Hi all, how's it going?

I found this site through google in my attempt to find what exactly is going on with my pc. I haven't been able to find any info as of yet.

The problem is only with Internet Explorer. When launching it, it spends about 10-12seconds "looking for www.google.co.uk" (as an example, that's my default start page)

This is not the case when using Firefox. I suspected spyware so I ran spybot S&D, and adaware. I'm using updated definitions as of today. An instance of ISTbar was found, but that was promptly removed. Following a reboot, I confirmed it's apparent removal by going through the registry and searching for instances. It also never popped up again on subsequent scans. I have done a thorough system scan.

I have also tried disabling add-ons in internet explorer as suggested in the computing.net forums, to no avail.

Does anybody have any ideas as to the cause of this?

Below is my HijackThis log. I am using microsoft's firewall and am behind my university's firewall. I can't use Zonealarm or agnitium as they interfere with some of my audio production applications.

Thanks for your help in advance.

Regards,

Reuben

------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:24:52 PM, on 12/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\System Tools\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Communications\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\System Tools\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Creative\Feature Mode Utility\CTAPR.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Communications\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\Downloads\Accessories\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=localhost:1080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Communications\GetRight\xx2gr.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Natural Voice Reader - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\NaturalReader\FreeVersion\NVRIEBar.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\System Tools\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Multimedia\AV\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\System Tools\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Communications\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Communications\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Communications\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Free NaturalReader.lnk = C:\Program Files\NaturalReader\FreeVersion\FreeReader.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Communications\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Communications\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {77AAD261-A84E-4564-BEC2-C51FF6A7187F} (MRActivXUI Class) - http://comp.mediaring.com/consumer/pcphone/ver6.1.2.0/wbaxuiph612.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\System Tools\Executive Software\Diskeeper\DkService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\tmproxy.exe

Recommended Answers

All 4 Replies

I'm not going to play around till I hear back from anybody, but going through the list, this does look suspicious:-

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB


What exactly is going on with this reference?

Hi blastique, welcome to DaniWeb :D

Sorry for the delay in replying to this; it appears to have gotten overlooked somehow.

Scan with HijackThis and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=localhost:1080
R3 - Default URLSearchHook is missing
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com...es/MsnPUpld.cab
O16 - DPF: {77AAD261-A84E-4564-BEC2-C51FF6A7187F} (MRActivXUI Class) - http://comp.mediaring.com/consumer/...wbaxuiph612.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/c...tail/DASAct.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
And these O17's if the IP address does not belong to your ISP:
O17 - HKLM\System\CCS\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21

Be sure to close all windows, other then hijackthis, before hitting Fix checked

You were correct about that O16 looking bad; you can always delete any O16's that look suspicious -- it won't hurt anything (I often suggest having HJT fix them all just because it's faster and easier then researching them). For more info about these entries, check here:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag

After you fix those entries with HJT, reboot, close any open browser windows, scan with HJT, and post a new log please.

Hi!

I was beginning to feel neglected and I thought maybe I broke a forum rule or something :o heehee

Thanks a lot for getting back to me. I have gone ahead and deleted the entries you told me to.

I'm pretty sure that:-

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com...es/MsnPUpld.cab

are legit as Cult3D is from the nokia website for viewing 3d renditions of their phone, and msn photo upload is used by hotmail. But is it possible for them to become infected? or are you saying that they are actually secret spyware? :eek: The other 3 definately look dodgy, and before you replied, I did try and remove the internationalze from the registry but it seems to have come back. Well, looks like it's gone this time.

The DNS entries are for my university LAN, i refuse to use dhcp and R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=localhost:1080 is for the tunnel proxy I use to get around their stupid blocks, but I deleted the proxy entry anyway.

Below is my logfile. Thanks so much for your help!

Oh, one other thing. ScanSpyware v3.8.0.4 picked up c:\windows\system32\atiphexx.exe as a trojan. I've researched it, and some websites say it's part of ATI's video card driver package. Anyhow, I renamed it to atiphexx.exea, and it doesn't seem to affect booting. (and yes, I do use an ATI card). Anyhow, your opinion on that matter would also be very appreciated.

Cheers mate!

-Reuben


Logfile of HijackThis v1.99.1
Scan saved at 6:47:46 PM, on 14/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\System Tools\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Communications\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\System Tools\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Feature Mode Utility\CTAPR.exe
C:\WINDOWS\System32\svchost.exe
I:\Downloads\Accessories\Spyware\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Communications\GetRight\xx2gr.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Natural Voice Reader - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\NaturalReader\FreeVersion\NVRIEBar.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\System Tools\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Multimedia\AV\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\System Tools\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Communications\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [CTFeatureModeUtility] C:\Program Files\Creative\Feature Mode Utility\CTModUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Communications\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Communications\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Free NaturalReader.lnk = C:\Program Files\NaturalReader\FreeVersion\FreeReader.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Communications\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Communications\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\System Tools\Executive Software\Diskeeper\DkService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\SYSTEM~1\TRENDM~1\INTERN~1\tmproxy.exe

ARGH, the connection delay is still present in ie, firefox normal as usual.

Could this have something to do with bluetooth? I noticed about a week ago that ie was asking me a lot if i'd like to connect via bluetooth (I just installed activesync to use with my mpx220 phone - which has gone back to the shop by the way... great usability, but sadly has a poor quality speaker, etc... phone) anyway, off topic there a bit! I removed "Bluetooth Connection" as one of the options from the "Dial-Up and Virtual Private Network Settings" box under the connections tab in internet properties, and I believe this was when I started to notice the unusual slowdowns.

Any idea if this is related?

Cheers

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.