, but this solves it moreso.

I'm glad to have been able to bring this to attention somewhat.