1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

avant Browser and opening this site

Discussion in 'Virus & Other Malware Removal' started by Cris_Cr0ss, Apr 20, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    Well everytime i open this site, after not a few seconds i am automatically sent to another one using Avant Browser now this never happend before and it works fine with IE so i dunno. Yes i have the latest security updates/ iv'e run spybot and search and destroy clean as usual, I also have run NOD-32 anti-virus scan and its all clean. here is a screen shot of the stupd re-direction

    Here is my HJT LOG.

    Logfile of HijackThis v1.97.7
    Scan saved at 10:06:59 PM, on 4/20/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\RamBooster\Rambooster.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Avant Browser\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Luay\Desktop\Luays Folder\Appz\System Appz\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RamBooster] C:\PROGRA~1\RAMBOO~1\RAMBOO~1.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1078864644062
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.8048726852
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
     
  2. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    someone this little error is pretty innoying
     
  3. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    please someone this also seems to be happening with other sites.
     
  4. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    Bump* Omg please somebody this keeps happening with almost every other forum.!!! I would really like to know why.
     
  5. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Let's move you to security for better assistance ;)
     
  6. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    New Log:
    Logfile of HijackThis v1.97.7
    Scan saved at 12:38:06 PM, on 4/24/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\RamBooster\Rambooster.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Luay\Desktop\Luays Folder\Appz\System Appz\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=200.198.83.83:8080;gopher=200.198.83.83:8080;http=200.198.83.83:8080;https=200.198.83.83:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ftp://*

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1078864644062
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.8048726852
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    weird thing that happend after i removed the flashget toolbar in HJT. Now its like invisible spaces that could be checked.
     

    Attached Files:

  7. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    You may have to unlock the toolbar to change it. And you probably have to fix these too.

    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

    Oops, just fix anything related to flashget.







    EDIT: He just told me he wants to keep that......going to restore backup ;)
     
  9. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    here is the screenshot of the site im forwared to.
     

    Attached Files:

  10. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,873
    First Name:
    James
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=200.198.83.83:8080;gopher=200.198.83.83:8080;http=200.198.83.83:8080;https=200.198.83.83:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ftp://*
    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
     
  11. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=200.198.83.83:8080;gopher=200.198.83.83:8080;http=200.198.83.83:8080;https=200.198.83.83:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ftp://*

    i made that, its my proxie

    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

    i use flashget? should i delete anyways?..


    PS the problem seems to have been fixed with the latest Avant broweser build which i just downloaded.
     
  12. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,873
    First Name:
    James
    :confused: then what's the problem again?? I'm :confused:
     
  13. Cris_Cr0ss

    Cris_Cr0ss Thread Starter

    Joined:
    Jan 30, 2004
    Messages:
    820
    Well everytime i open this site, after not a few seconds i am automatically sent to another one using Avant Browser now this never happend before and it works fine with IE so i dunno. Yes i have the latest security updates/ iv'e run spybot and search and destroy clean as usual, I also have run NOD-32 anti-virus scan and its all clean. here is a screen shot of the stupd re-direction


    This site refers to Techguy Forums. But with the new avant update it got fixed i guess, minor bug?
     
  14. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,873
    First Name:
    James
    Try uninstalling and reinstalling Avant Browser. The newest version is v9.02.021.
    I assume the other program is Netscape. If you have Avant and IE, there's no need for Netscape. Personally I hate Netscape...
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222468

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice