Browser Problems

[In4ser]

My internet browser, Internet Explorer stops working after about 5 minutes, I don't know why. It's not my internet connection, because AIM works. Also the window dotexplore.com constantly pops up. I've tried scanning spybot, adware and Norton anti virus. each came up with files but I removed the files. Please advise me on what to do. I can correct this problem by restarting, but it continues to happen after 5 mins.

 

[Byteman]

Hi, You need to get a Hijackthis log posted so we can see what is causing the problem. HJT can be downloaded to a good pc if you cannot stay connected long enough and it can also fit on a floppy disk so you can take it to the affected pc and copy it to a folder and run Hijackthis.exe.

The program makes a log that you save. The logfile should open with Notepad. You can also copy the hijackthis.txt (your saved log from HJT) back onto a disk and get online somewhere and get to TSG forum, and in your thread here, copy and paste the HJT log into a blank reply.

The latest version of SpyBot S&D is 1.3

latest free editon of AdAware is SE personal edition 1.04

Need to know what you have.

 

[quartz121984]

go download another web browser like firefox

 

[In4ser]

Update: I've dled the new Adware and scanned and deleted 107 files. But I'm not sure if that solved the problem, btw I'm constantly getting popups, from betonsports.com and www.dotexplore.com...perhaps they may something to do with the problem.


Thanks for your replies, I'll try downloading another browser, HijackThis can't fix the problem, plus I'm accustomed to Internet Explorer. As for Program info, I have Ad-Aware 6 Personal, build 6.181 and Spybot 1.3. I'm currently dling Ad-aware SE personal 1.04

Here is the the log from HijackThis:
Logfile of HijackThis v1.97.3
Scan saved at 4:46:41 PM, on 9/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\cvss.exe
C:\PROGRA~1\WINDOW~1\NDW.exe
C:\Program Files\Aws\WeatherBug\Weather.exe
C:\Program Files\Aim95\aim.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Judith Mei\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = AT&T Internet Explorer
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\judithmei\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\2.BIN\S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\2.BIN\S4BAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kvzmyn] C:\WINDOWS\system32\kvzmyn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kqxwoqp] C:\WINDOWS\system32\kqxwoqp.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [NDW] C:\PROGRA~1\WINDOW~1\NDW.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\Aws\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://wnt.cc.utexas.edu/CFIDE/classes/CFJava.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B} - http://www.netbroadcaster.com/player/MovieNetworks1.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.41/23272a113d554fff3f18/netzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt501/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16073da6c343a641fa05/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/msnchat3.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38049.4991666667
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456...players/english/5.0/win/PulsePlayer5AxWin.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Control) - http://communities.msn.com/scr/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4.cab

Thanks again for your help.

 

[Byteman]

Hi, You have several problems! And, as you said, some that Adware cannot fix. The combination of manual fixing/deleting with HJthis and the removal tools will work, though, so please be patient. Help is on the way!
First...please download this newer version of Hijackthis.exe> it may help show some things that the older copy cannot. You must create a new folder, the desktop itself is not a good place to run HJT from as the backups HJT will make and that you sometimes need...will be scattered all over your screen. SO> make a new folder by right clicking any empty spot on the desktop background, select New>Folder and rename it to HJT. Download the newer copy of HJthis to that folder...the path that should show in the file download box when you click to Save the new one...should then be

C:\Documents and Settings\Judith Mei\Desktop\HJT\hijackthis.exe

http://tools.radiosplace.com/HijackThis.exe

You can simply delete the older copy.

Post a new log from the newer version please! Don't start a new thread, just post the log as a reply here.

 

[In4ser]

thanks! i'll try to be patient. so how often does ad-aware update? and call i contact ad-adware to address my problem so they can fix it by with a new version?

 

[Byteman]

Hi, This may take you some time, so do not rush, no need to fix it all tonite, I will leave it up to you...

Also download this : This also should fit on a floppy disk in case your Internet is not working well.
You can run this as soon as you can get it> should repair the problem with Internet.

http://www.spychecker.com/program/winsockxpfix.html

AdAware updates almost every day right now> were you able to update it at all? Version 1.04 is quite new, and I do not think updates will fix your problem. There are a very many malwares, hijacks, etc that spyware removal programs do not fix. Similar to virus and worm infections- there is sometimes manual work to do. You must have good advice from for example, this forum, to do these things...please do NOT attempt to use Hijackthis on your own....most of what it shows is needed and good.
We deal with these malwares on a daily basis here!
There will a need to send in a few more Hijack this logs after you are given steps to fix things, delete files from Windows Explorer folders, etc...
The WinsockXPFix should help you stay connected, that's what it is made for, to repair damaged files.

Here are the directions for a few settings and how to update it, just in case you missed something:

Ad-Aware FULL SCAN:

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Before restart, Empty Recycle Bin.

Restart your computer.

You will ALSO need to have these settings made in Windows Explorer:

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\administrator\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

And I want you to go into Add/Remove Programs and run the uninstallers for:

Web_Rebates (or similar, WebSavingsfromRebates., etc)
MySearchBar, or similar (not Google)

Then start AdAware with the correct settings, try for updates, and shut off Internet Explorer....run a scan of AdAware in Safe Mode: you get to Safe Mode by tapping the F8 key, several times quickly during the first part of the startup of computer....when the menu appears, use the DownArrow key to select Safe Mode, and hit Enter key once...give it plenty of time to reach Safe Mode. Video may look funny but that is normal....Windows works just the same, only no CD drive and no Internet, which is what we want. Do not open Internet Explorer after you get to Safe Mode, just print these instructions to have handy.
After AdAware is finished, reboot normally and run Hijackthis again and post a new log. There will be more to do!

I have EDITED my post> please see the top of this reply about getting WinsockXPFix and using it.