Sticky IE 6

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
C

cubbycuddly

Thread Starter
Joined
Dec 1, 2001
Messages
230
Hi,

I have IE 6 and for the last two days it has not been working well.
Whenever I type in a search engine or information on websites etc etc and then click go or continue that is the point where IE will either stop responding or will become "sticky" it goes totally iffy. It sometimes will start responding after 10 seconds or so. My screensaver goes and I get a white screen, needing to press a button to return it.I've had a virus lately(not sure if that is relevant) which I have managed to disinfect completely. Windows explorer. exe was one of the files that was infected. I'm not sure whether I will be able to post this because of the problem described but here goes.

Cubbycuddly
 
Del

Del

Joined
Aug 31, 2001
Messages
3,452
Have you tried going to Start > Settings > Control Panel and highlight Microsoft Internet Explorer and INternet Tools then click repair.
What Operating System are you running?
 
AbvAvgUser

AbvAvgUser

Joined
Oct 3, 2002
Messages
2,281
It is very likely that Win Explorer and IE uses some common .dll files and that they are corrupt because of the virus.

Is Win Explorer or Windows in general is giving you more errors since you have cleaned the virus?
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
You'll also want to do some housekeeping:

Go to Internet Options > General tab, Temporary Internet Files, and choose "delete files".

Also press "Delete History".

Now go to the Content tab > Autocomplete, and hit "Clear Forms".

Press OK. And Repairing IE is indeed a good next step.
 
C

cubbycuddly

Thread Starter
Joined
Dec 1, 2001
Messages
230
Hi,

I have deleted temporary internet files,autocomplete and history and also repaired IE. All of which didn't make any difference. I previously had IE 5, I installed version 6 hoping that my solve it but no unfortunately.

My operating system is Windows ME.

I was told when my recent virus affected windows explorer.exe that i would need to replace it following the instructions on the microsoft knowledge site. This I followed and wonder if this might be the cause of IE problem.

Can someone please advise me what i should do?


cubbycuddly
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Would you please do this:

Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and post the contents here.
 
C

cubbycuddly

Thread Starter
Joined
Dec 1, 2001
Messages
230
Hi,

my startuplist:


StartupList report, 26/01/2003, 14:05:28
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NEWSBIN_V40B22_YENC_REG_KEY(4) WORKING\NBPRO.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCREDIMAIL.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
UPDATE GROKSTER.LNK = C:\PROGRA~1\GROKSTER\WiseUpdt.exe
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 25/1/2003, 12:41:26)

[Rename]
NUL=C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\SET9003.TMP
NUL=C:\WINDOWS\SYSTEM\ATL.DLL
C:\WINDOWS\SYSTEM\ATL.DLL=C:\WINDOWS\SYSTEM\SET9004.TMP
NUL=C:\WINDOWS\SYSTEM\BROWSELC.DLL
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\SET9005.TMP
NUL=C:\WINDOWS\SYSTEM\BROWSEUI.DLL
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\SET9006.TMP
NUL=C:\WINDOWS\SYSTEM\COMCTL32.DLL
C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\SET9010.TMP
NUL=C:\WINDOWS\SYSTEM\JSCRIPT.DLL
C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\SET9033.TMP
NUL=C:\WINDOWS\SYSTEM\MLANG.DLL
C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\SET9035.TMP
NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET9050.TMP
NUL=C:\WINDOWS\SYSTEM\MSHTMLED.DLL
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\SET9073.TMP
NUL=C:\WINDOWS\SYSTEM\MSLS31.DLL
C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\SET9074.TMP
NUL=C:\WINDOWS\SYSTEM\SHDOCLC.DLL
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\SET9084.TMP
NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SET9090.TMP
NUL=C:\WINDOWS\SYSTEM\SHFOLDER.DLL
C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\SET9092.TMP
NUL=C:\WINDOWS\SYSTEM\SHLWAPI.DLL
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SET9093.TMP
NUL=C:\WINDOWS\SYSTEM\THUMBVW.DLL
C:\WINDOWS\SYSTEM\THUMBVW.DLL=C:\WINDOWS\SYSTEM\SET9095.TMP
NUL=C:\WINDOWS\SYSTEM\URLMON.DLL
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET90A2.TMP
NUL=C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SET90A3.TMP
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SET9195.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SET9196.TMP
NUL=C:\WINDOWS\SYSTEM\SENS.DLL
C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SET9197.TMP
NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL
C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SET9198.TMP
NUL=C:\WINDOWS\SYSTEM\ES.DLL
C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SET9199.TMP
NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\SET91A0.TMP
NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SET91A1.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\PROGRA~1\PANDAS~1\PANDAA~1;C:\WINDOWS;C:\WINDOWS\COMMAND
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\TMPCPYIS.BAT
DEL C:\PQSC\PROGRAM\*.dll
DEL C:\PQSC\PROGRAM\*.exe
RD C:\PQSC\PROGRAM
RD C:\PQSC
DEL C:\WINDOWS\WINSTART.BAT

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ScanDisk.job
Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Disk Defragmenter.job
1 Copernic Intra-Daily ~Default User.job
2 Copernic Daily ~Default User.job
3 Copernic Weekly ~Default User.job
4 Copernic Monthly ~Default User.job
Video Reminder.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[IntraLaunch.MainControl]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INTRALAUNCH.OCX
CODEBASE = file://D:\IntraLaunch.CAB

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002112001/housecall.antivirus.com/housecall/xscan53.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1108/V31Controls/x86/mil/en/actsetup.cab

[{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
CODEBASE = http://2passwords.com/all_FREE_xxx.exe

[AV Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IE_GROKSTER.DLL
CODEBASE = http://www.grokster.com/rdx/RdxIE.cab

--------------------------------------------------
End of report, 8,039 bytes
Report generated in 0.411 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

cubbycuddly
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Your Startup log is far TOO trim:

I don't see an antivirus running, and no Scan Registry.

Thst means that Scan Registry isn't loading as Windows starts, and that you're not protected from viruses.

You need all of that to be running.

Did you uncheck those items in Msconfig/Startup just before running Startuplist, or have you been surfing the web and running your computer this way for a while?

If the latter, please RE-check all aforementioned items.

What I'd also do, is go to Internet Options > Temp. Internet Files > Settings > Show Objects, and examine all ActiveX objects you see there.

Are any objects there marked 'damaged', rightclick them, and choose remove.

Now rightclick each one in turn, chose 'properties', and check the Version tab.

If the company is anyone else but Macromedia, Apple, or Microsoft, rightclick the file, and choose 'remove'.
 
C

cubbycuddly

Thread Starter
Joined
Dec 1, 2001
Messages
230
Hi Tony,

I found a damaged activex file and filtered out the rest not microsoft,macromedia etc.

i've looked in startup and I don't know what to select for the scan registry to run.

When i look at System configuration utility-General tab, I have now selective startup enabled and the following 5 boxes underneath that selected too.

I've made a new startup list here for you to look at and perhaps you can tell me now what needs to be enabled or disabled.

Thanks.


StartupList report, 26/01/2003, 16:21:08
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\ACD SYSTEMS\ACDSEE\5.0\ACDSEE5.EXE
C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\IDBSVR.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCREDIMAIL.EXE
C:\WINDOWS\SYSTEM\MSCONFIG.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
UPDATE GROKSTER.LNK = C:\PROGRA~1\GROKSTER\WiseUpdt.exe
Tiny Trainer Intro.lnk = C:\Program Files\tMentor\Tiny Trainer\intro.exe
Weather1.lnk = C:\Program Files\Weather1\Weather1.exe
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Mentor Tray Icon.lnk = C:\Program Files\tMentor\Mentor for WinMe\minitray.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
Never Offline TaskTray Support.LNK = C:\Program Files\Never Offline\NOL_Tray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
TaskMonitor = C:\WINDOWS\taskmon.exe
RealTray = C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
KAZAA = C:\PROGRAM FILES\GROKSTER\GROKSTER.EXE /SYSTRAY
LoadQM = loadqm.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
FileFreedom = C:\PROGRAM FILES\FILEFREEDOM\FILEFREEDOM.EXE
InstantAccess = C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
RealJukeboxSystray = C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
WinDSNX = C:\WINDOWS\SYSTEM\CRYPTUI.EXE
InCD = C:\Program Files\Ahead\InCD\InCD.exe
UKVideo = c:\program files\dialers\ukvideo\ukvideo.exe /noconnect
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncrediMail.exe /c
sharedprem = C:\WINDOWS\system\sharedprem.EXE
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
My Search Bar Eq = "C:\PROGRAM FILES\MYSEARCH\BAR\S4BAREQ.EXE" /r
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
Dcfssvc = C:\WINDOWS\System32\Drivers\dcfssvc.exe
Stomp DLA = "C:\Program Files\Stomp\DLA\dlatray.exe" /t
dla = C:\WINDOWS\system\dla\tfswctrl.exe
Magitime = C:\Program Files\Magitime\magitime.exe
(Default) =
LifeScape Media Detector = C:\Program Files\Picasa\PicasaMediaDetector.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LexStart = Lexstart.exe
LexmarkPrinTray = PrinTray.exe
PC Booster = C:\Program Files\inKline Global\PC Booster\pcbooster.exe
WinampAgent = "C:\Program Files\Winamp3\winampa.exe"
NavRegReminder = "C:\WINDOWS\TEMP\NAVBROWSER.EXE" /r /i "C:\WINDOWS\TEMP\NavLoad.ini"
SCANINICIO = "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
RegisterDropHandler = C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
minilog = C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
SAgent2ExePath = C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PANDASCHEDULER = "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
RealJukeboxSystray = "C:\PROGRAM FILES\REAL\REALJUKEBOX\tsystray.exe"
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
tkonnect = C:\PROGRAM FILES\TISCALI\TKONNECT\TKONNECT.EXE updatemode
Scheduled Maintenance = C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC\Scheduled_Maintenance.exe
media_manager = C:\Program Files\ebkrdr\mediaman.exe
WindowBlinds = C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 25/1/2003, 12:41:26)

[Rename]
NUL=C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\SET9003.TMP
NUL=C:\WINDOWS\SYSTEM\ATL.DLL
C:\WINDOWS\SYSTEM\ATL.DLL=C:\WINDOWS\SYSTEM\SET9004.TMP
NUL=C:\WINDOWS\SYSTEM\BROWSELC.DLL
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\SET9005.TMP
NUL=C:\WINDOWS\SYSTEM\BROWSEUI.DLL
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\SET9006.TMP
NUL=C:\WINDOWS\SYSTEM\COMCTL32.DLL
C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\SET9010.TMP
NUL=C:\WINDOWS\SYSTEM\JSCRIPT.DLL
C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\SET9033.TMP
NUL=C:\WINDOWS\SYSTEM\MLANG.DLL
C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\SET9035.TMP
NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET9050.TMP
NUL=C:\WINDOWS\SYSTEM\MSHTMLED.DLL
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\SET9073.TMP
NUL=C:\WINDOWS\SYSTEM\MSLS31.DLL
C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\SET9074.TMP
NUL=C:\WINDOWS\SYSTEM\SHDOCLC.DLL
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\SET9084.TMP
NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SET9090.TMP
NUL=C:\WINDOWS\SYSTEM\SHFOLDER.DLL
C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\SET9092.TMP
NUL=C:\WINDOWS\SYSTEM\SHLWAPI.DLL
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SET9093.TMP
NUL=C:\WINDOWS\SYSTEM\THUMBVW.DLL
C:\WINDOWS\SYSTEM\THUMBVW.DLL=C:\WINDOWS\SYSTEM\SET9095.TMP
NUL=C:\WINDOWS\SYSTEM\URLMON.DLL
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET90A2.TMP
NUL=C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\SET90A3.TMP
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SET9195.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SET9196.TMP
NUL=C:\WINDOWS\SYSTEM\SENS.DLL
C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SET9197.TMP
NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL
C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SET9198.TMP
NUL=C:\WINDOWS\SYSTEM\ES.DLL
C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SET9199.TMP
NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\SET91A0.TMP
NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SET91A1.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\PROGRA~1\PANDAS~1\PANDAA~1;C:\WINDOWS;C:\WINDOWS\COMMAND
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\TMPCPYIS.BAT
DEL C:\PQSC\PROGRAM\*.dll
DEL C:\PQSC\PROGRAM\*.exe
RD C:\PQSC\PROGRAM
RD C:\PQSC
DEL C:\WINDOWS\WINSTART.BAT

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ScanDisk.job
Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Disk Defragmenter.job
1 Copernic Intra-Daily ~Default User.job
2 Copernic Daily ~Default User.job
3 Copernic Weekly ~Default User.job
4 Copernic Monthly ~Default User.job
Video Reminder.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1108/V31Controls/x86/mil/en/actsetup.cab

--------------------------------------------------
End of report, 11,167 bytes
Report generated in 0.841 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



cubbycuddly
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Man, do you have a lot of thrash starting up and running... :eek:

I'm amazed that your computer will even run the way it is.

Please do this:

Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Hijack This will allow us to easily remove the offending items.
 
C

cubbycuddly

Thread Starter
Joined
Dec 1, 2001
Messages
230
Hi,

here's what hijack this came up with:

Logfile of HijackThis v1.91.2
Scan saved at 21:49:37, on 26/01/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.vivisimo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.searchgateway.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=C:\Program Files\Copernic 2001 Basic\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.demon.net/cgi-bin/demon/ie4/search?p=%s
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (file missing)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\SCTRAY.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Magitime] C:\Program Files\Magitime\magitime.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - Startup: UPDATE GROKSTER.LNK = C:\PROGRA~1\GROKSTER\WiseUpdt.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Mentor Tray Icon.lnk = C:\Program Files\tMentor\Mentor for WinMe\minitray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Never Offline TaskTray Support.LNK = C:\Program Files\Never Offline\NOL_Tray.exe
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O8 - Extra context menu item: &Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: &Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: &Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: &Dictionary - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Spelling - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Thesaurus - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Translate - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Web Search - C:\Program Files\Dictionary\search.html
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Mentor (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Shop Using Copernic Shopper (HKLM)
O9 - Extra button: Shop (HKLM)
O9 - Extra button: Copernic (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF &Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &Fill Forms (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: &Save Forms (HKLM)
O9 - Extra button: Dictionary (HKLM)
O9 - Extra 'Tools' menuitem: Dictionary (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\IntraLaunch.CAB
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: LiveWorld EZTalk 3.0 - http://bizchat.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002112001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://2passwords.com/all_FREE_xxx.exe
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\PROGRA~1\COMMON~1\MICROS~1\REFERE~1\MSREF.DLL


cubbycuddly
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Half the startup entries that were present in your Startuplist log, aren't there any more now.

In the first log you had a trojan: WinDSNX = C:\WINDOWS\SYSTEM\CRYPTUI.EXE

And some more spyware and dialers not present in the second log: UKVideo, MySearchbar, NewNet, and others.

It's very hard to offer advice if you keep showing us different things.

Tell you what:
Download Spybot - Search & Destroy

After installing, press Online, and search for, put a check mark at, and install all updates.

Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

Next, take a second look at Msconfig/Startup, and uncheck all other unneccessary items.

Use Pacman's List of Startup Applications to determine what should stay and what can go.

Good luck,
 
R

rugrat

Joined
Dec 16, 2001
Messages
1,869
cubbycuddly

Just additional advice, The suggestions from Tony are excellent!!! He knows more about this type of problem than I will ever know. We are all here to help and desire to see problems fixed. Help us help you. :D

SeeYa
 
TonyKlein

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Thanks for the recommendation, Rugrat. :D

But this isn't even about "expertise".

It's about methodically following advice, and reporting on your progress.

That's the only way to get anywhere
 
C

cubbycuddly

Thread Starter
Joined
Dec 1, 2001
Messages
230
Rollin rog

If you had read my postings thoroughly you would have known that they were not duplicates. The first posting was about sticky IE which was of an entirely different nature too problems with starting up.

:mad:

cubbycuddly
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 625 (members: 9, guests: 616)
Top