Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Recently, my computer has been acting up. One of the major things that really are annoying is that very often, when a popup comes in a browser window, Internet Explorer stops responding and must be closed. The system resources are not low. Some sites cannot be accessed since the same popup comes every time and causes IE to crash. Is there a setting I should check to correct this?
Thanks
First download update and run Spybot-S&D
If Spybot doesn't cure it, Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
0 
Yep. the latest attacks appear to be browser/website related. It's called Hijacking. HTML code sent to your computer attacks your antivirus program, alters your registry so it keeps coming back, and takes over your browser.
This happened to my son's computer. even an administrator logon was blocked from everything. your only option is to slit it's throat and run spybot and hijack this upon re-entry.
0
I ran S&D, supposedly fixed some stuff, and just downloaded and ran HijackThis.
Could there be any info in the log file that I would not want to post in a public forum such as this one?
thanks,
yuds
0
No, There is nothing shown in the log that would jepordize you security. 99% of what is listed is in every Windows system.
If by chance it would show your name, just edit it out.
0
Logfile of HijackThis v1.95.1
Scan saved at 2:37:47 AM, on 7/27/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\USB CARD READER DRIVER\DISK_MONITOR.exe
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\NOTEPAD.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.viplolita.com/home/search.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ameritech.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.viplolita.com/home/index.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sureseeker.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=www.ameritech.net:80;gopher=www.ameritech.net:80;http=www.ameritech.net:80;https=www.ameritech.net:80
F0 - system.ini: Shell=
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {08351226-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE026.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\\USB Card Reader Driver\Disk_Monitor.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: SideStep (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24b22176d8d59870cb21/netzip/RdxIE6.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37589.5659490741
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab
O16 - DPF: {A049D507-FC03-4F01-88AC-4E919BBE2E9F} (X3DOCXPlugin Class) - http://www.x3dworld.com/Entertainment/chessMVM/video/X3DPlayerD8.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) - http://kotelcam.virtualjerusalem.com/wg_webeye.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) - http://download.sidestep.com/get/k42037/sb026.cab
0
Run HT again and check the following items. Next, close all browser Windows, and have HT fix all checked.
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.viplolita.com/home/search.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.viplolita.com/home/index.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sureseeker.com/search.htm
F0 - system.ini: Shell=If you didn't intentionally install SideStep, uninstall it via Add/Remove programs. It was classified as spyware at one time. http://www.doxdesk.com/parasite/SideStep.html
This entry is also suspicious:
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
Locate realtime.exe and right click on it and choose properties. Does it give you any indication of what it belongs to?
0
I did all the above, but IE still closes down [and asks if I wish to send an error report] very frequently- and on certain websites especially... such as Yahoo and other regularly visited sites. Yesterday I was trying to print out something on Crateandbarrel.com and b4 anything printed, IE closed down asking if I wanted to send an error report. Even if I said yes to sending an error report, i was told that i must connect to the internet first- and my SBC Yahoo DSL connection was fine. I just keep having to open an IE window and try again.
0
well, Hijack this, and SpyBot didn't fix the problem. there is an obvious contention between IE and Win98.
This would be a good time to back up anything you want to keep. Skip the applications, just pix, docs etc. You do not want to ghost the thing because that will preserve the problem.
first the hardware. have you tried some hard disk diagnostics? How about running Memtest86 to check the CPU and RAM
All clear?, next the software.If you're using an earlier version of IE you could upgrade it to Ver6. If you're already there the next thing to do is lay a fresh copy of the OS down without reformatting the hard drive.
As a last straw, reformat and reinstall the OS and any applications you use.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
