Thread: Unstable system

  1. #1
    Registered User
    Join Date
    Aug 2003
    Posts
    1,218

    Unstable system

    I recently had problems with ads and stuff in internet explorer so I ran adaware and spyware search and destroy. I also found out at the same time I had a couple of trojans in my computer which were put in to quarentine by norton. My problem right now is that IE is very unstable, the inbuilt search doesnt work and the program hangs alot. Anybody has any suggestions what to do?? Should I run a servicepack on IE?? Worst case ill have to make a system restore. Damn I hate that they made IE so hackfriendly!

    System:
    Amd XP 2200+
    Win XP
    Win IE v. 6.0.2800.1106.bla bla bla

    *Edit: Dont tell me to use firefox or opera or something, I already am but I dont want to go through hell and teach my mom and dad how to use them.
    Last edited by Shakti; 11-05-2004 at 11:02 AM.

  2. #2
    Registered User
    Join Date
    Sep 2004
    Posts
    124
    Hi Shakti,
    Let's see a HijackThis log.
    Can you download HijackThis, create a new folder for it and unzip the executable into it.
    Close all apps down and run it. Click on Scan, and the white data area will fill with information.
    The Scan button will change to Save Log - click on that, save the logfile anywhere convenient, and post the entire contents of the logfile produced as a reply to this thread.
    Exit HijackThis and wait for further advice!

  3. #3
    Registered User
    Join Date
    Aug 2003
    Posts
    1,218
    Thanks for the reply!
    Ok Ill attach the logfile here.

  4. #4
    Registered User
    Join Date
    Sep 2004
    Posts
    124
    Hiya,

    Firstly, you're running HijackThis from a temporary location. This is bad news because it creates a folder of backups so you can go back if you make a mistake, and if run from a temporary location it'll either not create the backups or they'll be deleted!

    Therefore it is vital you create a new folder for it and move the executable into it, as per my previous post.

    I must add at this point that there's a lot of Dutch stuff in there, and as I don't speak Dutch researching some of these was quite a tricky task, even with the tools and resources I have at hand. I'll need you to check some of them (esepcially after the first block of fixes).

    Download CWShredder and save it onto your Desktop.

    Close all programs down and run CWShredder. Be sure to click on Fix and NOT Scan Only. When it has finished, reboot your system.

    Run HijackThis, perform a scan, and place a check against the following items (some may have disappeared as a result of having run CWShredder):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
    O1 - Hosts: 66.159.20.51 astalavista.box.sk
    O2 - BHO: TW_BrowserHook - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - C:\Program Files\Macro ToolsWorks\mtwbho.dll (file missing)
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/...tdmgainads.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab


    I think this might pertain to an online banking program you have, but if not then you may want to fix it also (subject you to you not knowing what it is - if you recognise it as valid then please leave these ones well alone):

    O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll
    O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards
    O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe
    O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/be...t/oinstall.cab


    The following are optional fixes - if there any in there you recognise as something you use, then again leave them:

    O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program\DAP\DAPIEBar.dll
    O16 - DPF: {26111423-D30F-11D3-8A34-00A0CC3BAA9C} (Mission Connector 4.1) - http://www.mightygames.com/ActiveX/MC4110/MC.cab
    O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab
    O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.nu/colorap...rAppOnline.cab
    O16 - DPF: {F70FAED4-069F-40E8-B609-F01DA4BF74DA} (ApportFastTrack.ThumbView) - http://www.apport.nu/Bilderonline/Ac...tFastTrack.CAB


    Click on Fix Checked and exit HijackThis.

    Reboot your system.

    Post back a fresh HijackThis log and we'll take another look.
    Last edited by Driver; 11-05-2004 at 02:20 PM. Reason: Clarify use of CWShredder

  5. #5
    Registered User
    Join Date
    Aug 2003
    Posts
    1,218
    Thanks a ton for helping me out here!!

    Updated log.

  6. #6
    Registered User
    Join Date
    Sep 2004
    Posts
    124
    Hi Shakti,

    Your log is much cleaner now - as I can't know which optional ones you fixed, can you just check to make sure you didn't fix any and then have them return?

    Unfortunately malware is getting harder and harder to remove these days, so it's worth being certain on this.

    Check which version of Ad-Aware you're using: it should be SE. If you're using 6.181, then uninstall it and install SE instead. Update as normal and have it perform a full system scan.

    Spybot Search and Destroy 1.2 is no longer supported either. If you're running that, update to 1.3 immediately and again update and have it perform a full system scan. I didn't see the BHO in your log for it, neither did I see the teatimer executable as a running process.

    Then check this out for information on how you may have got infected in the first place, and tips on how to prevent it in the future.

    How is the system running now?

  7. #7
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    Also, in spybot, go into the tools menu, then bho's. Remove any entries that have a yellow, red, or no checkmark next to them (green checks are ok). Do the same for active x controls. I also recommend getting sp2 because it enhances the ability to remove toolbars (bho's and the like) from IE.
    PHP and XML
    Let's talk about SAX

  8. #8
    Registered User major_small's Avatar
    Join Date
    May 2003
    Posts
    2,787
    Quote Originally Posted by Shakti
    I dont want to go through hell and teach my mom and dad how to use them.
    wow.

    if they're really that hard to teach, just tell them it's a new version of IE called 'firefox'
    Join is in our Unofficial Cprog IRC channel
    Server: irc.phoenixradio.org
    Channel: #Tech


    Team Cprog Folding@Home: Team #43476
    Download it Here
    Detailed Stats Here
    More Detailed Stats
    52 Members so far, are YOU a member?
    Current team score: 1223226 (ranked 374 of 45152)

    The CBoard team is doing better than 99.16% of the other teams
    Top 5 Members: Xterria(518175), pianorain(118517), Bennet(64957), JaWiB(55610), alphaoide(44374)

    Last Updated on: Wed, 30 Aug, 2006 @ 2:30 PM EDT

  9. #9
    Registered User
    Join Date
    Aug 2003
    Posts
    1,218
    Thanks for all the help! This has done wonders!!!

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. File System Implementation
    By dodgeviper in forum C Programming
    Replies: 9
    Last Post: 11-16-2007, 01:04 PM
  2. Using system icons
    By @nthony in forum Windows Programming
    Replies: 1
    Last Post: 01-13-2007, 07:56 PM
  3. Linux database system needed
    By BobS0327 in forum Tech Board
    Replies: 7
    Last Post: 06-11-2006, 03:56 PM
  4. measuring system resources used by a function
    By Aran in forum C Programming
    Replies: 1
    Last Post: 03-13-2006, 05:35 PM
  5. BIOS system and memory allocation problem
    By beely in forum Tech Board
    Replies: 9
    Last Post: 11-25-2003, 07:12 AM