• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Some problems with internet-Start Page-Very very slow to start up

S

Spiderman

New member
Hello,
I had recently a problem with my internet explorer (i noticed after installing the MSN beta version 8.0-but am not sure because I also installed and uninstalled a router Trend Net which was working only when both equipement was in the same room). When i start the internet it was very very slow to start up (may take 5-15minutes to show fully with my start page). I therefore uninstalled the internet and reinstalled it again from the web (I had to use Mozilla firefox to download). Now it opens up correctly but when I tried to change the start page to test (i shifted it to google then i returned it back to its original setting www.polymtl.ca) since I have got tea timer operating i allowed the change in registry. Since then ieach time I start my computer tea timer still ask me to allow or to deny this change. so I ticked the option to remember the action and now it does not ask me. But the problem is that I have noticed in the tea timer log that everyday when I start my pc it has an action to put my start page (for which I defined that is www.polymtl.ca). I noticed also that before I had not this action. I should be grateful if you could help me in that as i am sure there should be a small problem somewhere.
I thank you in advance
I use AVG free edition (I scanned the whole pc with updated database but there was no virus)
I use spybot latest version and update with tea timer on.
I use adadware SE personal to clean up regularly with latest updates.
I have also spywareblaster installed
I did also IE Spyad IE restriction latest one.
Thanking you in advance for your reply
 
Here is the HJT log of 15 feb 2006

Spiderman said:
Hello,
I had recently a problem with my internet explorer (i noticed after installing the MSN beta version 8.0-but am not sure because I also installed and uninstalled a router Trend Net which was working only when both equipement was in the same room). When i start the internet it was very very slow to start up (may take 5-15minutes to show fully with my start page). I therefore uninstalled the internet and reinstalled it again from the web (I had to use Mozilla firefox to download). Now it opens up correctly but when I tried to change the start page to test (i shifted it to google then i returned it back to its original setting www.polymtl.ca) since I have got tea timer operating i allowed the change in registry. Since then ieach time I start my computer tea timer still ask me to allow or to deny this change. so I ticked the option to remember the action and now it does not ask me. But the problem is that I have noticed in the tea timer log that everyday when I start my pc it has an action to put my start page (for which I defined that is www.polymtl.ca). I noticed also that before I had not this action. I should be grateful if you could help me in that as i am sure there should be a small problem somewhere.
I thank you in advance
I use AVG free edition (I scanned the whole pc with updated database but there was no virus)
I use spybot latest version and update with tea timer on.
I use adadware SE personal to clean up regularly with latest updates.
I have also spywareblaster installed
I did also IE Spyad IE restriction latest one.
Thanking you in advance for your reply
Click to expand...
Here is the log of HJT for 15feb 2006:

Logfile of HijackThis v1.99.1
Scan saved at 11:16:41, on 2006-02-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\TextTwist\TextTwist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.polymtl.ca/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.biblio.polymtl.ca:8080/biblio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/094c80af0f7d19f01815/netzip/RdxIE601_fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C7256BB-E90A-4484-AA8C-39E1676B683F}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{54EB7058-9B49-4CF4-A438-76F777F28E8C}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C7256BB-E90A-4484-AA8C-39E1676B683F}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C7256BB-E90A-4484-AA8C-39E1676B683F}: NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
Hi

Post a report from this tool
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them.....legitimate files can be listed.
 
LonnyRJones said:
Hi

Post a report from this tool
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them.....legitimate files can be listed.
Click to expand...
Here is the entry from blacklight, thanks:

02/19/06 10:49:32 [Info]: BlackLight Engine 1.0.32 initialized
02/19/06 10:49:32 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/19/06 10:49:32 [Note]: 7019 4
02/19/06 10:49:32 [Note]: 7005 0
02/19/06 10:49:45 [Note]: 7006 0
02/19/06 10:49:45 [Note]: 7011 232
02/19/06 10:49:46 [Note]: FSRAW library version 1.7.1015
02/19/06 10:51:46 [Note]: 7007 0
 
Close all browser's Start Hijackthis and place a check next to these items If there.
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C7256BB-E90A-4484-AA8C-39E1676B683F}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{54EB7058-9B49-4CF4-A438-76F777F28E8C}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C7256BB-E90A-4484-AA8C-39E1676B683F}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C7256BB-E90A-4484-AA8C-39E1676B683F}: NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: vskype - (no CLSID) - (no file)
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


If You have connection problems or those 017's ~ 69.50.176.156,195.225.176.31, return >
Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems


Download unzip then scan with RootkitRevealer
http://www.sysinternals.com/utilities/rootkitrevealer.html
when its done go file > save, attach or post the log back here in your next reply
Not to worry, normal there are a few of item shown.
It's an intensive scan, I suggest you disconnect from the internet and leave the PC alone until its finished.
Since the log might be very large, Please edit out items in
C:\RECYCLER\NPROTECT if there.
c:\windows\temps
documents and settings\your name\---- temporary internet files.
And C:\System Volume Information, before posting

Post a fresh hijackthis log please, be sure to mention any current problems.
 
After following last reply.

I followed everything as requested in the last reply.
For this part: "If You have connection problems or those 017's ~ 69.50.176.156,195.225.176.31, return >''
I did not have connexion problem.
For this part:"Since the log might be very large, Please edit out items in
C:\RECYCLER\NPROTECT if there.
c:\windows\temps
documents and settings\your name\---- temporary internet files.
And C:\System Volume Information, before posting"
I did not find any log files in these directories.The scan with RootkitRevealer gave :"Scan Complete: No discrepancies found".When doing save after the scan the file was completely empty.
Here is the log for hijackthis after scanning (and removing the entries 017 & 018) after the rootkit revealer:
Logfile of HijackThis v1.99.1
Scan saved at 16:23:07, on 2006-02-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\IEXPLORE.EXE
C:\antispyware\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.polymtl.ca/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.biblio.polymtl.ca:8080/biblio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/094c80af0f7d19f01815/netzip/RdxIE601_fr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: vskype - (no CLSID) - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
----------------------------------------------------
Persisting Problem:
Each time I restart my PC tea timer still tells me it is allowing the change to my homepage.
Please find attached the log for the tea timer :
I thank you all again for your effort and time. Thanks.
 
:"Scan Complete: No discrepancies found".

Thats a good sign :)

About Tea timer , see this quote by md usa spybot fan
md usa spybot fan said:
For TeaTimer 1.4 Registry changes.

If you checked "Remember this decision" on a change the information concerning that change it is stored in a file. TeaTimer uses that information to automatically "Allow" or "Deny" changes. To edit this information:
  • Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
    • Allowed processes
    • Blocked processes
    • Allowed registry changes
    • Blocked registry changes

      Note: If you don't see all four buttons, try expanding the window to the right.
  • You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Allowed registry changes" and "Denied registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.
Click to expand...
 
LonnyRJones said:
:"Scan Complete: No discrepancies found".

Thats a good sign :)

About Tea timer , see this quote by md usa spybot fan
Click to expand...
I have seen in the Tea timer the allowed registry changes in fact contain one entry allowing to change my start page to www.polymtl.ca:
"HKEY_CURRENT_USER\SOftware\Microsoft\Internet Explorer\Main\Start Page=http://www.polymtl.ca/index.php"
. But there is also an entry in Blocked Registry changes saying:
"HKEY_CURRENT_USER\SOftware\Microsoft\Internet Explorer\Main\Start Page=http://www.searchportal.info/10039/"
Which I suppose means that search portal is present (but on scanning with Spybot and ad-adware SE Personal I found absolutely no problems) and wants to change my default page. I should be grateful if you could help me in removing it. I am therefore afraid to delete these two processes as it could change my default page. Pls help/advise.
Thank you again.
 
Turn off Tea Timer (right-click its icon in the tray area near the windows clock and choose exit) and close SpyBot if open. Download ResetTeaTimer.bat
http://downloads.subratam.org/ResetTeaTimer.bat
To your desktop, run ResetTeaTimer.bat.
Since it will not be needed again delete ResetTeaTimer.bat.
Turn Tea timer back on again via SpyBots tools resident page.
 
After executing last mail

After running the bat file as suggested I restarted the PC and noticed that i did not have the problem which I told was persisting in the last mail. I thank you very much for your efforts. I just wanted to know if the bat file was a patch on the tea timer or it was the original tea timer file and if the problem was occuring because I changed the tea timer with reshack to correct the display button problem in the Deny/Allow change window of tea timer.
Thanking you again and in advance.
 
Additional Information Please

I am actually using the free version of avg, but I suppose it does not detect rootkit viruses.Is there other free good antivirus out there which you may suggest please or is the avg free edition still good?Will Spybot be scanning the rootkit in the future?What else as complement (free ones in particular)can we use for the time being to make regular checks particularly for the rootkit attacks.? (I have tea timer resident on, I scan regularly with adadware SE Personal free version now and have also Spywareblaster installed as well as IE_SPYAD, i also use clean up from time to time)
Thank you beforehand
 
Additional information please

One last information please.Could u suggest to me a free software (preferably which do not need installation) which u can use in order to save an internet page together also with the files/other pages that the page links to and u can choose the depth to which u want to save.
Thank you
 
AVG is a good program , if you can though get its pro version.

Ad_aware does have a root kit plugin tool.

If you suspect a rootkit you can use
Blacklight: http://www.f-secure.com/blacklight/try.shtml

Or system internals rootkill revieler

Normaly though running your antivirus and antispyware programs while in safe mode will help as most stealth virus/trojans dont run in safe mode.

For your last question, have you checked into microsofts offline browser pack ? when you save a favorite tick the box in make available offline.
 
Thank you for all.

Thanks for everything.
Does these two (Backlight n rootkit revealer) automatically remove the problem (like does spybot).?In fact i cannot go to safe mode with my PC. Don't know why. When i try at start up to press the F8 (or F5 to go to safe mode forgot) it just don't. For the offline browsing in fact I have access to a site with login n password and wish to store part of the site by saving it on hard disk for future acess (without connexion) but I cant it continues to ask to connect and to put login/password in order to acess other pages (the first main page is well saved) for which the links in this saved page access to. Perhaps one cannot save sites which requires login/password apart from the first page.:scratch: .
Anyway please advise if u can and thank you once more.

PS:U did not tell me what the bat file for tea timer was for.
 
Resetteatimer.bat did about that same as the manual instructions in post 9 would have
http://forums.spybot.info/showpost.php?p=12828&postcount=9

No they do not automaticly fix, Use discrection when scanning with rootkilrevieler and blacklite, they can and do show false possitives, Its best to post there logs in a help forum.

You might ask in a more gerneral forum section about offline browsing
I actualy havent used IE's offline browsing capability.
 
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.

Regards
Lonny
 
You must log in or register to reply here.
Back
Top