Help with browser

Discussion in 'adware, spyware & hijack cleaning' started by Drakton, Jun 30, 2004.

Thread Status:
Not open for further replies.
  1. Drakton

    Drakton Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    7
    Location:
    Monterrey, Mexico
    Hi...
    My problem: after a few minutes, my browser refuses to load any new pages or sites.
    Rebooting my computer fixes the problem, which happens again after a few minutes.
    Happens with IExplorer and Netscape

    I ran Spybot S&D

    Any help will be greately apreciatted


    my log:
    Logfile of HijackThis v1.97.7
    Scan saved at 8:35:51 AM, on 6/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\CONTRO~1\SIDEWI~1\STRATE~1\daemon14.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Office\Office10\OUTLOOK.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Downloads\Instaladores de Software\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tenakill.org/phpBB2/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://tenakill.org/phpBB2/index.php"); (C:\Documents and Settings\Ulises\Application Data\Mozilla\Profiles\default\8uw9q8vm.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ulises\Application Data\Mozilla\Profiles\default\8uw9q8vm.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [Daemon14] c:\CONTRO~1\SIDEWI~1\STRATE~1\daemon14.exe
    O4 - HKLM\..\Run: [HalfMoonAutoStart] C:\Program Files\Lithic\HalfMoon\halfmoon.exe -minimized
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Spy Sweeper\SpySweeper.exe /0
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
     
  2. Drakton

    Drakton Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    7
    Location:
    Monterrey, Mexico
    bumpy
     
  3. Drakton

    Drakton Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    7
    Location:
    Monterrey, Mexico
    No one is going to help me?
    (bump)
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Hi Drakton

    Download cwshredder here Close all browser windows and click on the fix/next button.

    Download Ad-aware from here: http://www.computercops.biz/downloads-file-292.html
    Install by double-clicking on the downloaded file.
    After installing but before running, update Ad-aware by using its Globe icon.
    After updating, shutdown and restart Ad-aware.
    Ad-aware is ready to scan and clean your system following these steps:

    Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    "Unload recognized processes during scanning."
    Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    "Let Windows remove files in use after reboot."
    Press "Scan Now"
    Check option "Use Custom scanning options"
    Check option "Activate In-Depth Scan"
    Press "Select drives\folders to scan"
    Select the active partition which is usually C:
    Press "Next" to let Ad-aware scan your drives...
    If it finds "bad" files and registry keys, press "Next" again
    Right-click in that pane and choose "select all"
    Press "next"
    When it asks to remove all checked items, Press "OK"
    Close Ad-aware, reboot your system and go on to Step 2 below.


    Spybot S&D
    The download for Spybot S&D is available here: http://www.computercops.biz/downloads-file-108.html

    Install by double-clicking on the downloaded file.
    Run Spybot S&D from desktop icon or Start menu.
    Press "Search for updates" button to get list of updates available.
    Press "Download updates" button.
    Close all IE windows and close & restart Spybot S&D.
    Press "Check for problems" button.
    Have SpyBot remove all it marks in red by pressing "Fix selected problems".

    Close Spybot S&D, reboot your system .

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder. It's a good idea to do that regularly.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Pls. post another log.
     
  5. Drakton

    Drakton Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    7
    Location:
    Monterrey, Mexico
    Thanks Marianna.
    Followed your instructions. Only thing I couldn't find was the %Userprofile%\Local Settings\Temp folder.

    Here's my second log

    Thanks for your help

    Logfile of HijackThis v1.97.7
    Scan saved at 12:02:34 AM, on 7/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Office\Office10\OUTLOOK.EXE
    D:\Downloads\Instaladores de Software\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tenakill.org/phpBB2/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://tenakill.org/phpBB2/index.php"); (C:\Documents and Settings\Ulises\Application Data\Mozilla\Profiles\default\8uw9q8vm.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ulises\Application Data\Mozilla\Profiles\default\8uw9q8vm.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Spy Sweeper\SpySweeper.exe /0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
     
  6. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    HI Drakton

    Is looking good - great job !

    Only some "clean-up" left :)

    Check the following items in HijackThis - close ALL browsers\windows except HIjackThis and click "Fix checked":

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    Reboot

    Then use the Disk Cleanup Utility to empty all your Temp folders.

    Problem gone?
     
  7. Drakton

    Drakton Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    7
    Location:
    Monterrey, Mexico
    Nope! Still having exactly same problem. :(
     
  8. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    This is still your problem?

    If your browser refuses to load the login page, or the online courses homepage try pressing F5 – this forces the browser to reload the pages, ignoring what is already in your computer’s memory.
     
Thread Status:
Not open for further replies.