Good afternoon

The problem:

When I start internet explorer 6.0 service pack 1, and try to surf web pages. the web page/browser will freeze for 30 seconds, then allow me to do my stuff. (every web page)

When i boot into safe mode the problem does not occur, which leads me to think its some unknown process that is highjacking the browser.

What i have done already:

Run Lavasoft Adaware
Virus scanned w/ Mcafee 7 sp1 w/ l8tist DAT
Used Start Up manager to eliminate uneccsary processes.
Cleared cookies
Cleared Temps
Checked the registry for Malicious things, couldnt find it.


I am all out of ideas, and i know there has to be away to fix this w/o re formatting.

Just a FYI, when i normally run IE6 the process in the amount of bytes is around 19k, but when his runs (my friend who is having the issue) is around 21k.

What could it be? thank you in advanced.

try running Spybot (http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp). if you haven't tried already. did you update your AD-Aware refrence file?


if nothing works i would suggest you try another browser and see if the problem presists. there are so many spyware/ Adware browser hijacks targeted at IE i have stopped using IE life has peaceful since then. i suggest you give it a tryMozilla Firefox beleave me you will like it (http://www.mozilla.org/download.html) :)

Try using the repair option in IE.

control panel->add/remove programs->internet explorer6. It will give the option to repair IE.

Then try running scan disk and restarting windows. That may help.

TSeNg,

We're always eager to throw up the Mozilla Banner when we believe we have a problem with IE. I experience the very same delays on Mozilla, Netscape, and IE. The reason for my delays is all the background processess that I have running at the same time. Trying to funnel all those data requests (like a river) down a narrow pipeline. Anyway when I shutoff everything not critical, all the browsers function normally because the number of requests issued to the system is seriously reduced. If you are familiar with msconfig (win98se) do the following to see what programs are initiated upon startup:

click on Start > click on Run > fill in msconfig in the space provided and press enter> click on the upon right hand tab which says startup> and everything that has a check in the box will initiate upon starting your computer.

Since I don't know what will be there without seeing it, write those down before you uncheck any of them. There may be one there called systray, do not uncheck it. But you should be able to uncheck most of the others. (Those programs should not start now until you start them manually etc.) After you do, reboot your computer. That should help dramatically. If something goes crazy during the boot process, you can always enter safe mode, recheck those boxes, and reboot again.

For other flavors of Windows do a www.google.com for startup file programs. You should be able to find one easily.


Hope that helps. If I blew it someone please let me know, cause I don't have my windows box up...

Hijack this would help, if you can get it.
Last I knew they were under DDoS....
but try to get it.. google it out.
the links I have may work...
try:
bah nevermind, my links dont work :(

go to http://www.wilderssecurity.net/index.html and downlaod mru blaster and spyware blaster and you'll be protected

:borg:

Please check if you have a bad bho With this program http://www.mvps.org/sramesh2k/toolbarcop.htm


PLEASE READ INSTRUCTIONS :borg:

This is a great tool for finding out what programs are set to autostart.
http://www.diamondcs.com.au/index.php?page=asviewer

It shows you everything thats starting and lets you remove it directly from the interface.

Hope this helps :D

Oh ya and here is a website with info on many of the common startup program
http://www.kephyr.com/filedb/index.php?categoryBrowse=1

avenger_jcc wrote:

Hijack this would help, if you can get it.

It's available at MajorGeeks (http://www.majorgeeks.com/download3155.html).

Yea, I tried Repairing IE to, forgot toadd that. Yea i got the start up manager as well like i said, and i filtered all the non important, and sorta important stuff.

I have not yet tried to use a different browser though. Ill try that on his computer.

Do you think there was something added an or anything added to one of the files in IE6?

I have tried uninstalling it, and reinstalling it, and repairing it. that all didnt work. =\

Thanks

Oh its windows 2000 box, i dont think Msconfig works on it o_o

Thanks

Ok, this is a job for HiJack this. MsConfig wont do it, (I've never seen a hijack in MsConfig startup)

Here is the link for Hijack this, the UPDATED link (old ones are broken)

http://www.spywareinfo.com/~merijn/downloads.html
(scroll down a little, its there)

use it, click scan, click save log under that, and attach the .log file to a post here. Then we can check it out and see which ones are obviously hijacks.

I am having a similar problem as posted in this thread. I have generated a "Highjack This" log. Please review and advise.
Logfile of HijackThis v1.97.7
Scan saved at 6:11:44 PM, on 12/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
F:\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Donald\Application Data\Mozilla\Profiles\default\12u0xarx.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38197.5970833333
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab