temperamental browsing problem

olivr · 10-18-2004, 07:31 AM

my friend sent me a link to some stupid games site that seemed to install a load of spyware onto my system. i downloaded and ran spybot and adaware to get rid of it all.. and i'm pretty sure that i did, but since then i've had real problems browsing. - I'd say three-quarters of the pages i try to load come up with the 'The page cannot be displayed' page and know amount of refreshing will make them work. actually, i used to get that error page before i contracted the spyware - but not nearly to the same extent i have it now.

it's not always the same pages that fail to work, sometimes my homepage, google loads and sometimes it doesn't. sometimes, if clicking a link fails to work in that window, right clicking and selecting 'open in a new window' will make it work.

i carried out a full virus scan which found nothing and i've tried downloading different browsers. Firefox gave me a different error message for most pages and opera says 'could not locate remote server' to every request. I've also tried using system restore to go back to when i didn't have so much of a problem, as well as unplugging my connection, waiting, reconnecting and then restarting a whole bunch of times... but to no avail. I am on a high-speed network at my university halls of residence - could it be my connection setup? is it something i have to contact my network administrator about or is there some way i can fix this myself?

I'm on XP home, running IE 6.

thanks for reading.

CTSNKY · 10-18-2004, 07:32 AM

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

olivr · 10-18-2004, 07:53 AM

appreciated, CTSNKY.
here's what it found...

Scan saved at 14:47:42, on 18/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\video\quicktime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RUNDLL32.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\Downloaded Program Files\eBayTBar.exe
C:\internet\ZoneAlarm\zonealarm.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk5.hpwis.com/
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - G:\programs\win get\WinIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\video\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "G:\programs\clonecd\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: eBay Toolbar.LNK = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\internet\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\internet\aim\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.powerpolitics.us/beta/DL_Files/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/w...com/wtinst.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37664428-532C-4DFB-AB36-193687566AD4}: NameServer = 128.86.1.20,192.36.125.2
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

CTSNKY · 10-18-2004, 08:32 AM

Hi olivr......let's see what we can see.....

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures
below.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure
that the System Files and Folders are showing/visible also.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up).

[/b]Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Win Get

WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. If you installed this yourself and want to keep it, you may ignore all the fixes regarding it. Otherwise, uninstall it and follow all the fixes below for it.

Check and fix the following in HijackThis if they still exist (make sure not to miss any):

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - G:\programs\win get\WinIE.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/...acom/wtinst.cab

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Windows\System32\wsaupdater.exe
G:\programs\win get\
C:\Program Files\WildTangent\

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

olivr · 10-18-2004, 09:30 AM

thankyou for the excellent instructions!
i wasn't able to remove wildtangent or winget -- i got an error message that said that the windows installer was not accessible... perhaps, it suggested, because i was in safe mode. i removed them succesfully after i rebooted -- i can't tell if it has worked yet.
here's my new hi-jack-this log:

Scan saved at 16:20:15, on 18/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\video\quicktime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\Downloaded Program Files\eBayTBar.exe
C:\internet\ZoneAlarm\zonealarm.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk5.hpwis.com/
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\video\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "G:\programs\clonecd\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: eBay Toolbar.LNK = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\internet\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\internet\aim\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.powerpolitics.us/beta/DL_Files/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.studentsunzipped.com/AxisCamControl.ocx
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37664428-532C-4DFB-AB36-193687566AD4}: NameServer = 128.86.1.20,192.36.125.2
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

CTSNKY · 10-18-2004, 09:45 AM

Log looks fine, well done. Let us know if you have any lingering problems.

To help prevent future spyware installations/infections, please read the anti-spyware section and use the tools provided.

olivr · 10-19-2004, 02:12 AM

thankyou CTSNKY.

well, it seemed to be working better last night, but this morning the problem is as bad as it was again. this is what usually happens. if i were to enter: http://www.hotmail.com/ into the address bar i would get either the 'page cannot be displayed' page or the 'internet explorer could not open the search page' message. i'd keep opening new windows and doing the same thing until it worked, which would take 5 or 6 attempts.

olivr · 10-19-2004, 02:17 AM

i have this problem, too:
page page display error on internet explorer and firefox

...where parts of pages, often images, won't load even if the page does.

CTSNKY · 10-19-2004, 05:40 AM

Give us a fresh HJT log and also one from StartDreck.

Download: StartDreck.

Unzip to its own folder and start the program:
Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

=========

Also, boot into Safe Mode and delete this folder:

C:\Program Files\Common Files\Stardock\

I will assume this is the game you were talking about in first post.

olivr · 10-19-2004, 09:31 AM

thanks again for the instructions. the stardock folder is the folder of a game that i bought and should all be kosher. here's my startdreck log. :

StartDreck (build 2.1.5 public BETA) - 2004-10-19 @ 16:25:53
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)

»Registry
»Run Keys
»Current User
»Run
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe
*Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe
*InfoPenOL=
»RunOnce
»Default User
»Run
*ctfmon.exe=C:\WINDOWS\System32\CTFMON.EXE
*Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe
»RunOnce
*Suite=regedit -s c:\windows\temp\adj_hp.reg
»Local Machine
»Run
*hpsysdrv=c:\windows\system\hpsysdrv.exe
*Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
*dla=C:\WINDOWS\system32\dla\tfswctrl.exe
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*IgfxTray=C:\WINDOWS\System32\igfxtray.exe
*NAV Agent=c:\PROGRA~1\NORTON~1\navapw32.exe
*PS2=C:\WINDOWS\system32\ps2.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*QuickTime Task="C:\video\quicktime\qttask.exe" -atboottime
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
*CloneCDTray="G:\programs\clonecd\CloneCDTray.exe" /s
*NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
*Motive SmartBridge=C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
*Installed=1
*Installed=1
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*Microsoft Cvrt=mscvrt32.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
*00000000=<unkown>
*00000004=<unkown>
*00000218=\SystemRoot\System32\smss.exe
*00000248=<unkown>
*00000260=\??\C:\WINDOWS\system32\winlogon.exe
*0000028C=C:\WINDOWS\system32\services.exe
*00000298=C:\WINDOWS\system32\lsass.exe
*00000360=C:\WINDOWS\system32\svchost.exe
*000003C8=C:\WINDOWS\System32\svchost.exe
*00000424=<unkown>
*00000464=<unkown>
*00000534=C:\Program Files\Common Files\Stardock\SDMCP.exe
*000005B8=C:\WINDOWS\Explorer.EXE
*000005D4=C:\WINDOWS\system32\spoolsv.exe
*0000063C=C:\windows\system\hpsysdrv.exe
*00000654=C:\WINDOWS\system32\dla\tfswctrl.exe
*00000674=C:\PROGRA~1\NORTON~1\navapw32.exe
*00000688=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
*000006A0=C:\video\quicktime\qttask.exe
*000006B8=C:\WINDOWS\System32\RUNDLL32.EXE
*00000724=C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
*0000074C=C:\Program Files\MSN Messenger\MsnMsgr.Exe
*000002C0=C:\WINDOWS\Downloaded Program Files\eBayTBar.exe
*0000037C=C:\internet\ZoneAlarm\zonealarm.exe
*000003AC=C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
*000004E8=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
*00000508=c:\Program Files\Norton AntiVirus\navapsvc.exe
*0000053C=C:\WINDOWS\System32\nvsvc32.exe
*00000670=C:\WINDOWS\System32\ZoneLabs\vsmon.exe
*000007D4=C:\WINDOWS\System32\svchost.exe
*00000514=C:\Program Files\Internet Explorer\iexplore.exe
*00000DF8=C:\Program Files\Internet Explorer\iexplore.exe
*00000A0C=C:\StartDreck\StartDreck.exe
»Application specific

CTSNKY · 10-19-2004, 07:15 PM

Hi olivr,

Well, I did not detail any fixes for these entries, but they may be causing some of your problems. Do you know/use this Math Player program?

O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

Also, this entry in StartDreck is a bit suspicious:

Suite=regedit -s c:\windows\temp\adj_hp.reg

Go in via Safe Mode and delete all of the files located in the C:\Windows\Temp folder (not folder itself). Make sure the hidden files are still "turned on" as discussed in first response.

Reboot to Normal mode and give us a new StartDreck log. If this entry re-appears, I will ask my colleagues to lend a fresh set of eyes.

olivr · 10-23-2004, 01:56 PM

done and done. i have no idea what math player was, but i've gotten rid of it now and so should be clean. : ) as for my browser problem, i'm pretty sure it was dns cacheing of unsuccesful browsing look-ups. for those of you who might be experiencing the same thing, this is a very helpful page...

http://cable-dsl.home.att.net/dns_cache.htm

it has an edit to the registry that i downloaded and executed and, so far, it seems to be working ok.
thankyou very much for your time, CTSNKY.

10-18-2004, 07:31 AM	#1 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	temperamental browsing problem my friend sent me a link to some stupid games site that seemed to install a load of spyware onto my system. i downloaded and ran spybot and adaware to get rid of it all.. and i'm pretty sure that i did, but since then i've had real problems browsing. - I'd say three-quarters of the pages i try to load come up with the 'The page cannot be displayed' page and know amount of refreshing will make them work. actually, i used to get that error page before i contracted the spyware - but not nearly to the same extent i have it now. it's not always the same pages that fail to work, sometimes my homepage, google loads and sometimes it doesn't. sometimes, if clicking a link fails to work in that window, right clicking and selecting 'open in a new window' will make it work. i carried out a full virus scan which found nothing and i've tried downloading different browsers. Firefox gave me a different error message for most pages and opera says 'could not locate remote server' to every request. I've also tried using system restore to go back to when i didn't have so much of a problem, as well as unplugging my connection, waiting, reconnecting and then restarting a whole bunch of times... but to no avail. I am on a high-speed network at my university halls of residence - could it be my connection setup? is it something i have to contact my network administrator about or is there some way i can fix this myself? I'm on XP home, running IE 6. thanks for reading.

10-18-2004, 07:32 AM	#2 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer. __________________ GO BIG BLUE!!

10-18-2004, 08:32 AM	#4 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Hi olivr......let's see what we can see..... Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point. Reboot into Safe Mode (hit F8 key until menu shows up). [/b]Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Win Get WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. If you installed this yourself and want to keep it, you may ignore all the fixes regarding it. Otherwise, uninstall it and follow all the fixes below for it. Check and fix the following in HijackThis if they still exist (make sure not to miss any): F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - G:\programs\win get\WinIE.dll O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/...acom/wtinst.cab Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\Windows\System32\wsaupdater.exe G:\programs\win get\ C:\Program Files\WildTangent\ Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean. __________________ GO BIG BLUE!!

10-18-2004, 09:45 AM	#6 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Log looks fine, well done. Let us know if you have any lingering problems. To help prevent future spyware installations/infections, please read the anti-spyware section and use the tools provided. __________________ GO BIG BLUE!!

10-19-2004, 05:40 AM	#9 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Give us a fresh HJT log and also one from StartDreck. Download: StartDreck. Unzip to its own folder and start the program: Press 'Config' Press 'Unmark All' Check the following boxes only: Registry -> Run Keys System/drivers> Running processes Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread. ========= Also, boot into Safe Mode and delete this folder: C:\Program Files\Common Files\Stardock\ I will assume this is the game you were talking about in first post. __________________ GO BIG BLUE!! Last edited by CTSNKY; 10-19-2004 at 05:49 AM.

10-18-2004, 07:53 AM	#3 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	appreciated, CTSNKY. here's what it found... Scan saved at 14:47:42, on 18/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\video\quicktime\qttask.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\RUNDLL32.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\Downloaded Program Files\eBayTBar.exe C:\internet\ZoneAlarm\zonealarm.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk5.hpwis.com/ F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - G:\programs\win get\WinIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\video\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "G:\programs\clonecd\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: eBay Toolbar.LNK = ? O4 - Global Startup: ZoneAlarm.lnk = C:\internet\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download all by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\internet\aim\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.powerpolitics.us/beta/DL_Files/msxml4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/w...com/wtinst.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37664428-532C-4DFB-AB36-193687566AD4}: NameServer = 128.86.1.20,192.36.125.2 O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

10-18-2004, 09:30 AM	#5 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	thankyou for the excellent instructions! i wasn't able to remove wildtangent or winget -- i got an error message that said that the windows installer was not accessible... perhaps, it suggested, because i was in safe mode. i removed them succesfully after i rebooted -- i can't tell if it has worked yet. here's my new hi-jack-this log: Scan saved at 16:20:15, on 18/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\video\quicktime\qttask.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\Downloaded Program Files\eBayTBar.exe C:\internet\ZoneAlarm\zonealarm.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\msiexec.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk5.hpwis.com/ O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\video\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "G:\programs\clonecd\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: eBay Toolbar.LNK = ? O4 - Global Startup: ZoneAlarm.lnk = C:\internet\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download all by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\audio\BB\STYLES30\vst\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\Downloaded Program Files\eBayBand.dll O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\internet\aim\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://www.powerpolitics.us/beta/DL_Files/msxml4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.studentsunzipped.com/AxisCamControl.ocx O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37664428-532C-4DFB-AB36-193687566AD4}: NameServer = 128.86.1.20,192.36.125.2 O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

10-19-2004, 02:12 AM	#7 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	thankyou CTSNKY. well, it seemed to be working better last night, but this morning the problem is as bad as it was again. this is what usually happens. if i were to enter: http://www.hotmail.com/ into the address bar i would get either the 'page cannot be displayed' page or the 'internet explorer could not open the search page' message. i'd keep opening new windows and doing the same thing until it worked, which would take 5 or 6 attempts.

10-19-2004, 02:17 AM	#8 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	i have this problem, too: page page display error on internet explorer and firefox ...where parts of pages, often images, won't load even if the page does.

10-19-2004, 09:31 AM	#10 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	thanks again for the instructions. the stardock folder is the folder of a game that i bought and should all be kosher. here's my startdreck log. : StartDreck (build 2.1.5 public BETA) - 2004-10-19 @ 16:25:53 Platform: Windows XP (Win NT 5.1.2600 Service Pack 1) »Registry »Run Keys »Current User »Run MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe InfoPenOL= »RunOnce »Default User »Run ctfmon.exe=C:\WINDOWS\System32\CTFMON.EXE Microsoft Works Update Detection=C:\Program Files\Microsoft Works\WkDetect.exe »RunOnce Suite=regedit -s c:\windows\temp\adj_hp.reg »Local Machine »Run hpsysdrv=c:\windows\system\hpsysdrv.exe Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE dla=C:\WINDOWS\system32\dla\tfswctrl.exe NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup IgfxTray=C:\WINDOWS\System32\igfxtray.exe NAV Agent=c:\PROGRA~1\NORTON~1\navapw32.exe PS2=C:\WINDOWS\system32\ps2.exe TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot QuickTime Task="C:\video\quicktime\qttask.exe" -atboottime nwiz=nwiz.exe /install NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit CloneCDTray="G:\programs\clonecd\CloneCDTray.exe" /s NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe Motive SmartBridge=C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe Installed=1 Installed=1 NoChange=1 Installed=1 »RunOnce »RunServices Microsoft Cvrt=mscvrt32.exe »RunServicesOnce »RunOnceEx »RunServicesOnceEx »Files »System/Drivers »Running Processes 00000000=<unkown> 00000004=<unkown> 00000218=\SystemRoot\System32\smss.exe 00000248=<unkown> 00000260=\??\C:\WINDOWS\system32\winlogon.exe 0000028C=C:\WINDOWS\system32\services.exe 00000298=C:\WINDOWS\system32\lsass.exe 00000360=C:\WINDOWS\system32\svchost.exe 000003C8=C:\WINDOWS\System32\svchost.exe 00000424=<unkown> 00000464=<unkown> 00000534=C:\Program Files\Common Files\Stardock\SDMCP.exe 000005B8=C:\WINDOWS\Explorer.EXE 000005D4=C:\WINDOWS\system32\spoolsv.exe 0000063C=C:\windows\system\hpsysdrv.exe 00000654=C:\WINDOWS\system32\dla\tfswctrl.exe 00000674=C:\PROGRA~1\NORTON~1\navapw32.exe 00000688=C:\Program Files\Common Files\Real\Update_OB\realsched.exe 000006A0=C:\video\quicktime\qttask.exe 000006B8=C:\WINDOWS\System32\RUNDLL32.EXE 00000724=C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe 0000074C=C:\Program Files\MSN Messenger\MsnMsgr.Exe 000002C0=C:\WINDOWS\Downloaded Program Files\eBayTBar.exe 0000037C=C:\internet\ZoneAlarm\zonealarm.exe 000003AC=C:\Program Files\ntl\broadband medic\bin\mpbtn.exe 000004E8=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe 00000508=c:\Program Files\Norton AntiVirus\navapsvc.exe 0000053C=C:\WINDOWS\System32\nvsvc32.exe 00000670=C:\WINDOWS\System32\ZoneLabs\vsmon.exe 000007D4=C:\WINDOWS\System32\svchost.exe 00000514=C:\Program Files\Internet Explorer\iexplore.exe 00000DF8=C:\Program Files\Internet Explorer\iexplore.exe *00000A0C=C:\StartDreck\StartDreck.exe »Application specific

10-19-2004, 07:15 PM	#11 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Hi olivr, Well, I did not detail any fixes for these entries, but they may be causing some of your problems. Do you know/use this Math Player program? O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll Also, this entry in StartDreck is a bit suspicious: Suite=regedit -s c:\windows\temp\adj_hp.reg Go in via Safe Mode and delete all of the files located in the C:\Windows\Temp folder (not folder itself). Make sure the hidden files are still "turned on" as discussed in first response. Reboot to Normal mode and give us a new StartDreck log. If this entry re-appears, I will ask my colleagues to lend a fresh set of eyes. __________________ GO BIG BLUE!!

10-23-2004, 01:56 PM	#12 (permalink)
olivr Registered User Join Date: Oct 2004 Posts: 8 OS: Win XP	victory is mine. done and done. i have no idea what math player was, but i've gotten rid of it now and so should be clean. : ) as for my browser problem, i'm pretty sure it was dns cacheing of unsuccesful browsing look-ups. for those of you who might be experiencing the same thing, this is a very helpful page... http://cable-dsl.home.att.net/dns_cache.htm it has an edit to the registry that i downloaded and executed and, so far, it seems to be working ok. thankyou very much for your time, CTSNKY.