View Full Version : problem with internet explorer
nylonelyguy
June 27th, 2003, 04:59 PM
hello there,
this is my first time here, and i hope it wont be the last. i really liked what i saw here. i hope to learn alot from you guys and help when i can. ok, the problem is that everytime i click on internet explorer icon, it takes a while to load. after it loads, if im borwsing within the same window everythign is fine, but when i click on an link that will require to open new browser, the same problem happends again and it takes time to load. add to that pops up keep make it slow when they load at the same time. this problem just started couple days ago and i cant figure it out.
if anyone of u guys have a suggestion, let me know. thanx again:cool:
twistedcranium
June 27th, 2003, 06:11 PM
I'm not terribly experienced with MS Internet Explorer ( I use it as little as possible) but the first thing that I would try would be to empty out the 'Temporary Internet Files' folder and maybe the 'History'. Sometimes these files, especially those in the temporary internet files folder , can get to take up a lot of hard-drive space. If the browser has to look through these files, depending on your cache settings, each time it starts up, this could slow the process.
After that, I would then ensure that I have the most recent version (or patches) of the browser. The thinking there...maybe they fixed a bug that could cause a slow start up.
Alternatively, I think MS has a repair function for Internet Explorer, try that out.
Beyond that....someone else will come along here with some good suggestions.
tb525
June 27th, 2003, 07:01 PM
Let's look to see if there is any unwanted 'malware' causing this.
Download 'Hijack This!'. http://www.spywareinfo.com/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply
nylonelyguy
June 27th, 2003, 07:01 PM
THANX FOR the respond.
well i dont think it has anything with Temp files, plus i created a bat. file that delete these files. and about the repair in MS explorer, i tried that, and still didnt help. u pointed to the cache. i think thats a good idea, im just not sure how to enable the browser to use more cache. if you have any idea, please let me know.
thanx
twistedcranium
June 27th, 2003, 07:15 PM
This is set of steps for find the cache settings in IE 6 (if using another version it may differ slightly)
-In IE select TOOLS and then OPTIONS
-on the GENERAL tab under TEMPORARY INTERNET FILES there should be a button for SETTINGS, click that and then you'll see a slider to adjust the amount of disk space to use for the cache.
(Sorry, I say 'cache' because I use Mozilla, IE calls it the Temporary Internet Files folder.)
These probably aren't the causes though, but they were good quick things to check....sounds like tb525 has the next steps for ya!
nylonelyguy
June 27th, 2003, 08:48 PM
Logfile of HijackThis v1.95.0
Scan saved at 3:39:44 PM, on 6/27/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\WINNT\LogWatNT.exe
C:\WINNT\System32\Promon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\WINNT\System32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE
C:\DOCUME~1\ADMINI~1\APPLIC~1\dgrczoft.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\uptodate.exe
C:\Documents and Settings\rcenter\Local Settings\Temp\uwhC.exe
C:\WINNT\System32\SahAgent.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\OWMngr.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CASPR\LibraryWorld Silver 3.0\LibraryWorld Silver.exe
C:\WINNT\system32\notepad.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\rcenter\Desktop\abdo\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://10.1.1.53/newtis/RSieDefault.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.scmb.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.scmb.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=10.8.47.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=10.*
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
O1 - Hosts: 207.44.240.65 ads.x10.com
O1 - Hosts: 207.44.240.65 images.x10.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
O1 - Hosts: 207.44.240.65 images.trafficmp.com
O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net
O1 - Hosts: 207.44.240.65 ads.specificpop.com
O1 - Hosts: 207.44.240.65 ads.specificclick.com
O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 media1.fastclick.net
O1 - Hosts: 207.44.240.65 media19.fastclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media29.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
O1 - Hosts: 207.44.240.65 www.satellitepop.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 z1.adserver.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 servedfor.valuead.com
O1 - Hosts: 207.44.240.65 banners.valuead.com
O1 - Hosts: 207.44.240.65 img.mediaplex.com
O1 - Hosts: 207.44.240.65 ln.doubleclick.net
O1 - Hosts: 207.44.240.65 m2.doubleclick.net
O1 - Hosts: 207.44.240.65 m.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.doubleclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 popuptraffic.com
O1 - Hosts: 207.44.240.65 leader.linkexchange.com
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 iv.doubleclick.net
O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
O1 - Hosts: 207.44.240.65 a.tribalfusion.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll (file missing)
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\ipinsigt.dll
O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\mpz300.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINNT\System32\SbSrch_V22.dll
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\Program Files\Xupiter\XTUpdate.dll (file missing)
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINNT\System32\btiein.dll
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - c:\Program Files\Flt\Flt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Program Files\Xupiter\XupiterToolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [fithfr] C:\DOCUME~1\ADMINI~1\APPLIC~1\dgrczoft.exe -QuieT
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINNT\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O9 - Extra button: Browser Pal Toolbar (HKLM)
O9 - Extra button: Popup Eliminator (HKLM)
O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} (BHO.clsUrlSearch) - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/036f5b08e2cfeaa18719/netzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.trinsic.org/download_serial.exe
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37627.3603819444
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/xt/install/XupiterToolbarLoader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/download/setup/pcpowerscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
TonyKlein
June 27th, 2003, 09:00 PM
Wooo, this is one seriously compromised computer... :rolleyes:
I think you ought to do the following:
Download Spybot - Search & Destroy (http://www.tomcoyote.org/SPYBOT//)
After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.
That ought to get rid of most of your spyware.
When you've done all that, run Hijack This again, and give us a fresh log.
Good luck,
nylonelyguy
June 27th, 2003, 09:43 PM
you guys are the best lol!
you know all this time i had a feeling it was spywares, but i thought i got rid of them, i did run some spyware software before and didnt find much. however, i did went to the registry and removed some of the spywares, but i guess they are really spy, they know how to hide good.
after i ran the program i saw some of the spywares, when i tried to removed the, it said that it cant remove all them cuz some of them are still associate with some application, but i ll know how to find them and get rid of them as long i know what they are.
i just ran hijack again. and i ll show u the log. one more question, are u able to fix the problem on hijakthis.
oh i forget to tell u, after i removed the some of these spywares, the browser picked up some speed and it is much better than before, but still need some work, i really appriciate ur help guys.
two thumps up lool
Logfile of HijackThis v1.95.0
Scan saved at 4:31:10 PM, on 6/27/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\WINNT\LogWatNT.exe
C:\WINNT\System32\Promon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\WINNT\System32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE
C:\DOCUME~1\ADMINI~1\APPLIC~1\dgrczoft.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\uptodate.exe
C:\Documents and Settings\rcenter\Local Settings\Temp\uwhC.exe
C:\WINNT\System32\SahAgent.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\OWMngr.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CASPR\LibraryWorld Silver 3.0\LibraryWorld Silver.exe
C:\Documents and Settings\rcenter\Desktop\abdo\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://10.1.1.53/newtis/RSieDefault.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.scmb.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.scmb.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=10.8.47.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=10.*
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
O1 - Hosts: 207.44.240.65 ads.x10.com
O1 - Hosts: 207.44.240.65 images.x10.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
O1 - Hosts: 207.44.240.65 images.trafficmp.com
O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net
O1 - Hosts: 207.44.240.65 ads.specificpop.com
O1 - Hosts: 207.44.240.65 ads.specificclick.com
O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 media1.fastclick.net
O1 - Hosts: 207.44.240.65 media19.fastclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media29.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
O1 - Hosts: 207.44.240.65 www.satellitepop.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 z1.adserver.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 servedfor.valuead.com
O1 - Hosts: 207.44.240.65 banners.valuead.com
O1 - Hosts: 207.44.240.65 img.mediaplex.com
O1 - Hosts: 207.44.240.65 ln.doubleclick.net
O1 - Hosts: 207.44.240.65 m2.doubleclick.net
O1 - Hosts: 207.44.240.65 m.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.doubleclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 popuptraffic.com
O1 - Hosts: 207.44.240.65 leader.linkexchange.com
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 iv.doubleclick.net
O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
O1 - Hosts: 207.44.240.65 a.tribalfusion.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINNT\System32\SbSrch_V22.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINNT\System32\btiein.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O9 - Extra button: Browser Pal Toolbar (HKLM)
O9 - Extra button: Popup Eliminator (HKLM)
O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/036f5b08e2cfeaa18719/netzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37627.3603819444
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/download/setup/pcpowerscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
TonyKlein
June 27th, 2003, 10:04 PM
Hmmm, are you sure you updated SpyBot before having it scan your drives?
In Hijack This, check ALL of the following items. Doublecheck so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.
You NEED to restart your computer when you're done.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://10.1.1.53/newtis/RSieDefault.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.scmb.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.scmb.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
ALL O1 - Hosts: 207.44.240.65 items!
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINNT\System32\SbSrch_V22.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINNT\System32\btiein.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O9 - Extra button: Browser Pal Toolbar (HKLM)
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/036f5b08e2cfea...tzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
After rebooting, delete:
The C:\WINNT\uptodate.exe file
C:\WINNT\System32\SahAgent.exe
The C:\Program Files\Internet Washer folder
The C:\WINNT\System32\OWMngr.exe file.
Cheers,
nylonelyguy
June 27th, 2003, 10:17 PM
HI , im back, i wanted to tell you guys that now IE works faster than before, thanx alot, here is a new log.
i was wondering if i can remove any of these, cuz i wasnt sure how to use hijackthis.
016
Logfile of HijackThis v1.95.0
Scan saved at 5:06:58 PM, on 6/27/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE
C:\TNGRCO\RCOService.exe
C:\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\WINNT\LogWatNT.exe
C:\WINNT\System32\Promon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\WINNT\System32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\uptodate.exe
C:\WINNT\System32\SahAgent.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\OWMngr.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\rcenter\Desktop\abdo\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://10.1.1.53/newtis/RSieDefault.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.scmb.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=10.8.47.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=10.*
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINNT\System32\SbSrch_V22.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINNT\System32\btiein.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O9 - Extra button: Browser Pal Toolbar (HKLM)
O9 - Extra button: Popup Eliminator (HKLM)
O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/036f5b08e2cfeaa18719/netzip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37627.3603819444
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/download/setup/pcpowerscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
tb525
June 28th, 2003, 04:05 AM
It appears that you missed quite a bit that Tony listed. Run HijackThis again and place a check in the box next to the following entries and click 'Fix Checked' and Reboot.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://10.1.1.53/newtis/RSieDefault.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.scmb.com/searchbar.html
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINNT\System32\SbSrch_V22.dll
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - C:\WINNT\System32\NetPal.dll (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINNT\System32\btiein.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINNT\System32\SahAgent.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [OWMngr] C:\WINNT\System32\OWMngr.exe
O9 - Extra button: Browser Pal Toolbar (HKLM)
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
O16 - DPF: {53E10C2C-43B2-4657-BA29-AAE179E7D35C} - http://www.adsrvr.com/auth/IE_InstllC.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/036f5b08e2cfea...tzip/RdxIE2.cab
After rebooting, delete:
The C:\WINNT\uptodate.exe file
The C:\WINNT\System32\SahAgent.exe file
The C:\Program Files\Internet Washer folder
The C:\WINNT\System32\OWMngr.exe file.