# [Resolved] troubles with IE

Discussion in 'Web & Email' started by guekko, Sep 22, 2003.

Not open for further replies.

Joined:
Sep 22, 2003
Messages:
27
Hi everyone.
Since several days, I have an error message when booting: "IEDLL has generated an error. You will have to restart the program". Besides, now, when I connect to the internet, most of the images are replaced by a blank white box with a red cross in it (that I can actually see by right clicking on it and clicking "show picture", but it is a bit annoying...).
I checked the security settings in the control panel. I also downloaded and run spybot, but nothing changes. Here is the Hijackthis log. Any ideas? Many many thanks in advance!
And thanks to all of you who contribute to this fabulous forum/site.

Logfile of HijackThis v1.97.2
Scan saved at 16:59:04, on 22/09/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\NTME\METHWNT.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME2\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINNT\System32\mspmspsv.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINNT\dslaunch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\Promon.exe
C:\WINNT\System32\TPWRTRAY.EXE
C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINNT\System32\internat.exe
C:\program files\GlobalDialer\tonex00052\339097.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\cwiltber\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr//
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\cwiltber\LOCALS~1\Temp\msfape.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME2\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /0
O4 - HKCU\..\Run: [iedll] C:\WINNT\iedll.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\339097.exe -remove
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
O4 - Global Startup: VPN Dialer (OnStartup).lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
O4 - Global Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www-int/www-int
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...com/opistat/activex/opinstall_fr_4.1.0.18.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3092476852
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8FF726B-4C1C-4EE6-B808-0C98F6E690E9}: NameServer = 10.0.0.1 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O19 - User stylesheet: c:\winnt\java\my.css

2. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
Hi guekko, and welcome to TSG..

IEDLL is actually a hijacker, so it needs to go, but first of all, could you go here and download, then run Coolwebshredder.

Then could you post a new log. There is more to go yet.

If you have problems doing that, then we'll get rid of the worst of it manually.

Cheers

Liam

Joined:
Sep 22, 2003
Messages:
27
Hi Liam,

Please let me know what else I can do to try to solve this.

Cheers
Chris

4. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
You're welcome guekko,

That was just the first problem to deal with. We'll now get the rest of it sorted out for you.

Note: Some of this will not be here, following CWS.

Could you please close all browser windows, "check to fix" the following, then click Fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/

O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} - C:\DOCUME~1\cwiltber\LOCALS~1\Temp\msfape.dll

O4 - HKCU\..\Run: [iedll] C:\WINNT\iedll.exe

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\tonex00052\339097.exe -remove

O4 - Startup: DLHelperEXE.exe

O4 - Global Startup: OfferCompanion.lnk = C:\Program Files\Gator.com\OfferCompanion\Offers.exe

O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing

O14 - IERESET.INF: START_PAGE_URL=http://www-int/www-int

O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/1...fr_4.1.0.18.cab

O19 - User stylesheet: c:\winnt\java\my.css

Then could you please reboot into safe mode, (see here for info on how to do this, if needed) and delete the following bolded files..

C:\WINNT\iedll.exe

C:\Program Files\Gator

Then if you could reboot in normal mode and go here, and follow the instructions to download and run Ispfix.

Then could you run Spybot S&D again, but first open, then press Settings, and Settings again. Go to the Webupdate section, and check "Display also available beta versions".

Now press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds marked RED.

Then could you reboot, and post a new HJT! log, just to check over. There is quite a bit there and I'd like to check to make sure it's all gone.

Sorry about having you reboot so many times, but it's vital that you do so, in order for Windows to update it's settings between procedures.

I'm off back to work now, but I'll see how you're doing with this a bit later on.

Cheers

Liam

Joined:
Sep 22, 2003
Messages:
27
Liam,

Thanks again, but I am no It expert, hardly a beginner. What do u mean by : "check to fix" the following, then click Fix ? How do I do this?
Sorry about this, but when it comes down to technical things, you better explain me like to would to a 6-year-old child (ok, say 8-year- old).

Cheers
Chris

6. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
No problem Chris,

I apologise in advance if this is too simplistic, but you've reminded me that when we post these instructions, we automatically assume that everyone has a working knowledge of computers.

Most people don't, and the onus should be on us to explain everything at a level that you can all understand. Thankyou for that.

Right then, Chris.. here we go..

When you run a Hijack log, and before you save it, you will notice that at the beginning of each line there is a small square box. If you click the box, a tick appears in it. This is what is referred to as "check to fix".

Once you have checked each item that I have picked out for you, being careful to only check those entries I have listed, you will see at the bottom left of the screen a Fix checked button. If you put your mouse cursor over this button, and left click, you are telling the Hijack program to fix those selected entries.

So what you need to do now Chris, is to run another Hijack this log, just as you did before, but instead of saving it, as you did to post here, you need to make sure that there is a tick mark at the beginning of each line, by going to each line in turn and clicking them, corresponding to the list I posted yesterday. Be careful to only check those items I selected for fixing.

Then when you are sure that you have checked each one, just click the Fix checked button at the bottom. This will fix those items.

I hope that helps. If you need any more help with this or the later instructions in my post, plaese don't hesitate to ask.

This is my dinner hour, so I'll check in about 5 hours, to see how you're getting on.

Cheers

Liam

Joined:
Sep 22, 2003
Messages:
27
Thanks Liam,

Your new explanations were most comprehensive.
I have now fixed the appropriate lines in HJT.

But trying to start in Safe Mode, I was blocked when it asked me my password (after the ctrl+alt+dlt thing), since my regular password when I start in the normal way did not work. So I am blocked at this stage.

On the positive side:
- the iedll.exe error message is gone
- I have the images back again when going on the internet !!!!!
(although my pc seems to be a little slower, either in setting up windows and in displaying the web pages)

So this is very GOOD NEWS !

Thank you so much so far.
Please let me know now if and how I should proceed with the rest of the medication.

Btw, sth I forgot in my former messages: all of a sudden, several weeks ago, I had this tonex00052 shortcut that appeared on my desk. I don't know where it comes from; I tried to remove it from the add/remove pgm window, but it keeps coming back everytime I reboot. Any idea?

Cheers
Chris

8. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
Hi Chris,

Yes, you definitely need to do the rest of it..

I generally recommend starting in safe mode, as there is a chance that in normal mode these files could be runing and therefore you will be unable to delete them.

I haven't heard of this password problem, but I'll try to find out how to get around it for you. In the meantime, you could try deleting them in normal mode, ie. with your computer booting in the normal way, and if they can be deleted then all's fine.

As far as the tonex shortcut goes, it is included in the fix. There are two entries that you fixed, one an 04 entry, the other an 016 entry, that both refer to Globaldialer. Now these are fixed, you should have no more problem.... but, again my apologies.. I missed a deletion.

When deleting the files (those ones I asked you to go into safe mode for, but may not have to) could you please locate and delete the following bolded folder..

c:\program files\GlobalDialer

..and delete that also.

If all this works in normal mode, then please carry on with the rest of my instructions, and when finished post a new HJT! log, and we can make sure that everything has gone.

I'll now find out what's hapening with the password protection, in case we need to go into safe mode.

Cheers

Liam

9. ### Rollin' Rog

Joined:
Dec 9, 2000
Messages:
45,855
Be sure to post another HijackThis Scanlog after rebooting to verify that the recomended deletions have in fact been removed. Sometimes executables, when in "startup" folders cannot be deleted with HijackThis, they must be manually deleted.

The password problem could be a knarly one. If you have set an Administrative password or a personal one, and it is not being recognized in Safe Mode, there are not any options that I know of other than to try to hack the security settings using 3rd party software.

I have no personal experience with any, but others have reported good results using this:

http://home.eunet.no/~pnordahl/ntpasswd

10. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
Thanks for the input Rog..

Cheers

Liam

Joined:
Sep 22, 2003
Messages:
27
Hi Liam,

I deleted the globaldialer folder.
Regarding the other ones:
- winnt\loader.exe : I found a winnt\osloader.exe Is is this one I have to remove?
- programfiles\gator: I found an iGator Is it this one I have to remove?
- iedll.exe : didn't find it; is it already removed?

Many thanks again for your very efficient help

Thanks to you as well Rog

Chris

12. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
Hi Chris,

No, leave osloader.exe alone. It looks as though the fix was enough to remove both.

I'm not convinced, although I have seen references to it by that name.

The best thing to do would be to carry on with the instructions I gave, if you haven't already, as Spybot will get rid of any gator references anyway.

Then once you have completed the ISPFix, and run Spybot, please post a new HJT! log, and I'll double check to make sure all the nasties have gone.

Cheers

Liam

Joined:
Sep 22, 2003
Messages:
27
Hi Liam,

I went thru all the sequence. Here is the final HJT log:

Logfile of HijackThis v1.97.2
Scan saved at 12:48:07, on 26/09/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\NTME\METHWNT.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME2\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINNT\Explorer.EXE
C:\WINNT\dslaunch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\Promon.exe
C:\WINNT\System32\TPWRTRAY.EXE
C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINNT\System32\internat.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\cwiltber\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr//
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME2\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
O4 - Global Startup: VPN Dialer (OnStartup).lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3092476852
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8FF726B-4C1C-4EE6-B808-0C98F6E690E9}: NameServer = 10.0.0.1 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com

Please let me know your comments. My PC seems now to be running quite fine. I still have a hard time believing it!

Chris

14. ### e-liam

Joined:
Jun 19, 2003
Messages:
1,242
Hi Chris,

Almost there..

Did you run the LSP fix?

What you now need to do is to fix this entry..

O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing

And then reboot and go here and download the program. Look for the line near the bottom of the page that looks like this..

lspfix.zip - includes the program and documentation..

Click on the link to download the zipped program, then unzip it as you did with HJT! Then run the program, and that should fix that.

When you've done that please post a final logfile just to check it's all done.

That should then be you all sorted out.

Cheers

Liam

Joined:
Sep 22, 2003
Messages:
27
That's strange, since I ran LSPfix before. Anyway, here is the final log, and the specified line seems to have gone:

Logfile of HijackThis v1.97.2
Scan saved at 19:57:15, on 26/09/2003
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\NTME\METHWNT.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME2\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINNT\System32\mspmspsv.exe
C:\LDClient\wuser32.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\dslaunch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\System32\Promon.exe
C:\WINNT\System32\TPWRTRAY.EXE
C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINNT\System32\internat.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\cwiltber\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr//
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME2\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\CCWasher\washer.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Inventory Scan.LNK = C:\LDClient\LDISCN32.EXE
O4 - Global Startup: VPN Dialer (OnStartup).lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3092476852
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8FF726B-4C1C-4EE6-B808-0C98F6E690E9}: NameServer = 10.0.0.1 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dublin.emea.iona.com,boston.amer.iona.com,sc.amer.iona.com,iona.com,apac.iona.com

Do you think this final log indicates that everything is corrected and running fine now?

Chris

As Seen On