TechSpot

Virus/Spyware problems.

By Babs1
Jun 26, 2006
  1. I am not sure I am writing in the correct forum , please let me know if I am in the wrong one. I am having trouble with Internet Explorer coming up with an error "IE is experiencing a problem and needs to shut down". This happens when I click on IE to start browsing the web. I am able to browse and I just click off the error report by just clicking "Don't Send". If I click on another web page it pops up again and I just click it off and keep on going.

    I explained this to a computer tech in a retail store and he said for me to just install Firefox because it is a better option than dealing with IE. I need to get some information on this. If I did install it would I have Outlook Express still?

    Thanks, Babs1
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, if you choose to use Firefox, which I deffinitely recommend, you can still use Outlook Express.

    However, before doing anything else, I suggest you go and read this thread HERE.

    Then, post a HJT log into this thread.

    The reason I want you to do this, is because it`s possible you have a virus/spyware problem.

    Regards Howard :)
     
  3. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Howard,
    Thank you for the reply, I did look at some posts regarding logs and it looked so complicated I thought I could get around trying it but I will try reading all of it again and see if I can do it. Than I am to put it back into my thread that I just posted -- correct?
    Babs1
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Don`t worry about it looking complicated, it really isn`t that difficult. In any case, if it turns out you have a spyware problem etc, I will point you in the right direction.

    Click on the link I gave you and once you`ve read the instructions, make a new post in this thread and attach a fresh HJT log.

    Regards Howard :)
     
  5. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Howard, Let me know if this is right. Babs1
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint\Viewpoint Manager
    Supergames

    Close control panel.

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sparkpeople.com/

    R3 - URLSearchHook: Supergames Toolbar - {CF490793-3A68-4931-9C10-A29A856D36F3} - C:\Program Files\Supergames\Toolbar\msg_toolbar.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: XBTP03710 Class - {8CC5CF9F-B05E-49a8-9540-DD8EAD0A8912} - C:\PROGRA~1\SUPERG~1\Toolbar\MSG_TO~1.DLL

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll

    O3 - Toolbar: Supergames Toolbar - {CF490793-3A68-4931-9C10-A29A856D36F3} - C:\Program Files\Supergames\Toolbar\msg_toolbar.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

    O9 - Extra button: MammaBar - {5A6372AB-9667-4199-A9F7-C2F66C0BC8E3} - C:\WINDOWS\DOWNLO~1\mammabar.dll

    Fix all 016-DPF entries. That`s any entry that starts with 016.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint Delete the whole viewpoint folder.
    C:\Program Files\Supergames Delete the whole supergames folder.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.

    You might want to copy and paste this post into a notepad file. Then you can open the notepad file and follow the instructions, while you`re in safe mode.


    Regards Howard :)
     
  7. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Log

    Should I have put this log into the Security forum instead?
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It`s ok Babs. I have moved this thread to the security and the web forum.

    You weren`t to know when you posted this thread, that you had a spyware problem, so don`t worry.

    Just carry on posting in this thread until we`ve got your system cleaned up.

    Regards Howard :)
     
  9. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Will do and than I will post reply. Babs1
     
  10. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Howard,
    I did everything listed but it would not let me delete the Viewpoint folder in c/programs. It let me delete the Supergames folder. Here is the new log.
     
  11. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Didn't upload the last post. Here it is. Babs1
     
  12. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    IE error box

    The whole time I was clicking into IE to reply to post after doing the log the IE error box was popping up. I just clicked off "Don't Send" and kept posting. I can work on the IE and surf and do my business but the box is annoying. Babs1 Would it help to post what was in the "click here for details" box in the IE error report? Babs1
     
  13. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Firefox

    Howard,
    While I was waiting I installed FireFox. Now I have a new problem. I get a message saying that I have Counterfeit Windows Software and they lead me to a page that explains how to obtain Genuine Windows Software. What does this all mean?
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: (no name) - {CF490793-3A68-4931-9C10-A29A856D36F3} - (no file)

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter.

    C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

    C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

    Once your system has rebooted, turn system restore back on.

    As to your Windows problem, do the following.

    Run HJT and click on the config button, then the backups button. Fine the following entry.

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    Tick the little box nest to the above entry and click the restore button.

    The programme will ask you if you want to restore that entry, click yes. Reboot your computer.

    Post a fresh HJT log.

    Regards Howard :)
     
  15. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Problem

    Howard, Thanks for the reply. Had to get some sleep. I fixed the Window problem by justing updating again. That did it. Yes I took out 016 tool by mistake. Didn't know.

    Know I will work on your reply. I did download the Killer but a download little box came up after downloading from that site and it says "Open -- Remove". I presume I don't touch it yet but I don't know where it went when I downloaded it. When I go back to Safe Mode how do I find it.

    And I really don't understand when I do open it what file do I type in there --- the ones you have listed? I am not very savvy at this but I am trying. I do know it is the Viewpoint file but that folder has alot in it. It is located under the c/progam on my computer.

    Thanks for your patience. Babs1
     
  16. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Killer File

    Howard,
    The R3 and the 08 were not in the log and I have know lost my Killer Download. I did a Search while in Safe Mode but it is not found. I am on another computer so I can work on the laptop. Do I go back to Normal Mode and download the Killer again and than go back to Safe Mode?

    Babs1
     
  17. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Killbox

    Howard,
    When in Safe Mode I cannot get Killbox. When in Niormal mode I can. What do I do next. Babs1
     
  18. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Found

    Howard,
    Found KillBox, did everything you said, turned back on IE to see what would happen and the "Error Box" popped up again. Tried it again and same thing. I quess I am not going to be able to get rid of it. Thanks, Babs1
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please post a fresh HJT log.

    Regards Howard :)
     
  20. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Howard,
    I will post new log . Thanks, Babs1
     
  21. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Log

    Howard,
    I made a mistake and ran the Hijackthis while in Normal mode and than I realized the mistake and ran it in safe mode. But in Normal mode I noticed that the two items you gave me from the last post: R3 and 08 where on that log. When I ran it in Safe mode they were not there. Is there anything to that? Here is the last log done in Safe mode. Babs1
     
  22. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    log

    Howard.
    I have a few logs from Hijackthis. Can I delete some of them or do I keep them all? It is getting confusing when I try to upload? I also went into the "click here" on the IE error box and it has at least 87 Modules listed and they all end in the dll. I don't know a thing about it but does it help to have that error report? It had items like: kernel32.dll, msvcrt.dll, user32.dll , GDI32.dll, shlwapi.dll, ADVAPI32.dll etc. Babs1 ---Thanks!
     
  23. piklemeup

    piklemeup TS Rookie Posts: 58

    I am requesting a better title for this thread, "firefox versus IE" is very misleading
     
  24. Babs1

    Babs1 TS Rookie Topic Starter Posts: 39

    Thread

    Well, you are right - It started out with a question about Firefox but now we are working on an IE problem. I don't know how to change thread! Babs1
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Delete all your HJT logs and scan with HJT again, in normal mode.

    Then post the HJT log as an attachment into this thread.

    I will change the thread title.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...