When I access the internet , especially my Freeserve home page, the mouse and arrow keys respond very SLOWLY to the extent that I cannot really surf at all. This problem has only just reared its head in the past two weeks - I swapped to my spare drive and this ran Ok for several days and then started to respond in the same way.
My system is Toshiba 440CDT laptopW98, 133 chip, 80mb ram,IE 5 - I have tried updating to IE 6 but the problem is still there.Virus scans detect nothing!!
I thought it was a problem in IE 5 but I cannot access the repair option as IE does not show under add/delete programs from control panel.
Can anyone help please as I am currently researching fo a charitable body and time is deperate. - Note I am typing this from my main computer that is running ME and I have not had a problem.

It has the hallmark of a virus , try again .

Online Virus check ( free )

http://housecall.antivirus.com/

http://www.coledata.com/virusalert.htm

http://www.cybertechhelp.com/html/misc/av.php

http://www.pandasoftware.es/activescan/activescan-com.asp

I would also check for a trojan. Here is a 30 day trial version of the cleaner.
http://www.moosoft.com/thecleaner/index.php

My browser gives the message "Unable to
display page" whenever I enter any URL.

Enclosed is the hijackthis log file.

Kindly diagonize.

Logfile of HijackThis v1.96.1
Scan saved at 3:46:01 PM, on 8/20/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT
OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
N1 - Netscape 4:
user_pref("browser.startup.homepage",
"scrk.com"); (C:\Program
Files\Netscape\Users\iyengar\prefs.js)
O2 - BHO: Yahoo! Companion BHO -
{13F537F0-AF09-11d6-9029-0002B31F9E59} -
C:\PROGRAM
FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL__SpybotSDDisabled
(file missing)
O2 - BHO: (no name) -
{b95f1480-ca8b-11d7-97f2-444553540000} -
C:\WINDOWS\APPLICATION
DATA\BLZUQOOCHFR.DLL__SpybotSDDisabled (file
missing)
O2 - BHO: (no name) -
{6af3a920-cea8-11d7-97f2-e6af953fe90f} -
C:\WINDOWS\APPLICATION
DATA\BLZUQOOCHST.DLL__SpybotSDDisabled (file
missing)
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: ! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRAM
FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile]
Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect]
C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect]
C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - Startup: Office Startup.lnk = C:\Program
Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk =
C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE
O6 -
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O6 -
HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show
Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger
(HKLM)
O9 - Extra button: Anupama (HKLM)
O16 - DPF:
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF:
{D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF:
{6BD4FB43-470E-11D2-B99D-00104B02C956}
(AtDownloadIE Class) -
http://cadkey.webex.com/client/webex/atbootie.cab
O16 - DPF:
{8D8972A9-FFFA-11D4-9CC7-00902761BD36}
(JSControl Class) -
http://202.54.1.89/dev/cab/jscntrl.cab
O16 - DPF:
{7D1E9C49-BD6A-11D3-87A8-009027A35D73}
(Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF:
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
(! Companion) -
http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF:
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF:
{DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF:
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE}
(TDServer Control) -
http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF:
{166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF:
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF:
{FC327B3F-377B-4CB7-8B61-27CD69816BC3} -
http://www.getweathercast.com/WeatherAutoCAST0010.cab
O16 - DPF: Yahoo! Chat 1.3 -
http://cs5.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF:
{9F1C11AA-197B-4942-BA54-47A8489BB47F}
(Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37816.8710185185
O16 - DPF:
{AE1C01E3-0283-11D3-9B3F-00C04F8EF466}
(HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF:
{6EB5B540-1E74-4D91-A7F0-5B758D333702}
(nCaseInstaller Class) -
http://bis.180solutions.com/activexinstallers/410/nCaseInstaller.cab
O16 - DPF:
{E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
http://www.getweathercast.com/WUInstCAST.cab

http://www.spywareinfo.com/articles/whazit/

http://wizardsofwebsites.com/hjt.html

More here .

http://www.spywareinfo.com/bhos/

http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

---------

http://www.spywareinfo.com/articles/hijacked/

1.The very first thing you need to do is download and run HijackThis. Put a check mark next to every search and start page setting it lists which you haven't put there yourself and choose fix. Do the same for any hosts file entries. If it lists anything as O5, O6, or O7*, fix those as well. Please ask for advice at the forums before using HijackThis to change anything else.

*Note: Spybot S&D, Start Page Guard, Settings Sentry, and similar programs may provide options to lock settings against unauthorized changes. If you have these options enabled, HijackThis will detect that as a restrictions hijack. Disable those options before scanning with HijackThis.

2. Second, you have to get Internet Options back into the control panel. Do a file search and look for a file named "control.ini". Open it in Notepad. You may see something like this:

[don't load]
inetcpl.cpl=yes

Delete the "inetcpl.cpl=yes" line under "[don't load]". Save and close the file, then try control panel again. If it's still not there, restart your machine and it should be there.

For Windows 2000 and XP, you will need to edit the registry to do this. Go to the start menu > RUN command > type REGEDIT and press enter. Navigate through the registry keys until you get to HKEY_CURRENT_USER\Control Panel\don't load\. Look and see if inetcpl.cpl is listed. If it is, delete the entry for it and log off.

See the list at the bottom of this page to identify other entries. Thanks to Corné de Leeuw for this information.

3.Run a search on your hard drive for any files ending with *.hta or *.js. If you find any, open them in notepad or some other text editor and look for the URLs that you have been hijacked to. Any file with those URLs, delete them. Also delete all *.tmp files on your drive; some of them contain malicious code (for e.g. browser hijacks or malware (re)installations). Besides, deleting *.tmp files doesn't hurt, unlike dll's which are also used sometimes for this purpose. (Thanks to cexx.org for the additional info in this step).

4.HijackThis will list any BHO installed on your computer. Check the BHOs listed against the list of all known BHOs mainained at this site by a member of our support forums. If you find one listed as some sort of spyware/malware/hijackware, run HijackThis again and find that BHO in the list. Check its box and have HT fix it.

If you find a BHO that is not included in the list, please make a post in the Browser Hijackings section of our support forums with the HijackThis log pasted in along with an explanation of your problem. Please wait for replies before deleting this BHO, as it may be a new one which I can have added to various spyware/malware cleaning programs. It may also be an innocent file that is not causing your problem, so please wait for advice before deleting it.

5.Now you need to see if there is a startup entry for your hijacker file. The next time you reboot, the hijack might possibly come right back. The reason for this is most likely an entry in the run section of the registry.

If you have fixed your hijack, only to have it return the next time you restart your computer or log on, it means that something is loading at startup that is reinstating the hijack. Open HijackThis again. Press "Config" > "Miscellaneous Tools", and press "Generate Startuplist Log". This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more. Check the entries listed against Pacman's List. If you find entries in your log that are not listed, you can report them at the forums.

Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes will take effect. Some changes may even require a log off or even a reboot before they have any effect.