1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Problems

Discussion in 'Virus & Other Malware Removal' started by In4ser, Sep 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. In4ser

    In4ser Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    48
    My internet browser, Internet Explorer stops working after about 5 minutes, I don't know why. It's not my internet connection, because AIM works. Also the window dotexplore.com constantly pops up. I've tried scanning spybot, adware and Norton anti virus. each came up with files but I removed the files. Please advise me on what to do. I can correct this problem by restarting, but it continues to happen after 5 mins.
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, You need to get a Hijackthis log posted so we can see what is causing the problem. HJT can be downloaded to a good pc if you cannot stay connected long enough and it can also fit on a floppy disk so you can take it to the affected pc and copy it to a folder and run Hijackthis.exe.

    The program makes a log that you save. The logfile should open with Notepad. You can also copy the hijackthis.txt (your saved log from HJT) back onto a disk and get online somewhere and get to TSG forum, and in your thread here, copy and paste the HJT log into a blank reply.

    The latest version of SpyBot S&D is 1.3

    latest free editon of AdAware is SE personal edition 1.04

    Need to know what you have.
     
  3. quartz121984

    quartz121984

    Joined:
    Sep 6, 2004
    Messages:
    11
    go download another web browser like firefox
     
  4. In4ser

    In4ser Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    48
    Update: I've dled the new Adware and scanned and deleted 107 files. But I'm not sure if that solved the problem, btw I'm constantly getting popups, from betonsports.com and www.dotexplore.com...perhaps they may something to do with the problem.


    Thanks for your replies, I'll try downloading another browser, HijackThis can't fix the problem, plus I'm accustomed to Internet Explorer. As for Program info, I have Ad-Aware 6 Personal, build 6.181 and Spybot 1.3. I'm currently dling Ad-aware SE personal 1.04

    Here is the the log from HijackThis:
    Logfile of HijackThis v1.97.3
    Scan saved at 4:46:41 PM, on 9/14/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\System32\cvss.exe
    C:\PROGRA~1\WINDOW~1\NDW.exe
    C:\Program Files\Aws\WeatherBug\Weather.exe
    C:\Program Files\Aim95\aim.exe
    C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe
    C:\Documents and Settings\Judith Mei\Desktop\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = AT&T Internet Explorer
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\judithmei\prefs.js)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\2.BIN\S4BAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\2.BIN\S4BAR.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [kvzmyn] C:\WINDOWS\system32\kvzmyn.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [kqxwoqp] C:\WINDOWS\system32\kqxwoqp.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [NDW] C:\PROGRA~1\WINDOW~1\NDW.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\Aws\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .wma: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
    O16 - DPF: Win32 Classes -
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://wnt.cc.utexas.edu/CFIDE/classes/CFJava.cab
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B} - http://www.netbroadcaster.com/player/MovieNetworks1.exe
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.41/23272a113d554fff3f18/netzip/RdxIE.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt501/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16073da6c343a641fa05/netzip/RdxIE601.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {81361155-FAF9-11D3-B0D3-00C04F612FF1} (MSN Chat Control 3.0) - http://fdl.msn.com/public/chat/msnchat3.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38049.4991666667
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456...players/english/5.0/win/PulsePlayer5AxWin.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Control) - http://communities.msn.com/scr/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4.cab

    Thanks again for your help.
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, You have several problems! And, as you said, some that Adware cannot fix. The combination of manual fixing/deleting with HJthis and the removal tools will work, though, so please be patient. Help is on the way!
    First...please download this newer version of Hijackthis.exe> it may help show some things that the older copy cannot. You must create a new folder, the desktop itself is not a good place to run HJT from as the backups HJT will make and that you sometimes need...will be scattered all over your screen. SO> make a new folder by right clicking any empty spot on the desktop background, select New>Folder and rename it to HJT. Download the newer copy of HJthis to that folder...the path that should show in the file download box when you click to Save the new one...should then be

    C:\Documents and Settings\Judith Mei\Desktop\HJT\hijackthis.exe

    http://tools.radiosplace.com/HijackThis.exe

    You can simply delete the older copy.

    Post a new log from the newer version please! Don't start a new thread, just post the log as a reply here.
     
  6. In4ser

    In4ser Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    48
    thanks! i'll try to be patient. so how often does ad-aware update? and call i contact ad-adware to address my problem so they can fix it by with a new version?
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, This may take you some time, so do not rush, no need to fix it all tonite, I will leave it up to you...

    Also download this : This also should fit on a floppy disk in case your Internet is not working well.
    You can run this as soon as you can get it> should repair the problem with Internet.

    http://www.spychecker.com/program/winsockxpfix.html

    AdAware updates almost every day right now> were you able to update it at all? Version 1.04 is quite new, and I do not think updates will fix your problem. There are a very many malwares, hijacks, etc that spyware removal programs do not fix. Similar to virus and worm infections- there is sometimes manual work to do. You must have good advice from for example, this forum, to do these things...please do NOT attempt to use Hijackthis on your own....most of what it shows is needed and good.
    We deal with these malwares on a daily basis here!
    There will a need to send in a few more Hijack this logs after you are given steps to fix things, delete files from Windows Explorer folders, etc...
    The WinsockXPFix should help you stay connected, that's what it is made for, to repair damaged files.

    Here are the directions for a few settings and how to update it, just in case you missed something:

    You will ALSO need to have these settings made in Windows Explorer:

    And I want you to go into Add/Remove Programs and run the uninstallers for:

    Web_Rebates (or similar, WebSavingsfromRebates., etc)
    MySearchBar, or similar (not Google)

    Then start AdAware with the correct settings, try for updates, and shut off Internet Explorer....run a scan of AdAware in Safe Mode: you get to Safe Mode by tapping the F8 key, several times quickly during the first part of the startup of computer....when the menu appears, use the DownArrow key to select Safe Mode, and hit Enter key once...give it plenty of time to reach Safe Mode. Video may look funny but that is normal....Windows works just the same, only no CD drive and no Internet, which is what we want. Do not open Internet Explorer after you get to Safe Mode, just print these instructions to have handy.
    After AdAware is finished, reboot normally and run Hijackthis again and post a new log. There will be more to do!

    I have EDITED my post> please see the top of this reply about getting WinsockXPFix and using it. (y)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/273258

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice