1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser "back" and "forward" buttons not working

Discussion in 'Virus & Other Malware Removal' started by sigmachi55, Aug 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. sigmachi55

    sigmachi55 Thread Starter

    Joined:
    Aug 4, 2004
    Messages:
    4
    Ok...here's an interesting problem:
    1) Used to have problems with 680180.net popups; however, surprisingly enough, they just stopped popping up.
    2) Every time I tried to enter a website more than about one or two links in, IE would just shut down on me. I suspect that this had something to do with cookies, because it happened whenever i tried to access any webpage that needed a password or username (it even happened when i tried to view any techguy.org discussion). However, this has also suddenly gone away, enabling me to post here.

    That was a mini-history of recent problems...but here's the problem at hand:
    1) The "Back" and "Forward" buttons are permanently shaded grey, as if the current page was the first page in the history. However, when I put my mouse over the "back" button, the little yellow tag still comes up with information about the last page visited.
    2) This might be related or not, but everytime i open IE, i get redirected to a searchpage: http://ssearch.biz/?wmid=3309 This is obviously a browser hijack, but I ran Adaware and Spyboy S&D and niether helped. Also, the browser still returns to the correct homepage when i press the "home" button.

    Comp. info: Running windows XP professional version 2002 service pack 1. I dont have HT, but i will get it if you guys think that it would help. Feel free to email, but i would prefer any replies be posted here so that others can benifit. Hope you guys can help. :)
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Welcome to TSG!! :)

    Make a folder on your hard drive, like My Documents\HJT
    Download Hijackthis.
    Unzip the file to the folder on your hard drive.

    Double click on Hijackthis.exe then click on the "Scan" button, then click on "Save Log".

    Copy and paste it back here and someone will be happy to review it.

    Don't make any changes until instructed to do so.
     
  3. sigmachi55

    sigmachi55 Thread Starter

    Joined:
    Aug 4, 2004
    Messages:
    4
    Here's the log, as per the instructions:

    Logfile of HijackThis v1.98.2
    Scan saved at 5:19:56 PM, on 8/9/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\wrvazpr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\rmdmy.exe
    C:\WINDOWS\System32\XyuK7.exe
    C:\WINDOWS\System32\Cmjy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Browser Hijack Blaster\bhblaster.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <none>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [kvlhnpmymlvh] C:\WINDOWS\System32\wrvazpr.exe
    O4 - HKLM\..\Run: [2B8GAL733NG5DJ] C:\WINDOWS\System32\Xej7.exe
    O4 - HKLM\..\Run: [oF9k36R] sorl400.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lwhbrc] C:\WINDOWS\System32\lwhbrc.exe
    O4 - HKCU\..\Run: [Lkvrtoxq] C:\WINDOWS\System32\rmdmy.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
    O9 - Extra button: Microsoft® VBScript® Console - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - (no file)
    O9 - Extra 'Tools' menuitem: VBScript Terminal - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - (no file)
    O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
    O9 - Extra button: Microsoft® VBScript® Terminal - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
    O9 - Extra 'Tools' menuitem: VBScript Terminal - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
    O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
    O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.telecheck.com/tsweb/msrdp.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

    If there's any other info i can provide, please let me know.
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Go here http://www.thespykiller.co.uk/ and click on Downloads to get the peper trojan uninstaller.

    Just click on the uninst.exe and let it run. When it is finished it will just close. There will be no dialogue. Also you must be connected to the internet for the uninstaller to be effective.

    Reboot and post another log.
     
  5. sigmachi55

    sigmachi55 Thread Starter

    Joined:
    Aug 4, 2004
    Messages:
    4
    OK...ran the trojan uninst. Here's the new log:

    Logfile of HijackThis v1.98.2
    Scan saved at 2:14:53 PM, on 8/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\wrvazpr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\rmdmy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <none>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [kvlhnpmymlvh] C:\WINDOWS\System32\wrvazpr.exe
    O4 - HKLM\..\Run: [oF9k36R] sorl400.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lwhbrc] C:\WINDOWS\System32\lwhbrc.exe
    O4 - HKCU\..\Run: [Lkvrtoxq] C:\WINDOWS\System32\rmdmy.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
    O9 - Extra button: Microsoft® VBScript® Console - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - (no file)
    O9 - Extra 'Tools' menuitem: VBScript Terminal - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - (no file)
    O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
    O9 - Extra button: Microsoft® VBScript® Terminal - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
    O9 - Extra 'Tools' menuitem: VBScript Terminal - {4B71571A-BA1E-48A1-B5AC-B7C8CFF3FD17} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
    O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
    O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.telecheck.com/tsweb/msrdp.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

    Many programs (especially IE) have been taking longer to run than usual. I was wondering if that has something to do with unnecessary processes. Also, I dont believe that this iTunesdetector that i see in the last two lines is something that I use. Any advice on that?
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <none>
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [kvlhnpmymlvh] C:\WINDOWS\System32\wrvazpr.exe
    O4 - HKLM\..\Run: [oF9k36R] sorl400.exe
    O4 - HKLM\..\Run: [lwhbrc] C:\WINDOWS\System32\lwhbrc.exe
    O4 - HKCU\..\Run: [Lkvrtoxq] C:\WINDOWS\System32\rmdmy.exe

    Close all applications and browser windows before you click "fix checked".

    Restart in safe mode


    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
    Click "Apply" then "OK".

    Now empty these folders:
    C:\Documents and Settings\all profiles\local settings\temp
    c:\temp
    c:\windows\temp

    Delete these files:
    C:\WINDOWS\System32\wrvazpr.exe
    sorl400.exe
    C:\WINDOWS\System32\lwhbrc.exe
    C:\WINDOWS\System32\rmdmy.exe

    Reboot.

    Go here http://forums.techguy.org/t110854/s.html and run at least 2 of the on-line virus scanners.

    Reboot and post another log.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/258031

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice