1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help

Discussion in 'Web & Email' started by cat_uk, Jan 27, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. cat_uk

    cat_uk Thread Starter

    Joined:
    Jan 27, 2005
    Messages:
    2
    Hi All.....i hope someone can help im pulling my hair out now, everytime i try o open internet explorer 6 i get the message saying it has encountered a problem and must close, i have had advice from numerous people about spyware, viruses ...ect, i have tried all the scanning programes and no virus..no spyware...nowt........tried to reinstal IE6 still the same problem......i now only have 6 hairs left on my head.....

    Cat
    :mad:
     
  2. dugq

    dugq

    Joined:
    Jul 16, 2004
    Messages:
    2,653
  3. cat_uk

    cat_uk Thread Starter

    Joined:
    Jan 27, 2005
    Messages:
    2
    Heres the log file :-




    Logfile of HijackThis v1.99.0
    Scan saved at 12:50:51 AM, on 1/28/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\BigFix.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\update\update.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\DOCUME~1\TONYMI~1.000\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\8E6G4NSF\stinger[1].exe
    C:\PROGRA~1\PCRescue\PCRescue.exe
    C:\DOCUME~1\TONYMI~1.000\LOCALS~1\Temp\Rar$EX00.602\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cintek.com/search.shtml
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cintek.com/default.shtml
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cintek.com
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = E:\Program Files\BigFix.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\Msjava.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.cintek.com/default.shtml
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA9AEFE3-1D04-442C-838D-22EA30D2808D}: NameServer = 194.72.9.34 194.74.65.68
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  4. dr20

    dr20

    Joined:
    Apr 11, 2003
    Messages:
    1,649
    Hi cat_uk,

    First download these three programs but don’t run them yet. Just install Spybot and Adaware, open them and update the programs.

    CWShredder:
    http://cwshredder.net/bin/CWShredder.exe

    Adaware:
    http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

    Spybot:
    http://www.majorgeeks.com/download3957.html

    Now you need to boot up into Safe Mode.

    How to boot up into Safe Mode:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    In Safe Mode you can run those three programs in this order:

    CWShredder
    Adaware
    Spybot

    With Adaware though before proceeding please configure it the following way:

    Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Scanning Engine:
    check: "Unload recognized processes during scanning."

    Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Cleaning Engine:
    Check: "Let Windows remove files in use at next reboot."

    Press 'Proceed'

    Press 'Start'

    Select option 'Use Custom scanning options'
    Click 'Activate in-depth scan'
    Press 'Select drives\folders to scan' Select the active partition which is usually C:
    Click Customize
    Make the following are all are Checked
    Scan Within Archives'
    Scan Active Processes'
    Scan Registry'
    Deep Scan Registry'
    Scan My IE Favorites For Banned URL'S
    Scan My Hosts File'

    Click Proceed

    After you’re finished running those programs while still in Safe Mode open up Hijack This and check to remove the entries below. Make sure Hijack This is in its own folder and in a permanent location because it creates a backup of what you take out:

    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll

    O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll

    O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)

    O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Now to go the Start button > Search for Files or Folders and type in or paste the following files and delete them when they come up:

    BTGrab.dll
    rsyncmon.dll
    IETie.dll
    netsync.exe

    When you’re all finished boot up normally and repost a new log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324127

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice