1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser goes crazy

Discussion in 'Virus & Other Malware Removal' started by creamesoda, Jan 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    When I'm trying to visit myspace or photobucket, my browser takes me to the server cannot be found page. But only these two websites. For photobucket only when i'm uploading a photo then it fails to load. As well as forums when I post a hijack this log, it gives me the server cannot be found page. Some weird things have been going on with my computer and I have no clue what could be causing them. Help?
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, If you cannot post a hijackthis log to this forum use a floppy disk or CD, run Hijackthis on the bad one and copy the log and bring it to another good computer and send it in that way.

    Click here to download HJTsetup.exe
    • Save Hijackthis.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
      the next step can be skipped if you are on your computer, and it has Internet access that works.
    • If you are using another computer to reach the Internet, and need to run Hijackthis on one that cannot, stop here, and COPY the download you just got, to a removable disk>Floppy 1.44MB, CDROM, flash drive, whatever you have. Then, take the disk to the affected computer and COPY the download from the disk to the DESKTOP of the affected computer and run as below. To get a log, you will have to copy and paste the log back to a disk and bring it to the Internet reaching computer and copy/paste your log into a Reply.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • At the top of the Notepad HJT log screen, hit EDIT then SELECT ALL then click EDIT and then click COPY, doing that copies the text to the clipboard, you won't see it yet....
    • Open a TechSupportGuy forum Reply window for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    • At the top of your TSG/browser window, hit EDIT then PASTE
    • You should see your copied Hijackthis log appear in the reply space....then, submit the reply
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\CTsvcCDA.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Java\jre1.6.0\bin\jusched.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\WINDOWS\system32\Rundll32.exe
    D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\Picasa2\PicasaMediaDetector.exe
    D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\WINDOWS\System32\alg.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\AIM6\aim6.exe
    D:\Program Files\AIM6\aolsoftware.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169954045484
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139173540234
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Don't see anything in the log as far as malware.

    It has to be either Zone Alarm or possibly a HOSTS file entry.

    I don't use ZA, but in the settings for Alerts or Events Blocked, you may see something about those two sites you get the page error with. That's about all I can tell far as ZA goes.

    For the HOSTS> you can replace your HOSTS file using Hoster.

    http://www.funkytoad.com/download/hoster.zip


    Save it to a new folder on your desktop > open the new folder and unzip the file hoster.zip > run Hoster.exe > (if your host file is marked as "read only", click the button "Make Hosts Writable") > click the "Restore Original Hosts" button > press OK to restore the original Hosts file > click OK > close The Hoster.

    Get temp files cleaned up>

    Download ATFCleaner by Atribune & save it to your desktop. DO NOT use it yet. We will use it in Safe Mode, later
    As you probably know, deleting Cookies can result in you having to type in your username and passwords at ALL sites that use logins, like this site does, so if you willy nilly delete cookies, which is safe enough to do, you will have to re-establish these cookies and login the first time you visit any site like that.
    ATF Cleaner has a way to save those cookies you would like to keep but it will require some time. If you DO KNOW or have saved all your Passwords and login usernames you can delete all cookies.

    * Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu"
    Use your arrow keys to move to "Safe Mode" and press your Enter key.

    Next, start up ATFCleaner:

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    Restart the computer.



    Don't know if you are using that computer online, but if you are:

    For a good way to scan for malware, do one of these scans:

    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Or this one: Kaspersky

    • Please go HERE and click Kaspersky Online Scanner
    • Read and Accept the Agreement
    • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • If you see a Windows dialog asking if you want to install this software, click the Install button.
    • The program will launch and then begin downloading the latest definition files,
    • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
    • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
    • Under "Please select a target to scan:", click My Computer to start the scan.
    • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
    • Copy and Paste the contents of the on line scanner results into a Reply here in your thread, along with a new HJT log and log from any other scans you run.
     
  5. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    Alright. It seems like kaspersky doesn't like me. I'm getting the cannot be found page for that. Panda is scanning as I post and should I restart my computer after running HOSTER?
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I would say it is optional, the changes are on the spot, but it would not hurt anything to restart.

    I just used the same link to Kaspersky, so I know it's working...

    something may be blocking it, but usually if you can get Panda up and working most all scan sites will....so I am at a loss.

    One way or the other, we will nab the culprit.
     
  7. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    Yeah it's some type of 3rd party program that is somehow interfering with my internet and browser. But here are the results from panda.

    A
    Incident Status Location

    Potentially unwanted tool:Application/Restart Not disinfected D:\WINDOWS\SYSTEM32\Tools\Restart.exe
    Virus:Eicar.Mod Not disinfected D:\Program Files\StompSoft\Spyware X-terminator\Help.chm[/HowCanITestDetection.html]
    Adware:Adware/SaveNow Not disinfected D:\Program Files\DAEMON Tools\SetupDTSB.exe
    Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][1].txt
    Spyware:Cookie/did-it Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][2].txt
    Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][1].txt
    Spyware:Cookie/PointRoll Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][2].txt
    Spyware:Cookie/cs.sexcounter Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Application Data\Mozilla\Firefox\Profiles\q51z7tqr.default\COOKIES.TXT[.atwola.com/]
    Spyware:Cookie/Zedo Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Application Data\Mozilla\Firefox\Profiles\q51z7tqr.default\COOKIES.TXT[.zedo.com/]
    Spyware:Cookie/YieldManager Not disinfected D:\Documents and Settings\David Baker.SJDCHS-44494C28\Application Data\Mozilla\Firefox\Profiles\q51z7tqr.default\COOKIES.TXT[ ad.yieldmanager.com/]
    Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\r1ye3b6v.default\COOKIES.TXT[.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Creamesoda\Application Data\Mozilla\Firefox\Profiles\qjnjkwgs.default\COOKIES.TXT[.2o7.net/]
    Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Creamesoda\Application Data\Mozilla\Firefox\Profiles\qjnjkwgs.default\COOKIES.TXT[.atwola.com/]
    Spyware:Cookie/Tribalfusion Not disinfected D:\Documents and Settings\Creamesoda\Application Data\Mozilla\Firefox\Profiles\qjnjkwgs.default\COOKIES.TXT[.tribalfusion.com/]

    Sorry about the cramming
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Looks like DAEMON Tools has brought some ad-ware things in, such as Save Now- check in Add/Remove Programs uninstall Save or Save Now.

    Run SpyBot, update it, and run a scan. Let it fix what it finds.

    The Eicar detection is a common test file for antivirus etc programs.

    Other than that there are only Cookies found by Panda.

    Reset your web settings for Internet Explorer: Oops your HJT log has the top missing where the IE information shows....can you post a new HJT log after running SpyBot please....

    If nothing from Save Now is detected, simply delete the file and folder but> DAEMON Tools for all I know, may not work if you do that. When you install such an adware containing program, usually there is an option to not install this type of added or bundled thing.

    You may be smarter to stop using Daemon Tools, or to find a substitute version that is not bundling ad- ware.

    You still cannot get to the sites same as before? Do you get there when clicking either link below?

    http://photobucket.com/

    http://www.myspace.com/
     
  9. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    I scanned, got nothing. I deleted daemon tools and couldn't find the Save now folder. I Still can't logon to myspace. I can go to the home page for myspace but just cannot log on. For photobucket, I can logon but I just can't upload photos.
     
  10. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, One last thing to try:

    Open Hijack This and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.

    Post a new HJT also.
     
  11. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    Active GIF Creator 2.22
    Ad-Aware SE Personal
    Adobe Common File Installer
    Adobe Flash Player 9 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 7.0.8
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    AIM 6.0
    AIM Gadgets 2.8
    AMX Mod X Installer 1.76c
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    ATI HydraVision
    AtomicTime
    AV Voice Changer Software DIAMOND 5.0
    AVG Free Edition
    Azureus
    CleanUp!
    Creative System Information
    dBpowerAMP Music Converter
    Deus Ex - Game of the Year (remove only)
    Deus Ex - Invisible War (remove only)
    Device Control
    DivX
    DivX Player
    Doom 3
    Final Fantasy VII - Ultima Edition
    Final Fantasy VII XP Patch
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Web Accelerator
    Half-Life(R) 2
    Hamachi 1.0.1.3
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    iPod for Windows 2006-01-10
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) SE Development Kit 6
    Java(TM) SE Runtime Environment 6
    LimeWire PRO 4.12.6
    Logitech Desktop Messenger
    Logitech MouseWare 9.79
    Macromedia Extension Manager
    Macromedia Flash 8 Video Encoder
    Macromedia Flash Player 8
    Macromedia Flash Player 8 Plugin
    MagicDisc 2.5.46
    Metal Gear Solid
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Malware Protection Engine Files
    Microsoft Malware Protection On Access Scanner
    Microsoft National Language Support Downlevel APIs
    Microsoft Protection Service
    Microsoft Speech SDK 5.1
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
    Microsoft Word 2002
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0
    Microsoft Works Suite Add-in for Microsoft Word
    mIRC
    mobile PhoneTools
    Mortal Kombat Trilogy
    Motorola Phone Tools
    Mozilla Firefox (2.0.0.1)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 Parser and SDK
    Natural Selection 3.1
    NVIDIA Drivers
    Opera 9.10
    Panda ActiveScan
    Picasa 2
    Project64 1.6
    PX Engine
    QuickTime
    QuickTime 3.0
    Realtek AC'97 Audio
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Silent Hill 2
    SILENT HILL 3
    Sony ACID Pro 6.0
    Sony Media Manager 2.1
    Sony Media Manager 2.2
    Sony Sound Series Loops and Samples Reference Library 2.51
    Sound Blaster Live! 24-bit
    SpeechRedist
    Spelling Dictionaries For Adobe Reader Package
    Spybot - Search & Destroy 1.4
    Starcraft
    Steam
    Unreal Gold
    Unreal Tournament G.O.T.Y. Edition
    Ventrilo Client
    VideoLAN VLC media player 0.8.2
    Viewpoint Media Player
    Winamp (remove only)
    Windows Defender Signatures
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    WinRAR archiver
    Xfire (remove only)
    Yahoo! Messenger
    ZoneAlarm

    ^Unistall list


    Logfile of HijackThis v1.99.1
    Scan saved at 5:39:28 PM, on 1/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\CTsvcCDA.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Java\jre1.6.0\bin\jusched.exe
    D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    D:\WINDOWS\system32\Rundll32.exe
    D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    D:\Program Files\Picasa2\PicasaMediaDetector.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Ventrilo\Ventrilo.exe
    D:\Program Files\AIM6\aim6.exe
    D:\Program Files\AIM6\aolsoftware.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] D:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] D:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169954045484
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139173540234
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
     
  12. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, If this is still in your next scan with Hijackthis and it has been uninstalled fix this by putting a check next to it in your HJT scan and then, close all other windows including this one and with only HJT open, click "Fix Checked"

    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    Not saying it will fix anything, this is really a strange problem...do you see anything when you open Internet Explorer>Tools at top>Internet Options>Security>Restricted Sites?

    How about in Privacy> Advanced> Make sure you check First Party=Allow 3rd Party cookies=Block and, "Always allow session cookies" and OK.
     
  13. creamesoda

    creamesoda Thread Starter

    Joined:
    Dec 11, 2004
    Messages:
    82
    yep I changed all of that. Still have the problem.
     
  14. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Have you tried Firefox browser, it does not depend on Internet Explorer, it's stand alone and very good.
    Don't see it in your Installed list- might be a good if temporary solution for you. You will like Firefox.

    http://www.mozilla.com/en-US/firefox/

    It may be the best solution.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser goes crazy
  1. bj nick
    Replies:
    0
    Views:
    789
  2. Brigham
    Replies:
    1
    Views:
    640
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/535908

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice