Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search hijack from 85.255.117.2


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I am not aware of any limit to the number of favorites.

It might help if you organised them:
http://www.microsoft.../favorites.mspx

Also deleting the offline content might help. (see link above)

Regards,
  • 0

Advertisements


#17
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
They are all organized (and I deleted all offline content too)... there's nothing in the root Favourites even, it's all in separate dirs... I even tried moving 500 of them elsewhere, and I still got the slowdown... so I'm guessing it must be one of the anti-malware apps... I'll try uninstalling some of that once we're done with the cleanup. I guess I should leave Spy Sweeper on until I get rid of that crap in restore?

How would I go about getting rid of that?
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
To empty your Restore points:

Disable System Restore
Reboot
Re-enable system restore

More info: http://service1.syma...src=sec_doc_nam

Regards,
  • 0

#19
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Well, apparently everything is cleaned up now, but explorer and Internet explorer both behave abnormally now.

I've been watching in Task Manager what happens, and the initial slowdown when starting XP is caused by explorer using up 100% of the CPU resources for a while. The system is practically unusable during this time. Then if I start IE, pretty much the same thing happens there... if I click on Favorites or try to change any options in IE, the whole thing freezes and IEXPLORE.EXE uses up 100% of the CPU as well. After it runs through whatever it is that it's doing, things run normally - but only in that particular IE instance. Every new window or new IE instance I open, it's the same story all over again - it's practically unusable for the first 30 seconds or so.

I've removed Spy Sweeper and disabled Avast and killed ZoneAlarm, but it made no difference whatsoever. I've even tried moving all the favorites out. No difference at all. If I try to get into IE options, the whole thing still freezes for 30 seconds or so.

So all this apparently doesn't have anything to do with favorites... it's an explorer/IE issue that I haven't had before.

Any ideas what I could do to fix this?

Btw, I had trouble accessing geekstogo again... couldn't get to the site for an hour. Wonder why?
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you try this first?
http://www.theelderg.../repair_ie6.htm

It might help if this is due to a file being replaced or removed due to the infection you had.

Regards,
  • 0

#21
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Method 1 didn't recognize the CD for some reason... method 2 worked, but no change is noticeable after the reboot.
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download and unzip:
http://www.diamondcs...onsoletools.zip

Save all the files in the zip to this path:
C:\console

This isn't absolutely necessary, but will make it a lot easier for me since I have them there as well.

Then click Start > Run > cmd > OK

The command prompt will open.
Type these commands behind the prompts, each line followed by using ENTER

cd\
cd console
procs -l

This will result in a list of processes each followed by a number between brackets (the PID)
Find the PID for (the first instance of) explorer.exe
That should look something like this C:\WINDOWS\system32\explorer.exe [1512]
Since your number will probably not be 1512 you will have to replace it by your own in the command below.

Then use this command

procs -m:1512


This will result in a list of all the modules in use by explorer.exe

Copy and paste that list into your next post.
I think the cause for the unusual behavior will be in there.

Regards,
  • 0

#23
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Lots of stuff:

01000000: C:\WINDOWS\Explorer.EXE
77F50000: C:\WINDOWS\System32\ntdll.dll
77E60000: C:\WINDOWS\system32\kernel32.dll
77C10000: C:\WINDOWS\system32\msvcrt.dll
77DD0000: C:\WINDOWS\system32\ADVAPI32.dll
78000000: C:\WINDOWS\system32\RPCRT4.dll
7F000000: C:\WINDOWS\system32\GDI32.dll
77D40000: C:\WINDOWS\system32\USER32.dll
70A70000: C:\WINDOWS\system32\SHLWAPI.dll
773D0000: C:\WINDOWS\system32\SHELL32.dll
771B0000: C:\WINDOWS\system32\ole32.dll
77120000: C:\WINDOWS\system32\OLEAUT32.dll
75F80000: C:\WINDOWS\System32\BROWSEUI.dll
769C0000: C:\WINDOWS\System32\SHDOCVW.dll
5AD70000: C:\WINDOWS\System32\UxTheme.dll
71950000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1
df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
77340000: C:\WINDOWS\system32\comctl32.dll
76200000: C:\WINDOWS\system32\WININET.dll
762C0000: C:\WINDOWS\system32\CRYPT32.dll
762A0000: C:\WINDOWS\system32\MSASN1.dll
76BF0000: C:\WINDOWS\System32\psapi.dll
75F40000: C:\WINDOWS\system32\appHelp.dll
76FD0000: C:\WINDOWS\System32\CLBCATQ.DLL
77050000: C:\WINDOWS\System32\COMRes.dll
77C00000: C:\WINDOWS\system32\VERSION.dll
76620000: C:\WINDOWS\System32\cscui.dll
76600000: C:\WINDOWS\System32\CSCDLL.dll
559E0000: C:\WINDOWS\System32\themeui.dll
76F90000: C:\WINDOWS\System32\Secur32.dll
76380000: C:\WINDOWS\System32\MSIMG32.dll
75A70000: C:\WINDOWS\system32\USERENV.dll
71C20000: C:\WINDOWS\System32\netapi32.dll
10000000: C:\Program Files\ewido anti-malware\shellhook.dll
7C340000: C:\WINDOWS\System32\MSVCR71.dll
760F0000: C:\WINDOWS\system32\urlmon.dll
76980000: C:\WINDOWS\System32\LINKINFO.dll
76990000: C:\WINDOWS\System32\ntshrui.dll
76B20000: C:\WINDOWS\System32\ATL.DLL
015C0000: C:\Program Files\Logitech\iTouch\iTchHk.dll
01620000: C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
76C30000: C:\WINDOWS\System32\WINTRUST.dll
76C90000: C:\WINDOWS\system32\IMAGEHLP.dll
0FFD0000: C:\WINDOWS\System32\rsaenh.dll
763B0000: C:\WINDOWS\system32\comdlg32.dll
55900000: C:\WINDOWS\System32\MSVCP60.DLL
74720000: C:\WINDOWS\System32\MSCTF.dll
76360000: C:\WINDOWS\System32\WINSTA.dll
74B30000: C:\WINDOWS\System32\webcheck.dll
74B00000: C:\WINDOWS\System32\stobject.dll
74AF0000: C:\WINDOWS\System32\BatMeter.dll
74AD0000: C:\WINDOWS\System32\POWRPROF.dll
76670000: C:\WINDOWS\System32\SETUPAPI.dll
76F50000: C:\WINDOWS\System32\WTSAPI32.dll
75CF0000: C:\WINDOWS\system32\NETSHELL.dll
76C00000: C:\WINDOWS\system32\credui.dll
71AB0000: C:\WINDOWS\system32\WS2_32.dll
71AA0000: C:\WINDOWS\system32\WS2HELP.dll
76D60000: C:\WINDOWS\system32\iphlpapi.dll
01B90000: C:\WINDOWS\System32\msi.dll
72430000: C:\WINDOWS\System32\browselc.dll
00ED0000: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
75E90000: C:\WINDOWS\System32\SXS.DLL
51080000: C:\WINDOWS\System32\DSOUND.dll
76B40000: C:\WINDOWS\System32\WINMM.dll
5CD70000: C:\WINDOWS\System32\serwvdrv.dll
5B0A0000: C:\WINDOWS\System32\umdmxfrm.dll
72D20000: C:\WINDOWS\System32\wdmaud.drv
72D10000: C:\WINDOWS\System32\msacm32.drv
77BE0000: C:\WINDOWS\System32\MSACM32.dll
77BD0000: C:\WINDOWS\System32\midimap.dll
74B80000: C:\WINDOWS\System32\printui.dll
73000000: C:\WINDOWS\System32\WINSPOOL.DRV
76E40000: C:\WINDOWS\System32\ACTIVEDS.dll
76E10000: C:\WINDOWS\System32\adsldpc.dll
76F60000: C:\WINDOWS\system32\WLDAP32.dll
74AE0000: C:\WINDOWS\System32\CFGMGR32.dll
71B20000: C:\WINDOWS\system32\MPR.dll
02920000: C:\WINDOWS\System32\nvcpl.dll
74C80000: C:\WINDOWS\System32\OLEACC.dll
76CE0000: C:\WINDOWS\System32\NTMARTA.DLL
71BF0000: C:\WINDOWS\System32\SAMLIB.dll
027C0000: C:\Program Files\Super X Studios\Desktop Dreamscapes\DesktopDreamscape
sMenu.dll
032F0000: C:\WINDOWS\System32\nvshell.dll
02800000: C:\Program Files\WinRAR\rarext.dll
03760000: C:\PROGRA~1\TROJAN~1.2\contmenu.dll
64F00000: C:\Program Files\Alwil Software\Avast4\ashShell.dll
7C3A0000: C:\WINDOWS\System32\MSVCP71.dll
75F60000: C:\WINDOWS\System32\drprov.dll
71C10000: C:\WINDOWS\System32\ntlanman.dll
71CD0000: C:\WINDOWS\System32\NETUI0.dll
71C90000: C:\WINDOWS\System32\NETUI1.dll
71C80000: C:\WINDOWS\System32\NETRAP.dll
75F70000: C:\WINDOWS\System32\davclnt.dll
014F0000: C:\Program Files\Logitech\iTouch\kbdhook.dll
74770000: C:\WINDOWS\System32\MLANG.dll
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
This one is a first for me:
027C0000: C:\Program Files\Super X Studios\Desktop Dreamscapes\DesktopDreamscapesMenu.dll

Did you install this software?
http://www.superxstu...m/downloads.htm Desktop Dreamscapes

The rest looks familiar.
I'll dig some further to see if anything is missing.

Regards,
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you check the version number of your

C:\WINDOWS\system32\WININET.dll

also...


Go to Start>Run> and register the following dll's by using
regsvr32 command. Try the first 2, then see if it resolves the problem. If
not then register the rest of the .dll's:

regsvr32 urlmon.dll
regsvr32 actxprxy.dll

regsvr32 scrrun.dll
regsvr32 msxml.dll
regsvr32 mshtml.dll
regsvr32 shdocvw.dll
regsvr32 browseui.dll
regsvr32 msjava.dll

Let me know,
  • 0

Advertisements


#26
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes, I've installed Desktop Dreamscapes (and it's disabled atm).

WININET.dll is 6.0.2800.1106

I've registered the first two now, but there doesn't seem to be any change... I'll try rebooting before doing the rest.
  • 0

#27
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. I found advise in the Google groups to delete the index.dat in the favorites folder, but I'm weary about that and not try that unless we get desperate.

Let me know if the rest solves anything.

Regards,
  • 0

#28
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Um, I don't have an index.dat in the Favorites directory...

Reboot didn't help, so I'm registering the rest now.
  • 0

#29
Gladius

Gladius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Registering the last one failed - said module can't be found. I've removed all java stuff months ago because Avast kept identifying a bunch of the java archives as malware. I think it was all false positives, but I had to get rid of it all otherwise it was impossible to make a scan without having to click through 200 windows...

No change after registering the rest, btw.

Edited by Gladius, 21 January 2006 - 04:13 PM.

  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Aha.

Copy the code below into notepad and save it as lookup.bat
Set Filetype to "All files"
dir %Systemdrive%\msjava.dll /a h /s > files.txt
start notepad files.txt

Start the file by doubleclicking lookup.bat
That will open a file called files.txt. Post the content of that file.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP