TechSpot

IE problem - very very slow (pretty sure not spyware)

By xylophone
Jun 12, 2006
  1. Howard, if I may but in here. I would be grateful ifyou could help me. I am a non-techie here and flying by the seat of my pants.

    I also have exactly the same HKLM entry. You say that if this name server does not belong to your ISP, get HJT to get rid of it.

    My ISP original account details give a primary DNS of 212.74.112.66, secondary 212.74.112.67, and an IP address of 212.1.134.54

    Is any of these the same as the 'name server' you mention? I understand the IP (numerical) address should = (my ISP's name address) www.tiscali.co.uk

    The reason I ask is that I have had problems with my ISP's DNS servers causing (with a secure online web site) 'page cannot be displayed' To get round that, and as it seemed a good idea, anyway, I installed Treewalk, which causes the PC to use DNS numerical addresses, avoiding the name addresses. But TW would not work, and after many postings in their Forum, they concluded that my 80.225.252.58 80.225.252 address was fishy: they couldn't get TW to work.

    I have since run a DNS test at DNSReport.com on my ISP domain = tiscali.co.uk (omit www.), which showed up minor (yellow) but no real (red) problems.

    So, if I am able to get rid of the HKLM... entry in HJT, it could mean my ISP DNS servers problems would be over

    My question is - as I have described my position, should I delete this entry?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Make sure HJT is in it`s own directory, I.E C:\HJT\HJT.exe. This is because HJT makes backups of anything it fixes.

    Then, go ahead and have HJT fix that entry. If you then have problems, you can restore that entry by doing the following.

    Run HJT and click on the config button, then the backupps button. Choose the entry you would like to reastor and tick the little box next to that entry. Click on the restore button.

    Regards Howard :wave: :wave:
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have split your post to it`s own thread. This will save any confusion.

    Regards Howard :)
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, I have just read your PM.

    In view of what you said in your pm, I suggest you do the following.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log into this thread, Only after doing the above.

    Regards Howard :)
     
  5. xylophone

    xylophone TS Rookie Topic Starter

    Following instructions. Ewido run, no problems, still have offending 017 entry in HJT (HKLM -- 85...), so posting Ewido report below. Will now follow remaining instructions>

    ---------------------------------------------------------
    ewido anti-malware - Scan Report
    ---------------------------------------------------------

    + Created at: 16:49:54 12/06/2006

    + Scan result:



    Nothing found.



    ::Report end
     
  6. xylophone

    xylophone TS Rookie Topic Starter

    Just to say the rest of the instructions will take some time I will have to set aside, so may not post again time until tomorrow Tuesday. I am not going away!
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s not a problem.

    I`m not going away either lol.

    Regards Howard :)
     
  8. xylophone

    xylophone TS Rookie Topic Starter

    Me again.

    Problem. I ran through the programs you mention to download and install. One of them, I can't remember now which, got me to go into Safe Mode, which I did successfully. Having run all of the programs, to see how they work, I then tried (top of page 2 of your instructions) to reboot in Safe Mode again, before Disabling System Restore, and then running the programs you then mention. But this time, when on restarting it got the bit where I click on (below greyed out Administrator bit), the 'hand' froze and I could not enter my password for that reason, the cursor jusy kept blinking. It also seemed as if the entire keyboard was locked. Can you please advise (I hope!) how I get out from under this, so I can proceed with your instructions. I run XP SP1
     
  9. xylophone

    xylophone TS Rookie Topic Starter

    If I try msconfig.../safeboot, will that be ok, will that bypass the password problem???
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No do not use safeboot in msconfig.

    You`re not supposed to run all the programmes to see how they work. You`re supposed to follow the instructions in the exact order they are given.

    Reboot your computer into normal mode and post a HJT log.

    Regards Howard :)
     
  11. xylophone

    xylophone TS Rookie Topic Starter

    I believed I should familiarise myself with the programs first. You do have a line 'before running these programs (now or later) alweays make sure.... I took 'now' to mean I was at liberty, sensibly it seemed to me, to run through them first, before proceeding with your instructions further. I am not complaining or seeking to justify myself, just staing how I read the instructions.

    At all events, as requested, I append my HJT log (can't get attach to work)
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=StopThePopup:8100

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: (no name) - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - (no file)

    O3 - Toolbar: (no name) - {E947A403-B614-4FA8-B9E7-E790F0BDC87E} - (no file)

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Sandboxie Toolbar - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

    O9 - Extra 'Tools' menuitem: Sandboxie - {11E506DC-0976-4CDA-BB30-37E60A2F2F46} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

    Fix all 016-DPF entries.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{24100528-2EF3-4F79-9E00-512BF6643493}: NameServer = 80.225.252.50 80.225.252.58<Only fix this, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.

    Regards Howard :)
     
  13. xylophone

    xylophone TS Rookie Topic Starter

    All instructions completed, except please note that 017 entry did not appear this time. I append the log:
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is not in the correct format.

    Please see HERE

    Post a fresh HJT log as an attachment.

    Regards Howard :)
     
  15. xylophone

    xylophone TS Rookie Topic Starter

    Post all of the before, when I ran IE, I got MSN as the address, when this should have been tiscali.co.uk. So I put in that address in IE and got it to use that as the current. When I then ran HJT, entry 017, as before, reappeared - HKLM.... the numbers. Might this mean that the Tiscali address brought this entry back? If so, what are the ramifications of that?
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If the 017 entry does belong to your ISP, I.E Tiscali, then it`s probably safe.

    Regards Howard :)

    P.s. I have just checked your 017 entry and it is indeed from Tiscali. So, if your ISP is Tiscali, it`s safe.
     
  17. xylophone

    xylophone TS Rookie Topic Starter

    HJT log.txt attached.

    Sorry. Only just twigged to rename it hijackthis.txt before saving it.

    Re 017, I don't know if this belongs to Tiscali. My previous researches re failure to access my secure online banking account indicated it does belong to Tiscali. That said, several forum moderators elsewhere (e.g Treewalk) have suggested the entry is 'fishy'. On thta basis and hitherto, I have assumed my quest is to get the entry off my PC. Perhaps instead I should be questioning Tiscali about it. I know which technical people to speak to there who should field such an enquiry, but my problem there would be I would not be able to raise it and pursue it, for fear I would get 'lost off'.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix the following.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=StopThePopup:8100

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

    O17 - HKLM\System\CCS\Services\Tcpip\..\{24100528-2EF3-4F79-9E00-512BF6643493}: NameServer = 80.225.252.50 80.225.252.58

    Click on the fix checked button and close HJT.

    If after fixing the above 017 entry your internet stops working, do the following.

    Run HJT and click on the config button and then on the backups button. Place a tick in the little box next to the enty you wish to restore and click the restore button. Reboot your computer.

    Regards Howard :)
     
  19. xylophone

    xylophone TS Rookie Topic Starter

    Did all of that. In IE, got page cannot be displayed, and OE error. Restored 017 in HJT and internet now working.

    What next?
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    As far as I`m aware, your HJT log should now be clean.

    You can post a fresh log if you like.

    Regards Howard :)
     
  21. xylophone

    xylophone TS Rookie Topic Starter

    Thanks. Many thanks

    So what therefore does all of this mean?

    Were there problems, and if so, what were they?

    Should I now be having problems accessing my secure online account?

    Is the 017 entry now in any way 'fishy'

    In other words, do I have anything HJT shows to worry about???
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The problems were the entries I told you to fix.

    Providing everythings running ok now, that should be it.

    Regards Howard :)
     
  23. xylophone

    xylophone TS Rookie Topic Starter

    Thanks. To make sure - by this do you mean your post, no 19?
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If you are in any Doubt, please feel free to post another fresh HJT log.

    Regards Howard :)
     
  25. xylophone

    xylophone TS Rookie Topic Starter

    I attach latest log

    Puzzled now.

    If the entries you say were the problems, were the 4 entries in post 19 (which is what I asked before), then the first 2, R1 entries have reappeared, but not the 02 entry.

    If the first 2, R1 entries were 'problems', which HJT fixed, then why have they reappeared, and the other entry HJT also fixed, has not?

    I am trying to understand. Might the upshot be that if the same 02 entry were to reappear (I have kept a record of it), I should get HJT to fix it without further ado???
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...