1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] troubles with IE

Discussion in 'Web & Email' started by guekko, Sep 22, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    Hi everyone.
    Since several days, I have an error message when booting: "IEDLL has generated an error. You will have to restart the program". Besides, now, when I connect to the internet, most of the images are replaced by a blank white box with a red cross in it (that I can actually see by right clicking on it and clicking "show picture", but it is a bit annoying...).
    I checked the security settings in the control panel. I also downloaded and run spybot, but nothing changes. Here is the Hijackthis log. Any ideas? Many many thanks in advance!
    And thanks to all of you who contribute to this fabulous forum/site.

    Logfile of HijackThis v1.97.2
    Scan saved at 16:59:04, on 22/09/2003
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\Connected\CBRegCap.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINNT\system32\cba\pds.exe
    C:\WINNT\System32\NTME\METHWNT.EXE
    C:\WINNT\System32\NTME\brad32.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\SYSTEM32\THOTKEY.EXE
    C:\Program Files\TOSHIBA\TME2\Tmesbs3.exe
    C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\LDClient\wuser32.exe
    C:\WINNT\system32\cba\xfr.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\WINNT\Explorer.EXE
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\WINNT\dslaunch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\Promon.exe
    C:\WINNT\System32\TPWRTRAY.EXE
    C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\WINNT\System32\internat.exe
    C:\program files\GlobalDialer\tonex00052\339097.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\cwiltber\LOCALS~1\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr//
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\cwiltber\LOCALS~1\Temp\msfape.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME2\TMESBS3.EXE /logon
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /0
    O4 - HKCU\..\Run: [iedll] C:\WINNT\iedll.exe
    O4 - HKCU\..\Run: [loader] C:\WINNT\loader.exe
    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\339097.exe -remove
    O4 - Startup: DLHelperEXE.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    O4 - Global Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
    O14 - IERESET.INF: START_PAGE_URL=http://www-int/www-int
    O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_fr_4.1.0.18.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3092476852
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} (GVDLoad Control) - http://www.casinolux.com/dload/gvdload.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8FF726B-4C1C-4EE6-B808-0C98F6E690E9}: NameServer = 10.0.0.1 10.0.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O19 - User stylesheet: c:\winnt\java\my.css
     
  2. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi guekko, and welcome to TSG.. :)

    IEDLL is actually a hijacker, so it needs to go, but first of all, could you go here and download, then run Coolwebshredder.

    Then could you post a new log. There is more to go yet. :)

    If you have problems doing that, then we'll get rid of the worst of it manually.

    Cheers

    Liam
     
  3. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    Hi Liam,

    Many thanks for your concern and your help.
    Coolwebshredder has been downloaded and run.

    Please let me know what else I can do to try to solve this.

    Cheers
    Chris
     
  4. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    You're welcome guekko, :)

    That was just the first problem to deal with. We'll now get the rest of it sorted out for you. :)

    Note: Some of this will not be here, following CWS. (y)

    Could you please close all browser windows, "check to fix" the following, then click Fix.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/

    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\cwiltber\LOCALS~1\Temp\msfape.dll

    O4 - HKCU\..\Run: [iedll] C:\WINNT\iedll.exe

    O4 - HKCU\..\Run: [loader] C:\WINNT\loader.exe

    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\339097.exe -remove

    O4 - Startup: DLHelperEXE.exe

    O4 - Global Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe

    O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing

    O14 - IERESET.INF: START_PAGE_URL=http://www-int/www-int

    O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab

    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...fr_4.1.0.18.cab

    O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} (GVDLoad Control) - http://www.casinolux.com/dload/gvdload.cab

    O19 - User stylesheet: c:\winnt\java\my.css


    Then could you please reboot into safe mode, (see here for info on how to do this, if needed) and delete the following bolded files..

    C:\WINNT\iedll.exe

    C:\WINNT\loader.exe

    C:\Program Files\Gator

    Then if you could reboot in normal mode and go here, and follow the instructions to download and run Ispfix.

    Then could you run Spybot S&D again, but first open, then press Settings, and Settings again. Go to the Webupdate section, and check "Display also available beta versions".

    Now press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds marked RED.

    Then could you reboot, and post a new HJT! log, just to check over. There is quite a bit there and I'd like to check to make sure it's all gone. :)

    Sorry about having you reboot so many times, but it's vital that you do so, in order for Windows to update it's settings between procedures.

    I'm off back to work now, but I'll see how you're doing with this a bit later on. :)

    Cheers

    Liam
     
  5. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    Liam,

    Thanks again, but I am no It expert, hardly a beginner. What do u mean by : "check to fix" the following, then click Fix ? How do I do this?
    Sorry about this, but when it comes down to technical things, you better explain me like to would to a 6-year-old child (ok, say 8-year- old).

    Cheers
    Chris
     
  6. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    No problem Chris,

    I apologise in advance if this is too simplistic, but you've reminded me that when we post these instructions, we automatically assume that everyone has a working knowledge of computers.

    Most people don't, and the onus should be on us to explain everything at a level that you can all understand. Thankyou for that.

    Right then, Chris.. here we go.. :)

    When you run a Hijack log, and before you save it, you will notice that at the beginning of each line there is a small square box. If you click the box, a tick appears in it. This is what is referred to as "check to fix".

    Once you have checked each item that I have picked out for you, being careful to only check those entries I have listed, you will see at the bottom left of the screen a Fix checked button. If you put your mouse cursor over this button, and left click, you are telling the Hijack program to fix those selected entries.

    So what you need to do now Chris, is to run another Hijack this log, just as you did before, but instead of saving it, as you did to post here, you need to make sure that there is a tick mark at the beginning of each line, by going to each line in turn and clicking them, corresponding to the list I posted yesterday. Be careful to only check those items I selected for fixing. :)

    Then when you are sure that you have checked each one, just click the Fix checked button at the bottom. This will fix those items.

    I hope that helps. If you need any more help with this or the later instructions in my post, plaese don't hesitate to ask. (y) :)

    This is my dinner hour, so I'll check in about 5 hours, to see how you're getting on.

    Cheers

    Liam
     
  7. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    Thanks Liam,

    Your new explanations were most comprehensive.
    I have now fixed the appropriate lines in HJT.

    But trying to start in Safe Mode, I was blocked when it asked me my password (after the ctrl+alt+dlt thing), since my regular password when I start in the normal way did not work. So I am blocked at this stage.

    On the positive side:
    - the iedll.exe error message is gone
    - I have the images back again when going on the internet !!!!!
    (although my pc seems to be a little slower, either in setting up windows and in displaying the web pages)

    So this is very GOOD NEWS ! (y)

    Thank you so much so far.
    Please let me know now if and how I should proceed with the rest of the medication.

    Btw, sth I forgot in my former messages: all of a sudden, several weeks ago, I had this tonex00052 shortcut that appeared on my desk. I don't know where it comes from; I tried to remove it from the add/remove pgm window, but it keeps coming back everytime I reboot. Any idea?

    Cheers
    Chris
     
  8. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi Chris,

    Yes, you definitely need to do the rest of it.. :)

    I generally recommend starting in safe mode, as there is a chance that in normal mode these files could be runing and therefore you will be unable to delete them.

    I haven't heard of this password problem, but I'll try to find out how to get around it for you. In the meantime, you could try deleting them in normal mode, ie. with your computer booting in the normal way, and if they can be deleted then all's fine. (y)

    As far as the tonex shortcut goes, it is included in the fix. There are two entries that you fixed, one an 04 entry, the other an 016 entry, that both refer to Globaldialer. Now these are fixed, you should have no more problem.... but, again my apologies.. :( I missed a deletion.

    When deleting the files (those ones I asked you to go into safe mode for, but may not have to) :) could you please locate and delete the following bolded folder..

    c:\program files\GlobalDialer

    ..and delete that also.

    If all this works in normal mode, then please carry on with the rest of my instructions, and when finished post a new HJT! log, and we can make sure that everything has gone.

    I'll now find out what's hapening with the password protection, in case we need to go into safe mode. (y):)

    Cheers

    Liam
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Be sure to post another HijackThis Scanlog after rebooting to verify that the recomended deletions have in fact been removed. Sometimes executables, when in "startup" folders cannot be deleted with HijackThis, they must be manually deleted.

    The password problem could be a knarly one. If you have set an Administrative password or a personal one, and it is not being recognized in Safe Mode, there are not any options that I know of other than to try to hack the security settings using 3rd party software.

    I have no personal experience with any, but others have reported good results using this:

    http://home.eunet.no/~pnordahl/ntpasswd

    http://www.petri.co.il/forgot_administrator_password.htm
     
  10. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Thanks for the input Rog.. (y) :)

    Cheers

    Liam
     
  11. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    Hi Liam,

    I deleted the globaldialer folder.
    Regarding the other ones:
    - winnt\loader.exe : I found a winnt\osloader.exe Is is this one I have to remove?
    - programfiles\gator: I found an iGator Is it this one I have to remove?
    - iedll.exe : didn't find it; is it already removed?


    Many thanks again for your very efficient help(y) (y)


    Thanks to you as well Rog(y)

    Chris
     
  12. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi Chris,

    No, leave osloader.exe alone. It looks as though the fix was enough to remove both. (y) :)

    I'm not convinced, although I have seen references to it by that name.

    The best thing to do would be to carry on with the instructions I gave, if you haven't already, as Spybot will get rid of any gator references anyway.

    Then once you have completed the ISPFix, and run Spybot, please post a new HJT! log, and I'll double check to make sure all the nasties have gone. :)

    Cheers

    Liam
     
  13. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    Hi Liam,

    I went thru all the sequence. Here is the final HJT log:

    Logfile of HijackThis v1.97.2
    Scan saved at 12:48:07, on 26/09/2003
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\Connected\CBRegCap.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINNT\system32\cba\pds.exe
    C:\WINNT\System32\NTME\METHWNT.EXE
    C:\WINNT\System32\NTME\brad32.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\SYSTEM32\THOTKEY.EXE
    C:\Program Files\TOSHIBA\TME2\Tmesbs3.exe
    C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\LDClient\wuser32.exe
    C:\WINNT\system32\cba\xfr.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\dslaunch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\Promon.exe
    C:\WINNT\System32\TPWRTRAY.EXE
    C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\WINNT\System32\internat.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\cwiltber\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr//
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME2\TMESBS3.EXE /logon
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /0
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3092476852
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8FF726B-4C1C-4EE6-B808-0C98F6E690E9}: NameServer = 10.0.0.1 10.0.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com



    Please let me know your comments. My PC seems now to be running quite fine. I still have a hard time believing it!

    Chris
     
  14. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,242
    Hi Chris,

    Almost there.. (y) :)

    Did you run the LSP fix?

    What you now need to do is to fix this entry..

    O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing

    And then reboot and go here and download the program. Look for the line near the bottom of the page that looks like this..

    lspfix.zip - includes the program and documentation..

    Click on the link to download the zipped program, then unzip it as you did with HJT! Then run the program, and that should fix that.

    When you've done that please post a final logfile just to check it's all done.

    That should then be you all sorted out. (y) :)

    Cheers

    Liam
     
  15. guekko

    guekko Thread Starter

    Joined:
    Sep 22, 2003
    Messages:
    27
    That's strange, since I ran LSPfix before. Anyway, here is the final log, and the specified line seems to have gone:

    Logfile of HijackThis v1.97.2
    Scan saved at 19:57:15, on 26/09/2003
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\Connected\CBRegCap.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINNT\system32\cba\pds.exe
    C:\WINNT\System32\NTME\METHWNT.EXE
    C:\WINNT\System32\NTME\brad32.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\SYSTEM32\THOTKEY.EXE
    C:\Program Files\TOSHIBA\TME2\Tmesbs3.exe
    C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\LDClient\wuser32.exe
    C:\WINNT\system32\cba\xfr.exe
    C:\WINNT\system32\MsgSys.EXE
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\dslaunch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINNT\System32\Promon.exe
    C:\WINNT\System32\TPWRTRAY.EXE
    C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\WINNT\System32\internat.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\cwiltber\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr//
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
    O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME2\TMESBS3.EXE /logon
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /0
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
    O4 - Global Startup: VPN Dialer (OnStartup).lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
    O4 - Global Startup: BTTray.lnk = C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3092476852
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8FF726B-4C1C-4EE6-B808-0C98F6E690E9}: NameServer = 10.0.0.1 10.0.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com

    Do you think this final log indicates that everything is corrected and running fine now?

    Chris
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166598

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice