Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Doing Weird Things....


  • Please log in to reply
9 replies to this topic

#1 ignorantmonkey

ignorantmonkey

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 29 February 2008 - 12:54 PM

I have tried everything...defragging...deleting cookies...deleting temporary internet files...scan the computer using Spybot....then fullscanning it for visuses using AVG Free...called my local cable internet access and still the browsing either slows down o unbelievable turtle speed...or just freezes .... This has happened for about a week now...One thing I have noticed is that while connected the windows Im working on suddenly turns as if I was clicking on another opened window...similar like these moments prior to get one of these annoying pop up windows...I also have noticed a small program that occupies about 1/8 of the top left corner of the window Im working on that shows up about a 1/4 of a second and then dissapears....ALSO when Im using Yahoo Messenger and are typing a message the typing suddenly stops, like I was working in another window...so I got to click on the message window so I can continue typing...Suppose youre typing on this window now and as you type the top blue bar changes from the strong blue as it is to a paler blue....ALSO when I click on to check on a java window it freezes and stops responding...I then restart the machine and go back at same page and then starts opening the java window to show the extra images...I do this five or more times and then again stops opening the following images...As Im typing this message I have to keep on clicking this window to keep on typing for four times...What its going on?
Im running Windows XP Pro...Pentium 4...960 MB Ram...2.39 Ghz...
Thanks for any help or advise....

(Moderator edit: clarified Topic Title and moved post to more appropriate forum. jgweed)

Edited by jgweed, 29 February 2008 - 03:07 PM.


BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,722 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:22 PM

Posted 01 March 2008 - 10:35 PM

Hello ignorantmonkey and welcome to BC :flowers:

Sorry about all the problems you are having. I see that you've run Spybot and AVG Free. Did they find anything?

I would like to try a scan with a different program to see if it turns up anything. You might want to print out these directions or copy them to notepad because you won't have internet access for a part of this procedure. I would like you to scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 02 March 2008 - 03:03 AM

it sounds suspiciously as though you have an infection there :thumbsup:

it would be helpful to know if you have System restore enabled?
I would suggest you do NOT do any Messenger activity nor do e mailing until you know you are in the clear

I would also suggest you go to tools/internet options/general tab/settings/

and reduce that tab to virtually nil space

then go to http://vil.nai.com/vil/stinger/ and get the stinger exe from here; it is a very small app that pulls a strong punch; this is the latest version of it so it does NOT need any 'updating' :flowers:
you will need to place a shortcut to the exe on your desktop for ease of reference;
when you open it, on the preferences tab you will need to configure it on targets to scan processes and boot sectors, on virus detection , to repair,on detection, have everything ticked ;( you will also find two blanked out boxes)


when the scan has run ( which could take a wee while, it will give you a dialogue box with what it has found; can you also let us know the result of that?

#4 ignorantmonkey

ignorantmonkey
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 02 March 2008 - 03:17 PM

Hi...Thanks a lot for your help...I did followed all you said...Downloaded the Stinger (which btw can't find in the installed programs list)...After a while it finished showing a window with a gazillion items...I just closed it and reboot....NOW when I try to open the Search on the bar, it doesnt show up at all...Now I can not open the search window to locate the Stinger program so I can place the icon on my desktop...Also... the explorer (6.0) keeps freezing...it has kept being slow....Even Im running Corel x3 same time and if I click on the tab to get back to work there it just does nothing...until 10-25 seconds pass...When I clicked the tab to port this reply it gave me the annoying: Page not found...etc.... so I clicked 3 times to open this box and write the reply...When I log in to check my emails...it does same...nothing...after a while and after trying several times it allows me to...Im lost...

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 02 March 2008 - 06:22 PM

Hello, Ok lets start slow. Have you installed the SUperAntispyware tool. If so go to safe mode and run it. If you can't access safe run from normal,but Safe does a better job. Post back the scan results.

How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ignorantmonkey

ignorantmonkey
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 March 2008 - 10:48 AM

Hi again!.....

Well..I have done most of all you guys have contributed with...I did the full system scan using SuperAntiSpyware....Since I have 3 HDs it took more than 4 hours to run...almost five hours...WOW!.... Here's the log you asked for:
.....................................................................................................................................................................................

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/10/2008 at 02:59 PM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1408

Scan type : Complete Scan
Total Scan Time : 04:53:28

Memory items scanned : 442
Memory threats detected : 1
Registry items scanned : 5457
Registry threats detected : 10
File items scanned : 422193
File threats detected : 23

Trojan.Unclassified/FukuRuku-A
D:\WINDOWS\SYSTEM32\GZMRT.DLL
HKLM\Software\Classes\CLSID\{7D9362F8-77D8-4b29-97B5-621D550890C0}
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}\InprocServer32
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}\InprocServer32#ThreadingModel
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}\ProgID
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}\Programmable
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}\TypeLib
HKCR\CLSID\{7D9362F8-77D8-4B29-97B5-621D550890C0}\VersionIndependentProgID
D:\WINDOWS\SYSTEM32\GZMRT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F192E9E7-7BD9-474E-97CC-DAA096D45A09}\RP50\A0015302.DLL

Adware.Tracking Cookie
D:\Documents and Settings\Manuel\Cookies\manuel@richmedia.yahoo[1].txt
D:\Documents and Settings\Manuel\Cookies\manuel@e-2dj6wgkikoazgbo.stats.esomniture[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@e-2dj6wjny-1pdjab.stats.esomniture[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@www.statssheet[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@e-2dj6wbk4agd5kao.stats.esomniture[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@eas.apm.emediate[1].txt
D:\Documents and Settings\Manuel\Cookies\manuel@ads.adbrite[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@adbrite[1].txt
D:\Documents and Settings\Manuel\Cookies\manuel@e-2dj6wjloggczikp.stats.esomniture[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@adinterax[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@e-2dj6wfk4olcziaq.stats.esomniture[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@adecn[1].txt
D:\Documents and Settings\Manuel\Cookies\manuel@rotator.its.adjuggler[2].txt
D:\Documents and Settings\Manuel\Cookies\manuel@adserver.easyad[1].txt

Trojan.Downloader-Gen/DAP
C:\PROGRAM FILES\COMMON FILES\CARLSON\CARLTON

Adware.AdRotator/AdsSite
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F192E9E7-7BD9-474E-97CC-DAA096D45A09}\RP42\A0013631.EXE

Trojan.Unclassified/IEBROWSERCMP
D:\SYSTEM VOLUME INFORMATION\_RESTORE{F192E9E7-7BD9-474E-97CC-DAA096D45A09}\RP54\A0017263.DLL

Unclassified.Unknown Origin
D:\WINDOWS\SYSTEM32\NSDB.DLL

Adware.AdRotator/RightOnz
D:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE

Adware.MyWebSearch
F:\BACK_C\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
F:\BACK_C\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE

......................................................................................................................................................................................

Now every time I have started the session on windows appears a box about RUNDLL saying theres a missing file that I havent noticed what effects is having in....PLUS....Now my connection is much lower...I have a regular cable connection of 250kbps....Ran a speed test on Speakeasy and it says the download speed is 254...and the upload one is 19...BUT Im seeing things about same as prior....To me this feels like the old 28kbps I used to get ten years ago....

Thanks for your help anyway!
MB

#7 ignorantmonkey

ignorantmonkey
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 11 March 2008 - 08:26 PM

OK...the RUNDLL message says:
Error loading D: WINDOWS/system32/gzmrt.dll

Should I go on and try using Firefox?....

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,722 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:22 PM

Posted 11 March 2008 - 09:38 PM

Hello ignorantmonkey,

The message you are getting is caused by a stray registry entry. The registry is telling the computer, "Start this file," and the computer says, "It's not there." In your case this is a good thing as the file is a baddie. To resolve this, download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the file(s) in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.
Let us know if that takes care of the issue.

Back to you boopme. :thumbsup:

Orange Blossom :flowers:

Edited by Orange Blossom, 11 March 2008 - 09:39 PM.
spelling correction

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 ignorantmonkey

ignorantmonkey
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 12 March 2008 - 10:18 AM

Hi again...and thanks for your continued support....I downloaded last night Firefox, and since then....All seems as quick as before...Something might be wrong wither with my Explorer program...or with that program as it is...Firefox seems flawless...quick...easy...and even these sites I had trouble getting into now theyre running....Thanks for the RUNDLL advise...I will run it and fix that glitch....
Thanks a lot...and please keep giving your wise advise to those like me that sometimes are living in our own dark ages....
MB :thumbsup:

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 12 March 2008 - 07:12 PM

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users