1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

browser is not responding

Discussion in 'Virus & Other Malware Removal' started by ChickaD, Oct 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. ChickaD

    ChickaD Thread Starter

    Joined:
    Apr 11, 2003
    Messages:
    98


    I have the same trouble as Trevor. In my case, a box appears and says that the browser is not responding. Also, in the top bar of the browser, it will say (Not Responding). I usually have trouble when I have been playing Pogo games but it crashes when I am doing other things also. I just checked my folder and there is almost 75 mb in the Temp file. How do I get Windows to 'clean house' when it starts up? Is there a setting I need to change?

    I have been using Spybot S&D for several months. I have seen more than one instance where you have recommended running AdAware first, then Spybot S&D. Is that because there are some things that Spybot will miss? Why is there a need to use both applications?




    Also, I ran Hijack last night, so I will include that so you can see if there are any conflicts. Thank you for your help!


    StartupList report, 10/13/2003, 9:14:09 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Dianne\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~2\VCOM\SystemSuite\MXTask.exe
    D:\PROGRA~2\VCOM\SystemSuite\mxtask.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\RAMpage\RAMpage.exe
    D:\Program Files\TDS Accelerator\tds_accel.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Netscape\Program\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dianne\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    TDS Accelerator.lnk = D:\Program Files\TDS Accelerator\tds_accel.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    RAMpage = "D:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="D:\Program Files\RAMpage\RAMpageConfig.exe"
    DeadAIM = rundll32.exe "D:\Netscape\Program\AIM\\DeadAIM.ocm",ExportedCheckODLs
    RCScheduleCheck = D:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
    Fix-It AV = D:\PROGRA~2\VCOM\SystemSuite\MemCheck.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - D:\Program Files\TDS Accelerator\PBHelper.dll - {4115122B-85FF-4DD3-9515-F075BEDE5EB5}
    (no name) - D:\PROGRA~2\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

    --------------------------------------------------

    Enumerating Download Program Files:

    [{000209FF-2F37-382E-5E7A-6D7A31154E46}]
    CODEBASE = http://updates.tds.net/accelerator/TDS_Installer.exe

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37394.6943171296

    [{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]

    [{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab

    [Hotmail Attachments Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
    CODEBASE = http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #14: D:\PROGRA~2\TDS Accelerator\sliplsp.dll
    Protocol #15: D:\PROGRA~2\TDS Accelerator\sliplsp.dll
    Protocol #16: D:\PROGRA~2\TDS Accelerator\sliplsp.dll
    Protocol #30: D:\PROGRA~2\TDS Accelerator\sliplsp.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 4,850 bytes
    Report generated in 0.571 seconds
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    chickad
    you have posted a start up list and we need to see a hijackthis log

    also I am asking a moderator to split your post off into it's own thread
     
  3. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    "Why is there a need to use both applications?" :confused:

    Both applications have the same objective in mind, but they approach the problem in two very different ways. One could argue that, in fact, SpyBot doesn't "find" anything since it hasn't any scanning logic. SB looks to see if the key "xyz" exists ... if yes, it puts it into the "detected" list. Ad-Aware builds dynamic (black)lists of keys to catch, also their references, and scans the references files, etc. So, the two applications aren't really comparable IMO, hence the reason you see many people here suggest you run both.

    SB searches for files that it knows to be spyware. If the spyware file isn't in the database, it will just slip right on through.

    Ad-Aware works in a manner similar to an anti-virus program. Each piece of spyware is written with certain "characteristics". Ad-Aware (when configured for a thorough custom scan) looks for these characteristics in every file within your computer, as well as the registry. This is a very thorough and complete way to look for spyware.

    You can see why it is imperative that you always search for updates before you use either program, and also reboot in-between using them.

    For help with Ad-Aware, please read this link: http://forums.techguy.org/t164245/s.html

    Once you are cleaned up, you might want to visit http://www.wilderssecurity.net/index.html and download the following:

    SpywareBlaster v2.6.1
    SpywareGuard v2.2

    These will prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection.

    Lastly, consider installing IE-SPYAD, a registry file that adds a long list of sites to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm
     
  4. ChickaD

    ChickaD Thread Starter

    Joined:
    Apr 11, 2003
    Messages:
    98
    Winchester, thank you for the above explanation concerning the two programs...I will check into what you have suggested and see what shows up.

    Ooops...sorry 'bout the startup list instead of the hijack scan! I will be looking forward to what you can tell about what I have going on from the scan! Thanks!

    ChickaD




    Logfile of HijackThis v1.97.3
    Scan saved at 10:54:11 AM, on 10/14/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~2\VCOM\SystemSuite\MXTask.exe
    C:\WINDOWS\Explorer.EXE
    D:\PROGRA~2\VCOM\SystemSuite\mxtask.exe
    D:\Program Files\RAMpage\RAMpage.exe
    D:\Program Files\TDS Accelerator\tds_accel.exe
    D:\Netscape\Program\AIM\aim.exe
    D:\Program Files\MailWasher Pro\MailWasher.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dianne\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 127.98.9.3 mail.tds.net.b9.b9
    O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\TDS Accelerator\PBHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [RAMpage] "D:\Program Files\RAMpage\RAMpage.exe" M=28 T=4 P="D:\Program Files\RAMpage\RAMpageConfig.exe"
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Netscape\Program\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [RCScheduleCheck] D:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
    O4 - HKLM\..\Run: [Fix-It AV] D:\PROGRA~2\VCOM\SystemSuite\MemCheck.exe
    O4 - Global Startup: TDS Accelerator.lnk = D:\Program Files\TDS Accelerator\tds_accel.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Show All Original Images - res://D:\Program Files\TDS Accelerator\tds_accel.exe/250
    O8 - Extra context menu item: Show Original Image - res://D:\Program Files\TDS Accelerator\tds_accel.exe/227
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: d:\progra~2\tds accelerator\sliplsp.dll
    O10 - Unknown file in Winsock LSP: d:\progra~2\tds accelerator\sliplsp.dll
    O10 - Unknown file in Winsock LSP: d:\progra~2\tds accelerator\sliplsp.dll
    O10 - Unknown file in Winsock LSP: d:\progra~2\tds accelerator\sliplsp.dll
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo.com - http://temp40.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Spades by pogo.com - http://spades01.pogo.com/applet/spades/spades-ob-assets.cab
    O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: {000209FF-2F37-382E-5E7A-6D7A31154E46} - http://updates.tds.net/accelerator/TDS_Installer.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37394.6943171296
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E967A2F5-EBCF-48ED-99D1-FF2B4BE2CC28}: NameServer = 204.246.1.20 204.70.128.1
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    I can't see anything particularly bad, but have no idea what tds accellerator is, I assume something to do with your ISP and getting on the net.

    The only thing I can see that MIGHT be part of the problem is D:\Program Files\RAMpage\RAMpage.exe

    which is a ram helper/manager

    XP works better without ram managers and often these applications have the opposite effect of what is intended, slow down the system and cause instability. XP manages ram in a totally different way to the old 9x systems and to xp any empty ram is wasted ram, as much ram as possible should be in use at any time, If ram is artificially forced to be empty then the application or program will be running from the paging file on your hard disc, which is hundreds of times slower than ram and Xp is forced to page bits in & out of the available ram & into & out of the hard disc. All this slows the system and makes for errors
     
  6. ChickaD

    ChickaD Thread Starter

    Joined:
    Apr 11, 2003
    Messages:
    98
    Thank you for your time and help. TDS Accellerator is a program offered by my isp to hopefully boost my modem--I am on a trial use of it to see if it will help. So it should be okay, since the provider installs and backs it. I have been told that with dialup modem, the best way I can help my speed as far as connection is to switch from XP back to 98. Since i live in a rural area, I am open to any suggestions as to how to improve dialup.

    I just disabled RamPage...thank you for the information regarding how XP handles memory. My browser crashes did not begin after I started using the ram application, but I sure appreciate learning about XP and ram. I think I have other issues concerning my computer. For one, when someone installed XP for me, he then informed me my video card is inadequate. I realize that is another whole thread that I need to start in Hardware. I have suspected some of the crashes might be due to that...Thank you for addressing what should be covered here. But I did think I should mention the video card.

    Please be sure to tell me about what to do about the Temp files...75 mb sounds like a lot to have in a Temp file to me. If Windows is suppose to be getting rid of that at shutdown, how do I check to see why it is not doing that? Uhoh...I think I belong in yet another area of the forum...sighhhhhhhh!

    Thanks for all your help and suggestions!
     
  7. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171903

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice