I.E. occasional freezes; certain sites fail to load partially or fully

Status
Not open for further replies.

lochieg

Posts: 14   +0
Hey everyone...obviously a first timer here: I just did all the required steps (hopefully), but problem hasn't been rectified (but some malware did show up that I wasn't aware of, so thanks for that!). Here is the first symptom of the problem: When attempting to view videos on sites such as youtube or just trailers, the video often stops loading, and freezes the website. After not being abke to click on anything on the page, I end up having to close the page, which in turn closes any other pages I have open at the time.

Here is the second symptom: Certain sites, such as wikipedia.org don't open at all. It simply goes to the address, and says "done" on the bottom display bar thing. Other sites only load partially, and end up having maybe the title only. I've attached my HJT log and my ewido report, so hopefully some help will come from you guys...if there's anything I haven't done that I should have, just tell me to do it. Thanks heaps!
 
Hello and welcome to Techspot.

Your version of HJT is out of date. The current version is 1.99.1

Go to the link fastco has given you and follow all the instructions exactly.

Then, post a fresh HJT log into this thread.

Regards Howard :wave: :wave:
 
Apologies for the out-of-date version.

I followed the instructions as best I could, given that some of the sites for the downloads are some of the very sites that don't load! I used Adaware, Ewido, Hijack This, Look2me Destroyer, SmitFraudFix, Spybot Search and Destroy and Trend Micro Office Scan. In the way of antivirus software, I have had Trend Micro Office Scan for a year or two and Spybot for about 6 months (if they count).

I don't believe I have a firewall (is there a way I can find that out?), and I don't know what a service pack 2 is, but I doubt I have it. As for Firefox, I will definately be using it once this has been solved!
 
Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

CGD218.EXE
go.exe
srv32.exe

Close task manager.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

srv32

close the services window.


Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\dxtpdx.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

Fix all 016-DPF entries.

O17 - HKLM\System\CCS\Services\Tcpip\..\{747AD58C-A1A9-4296-9AC6-CBE48EBBF75D}: Domain = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{747AD58C-A1A9-4296-9AC6-CBE48EBBF75D}: NameServer = 10.0.0.138

Only fix the above 017 entries, if they don`t belong to your ISP.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: dxtpdx - C:\WINDOWS\SYSTEM32\dxtpdx.dll

O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to input into killbox.

C:\WINDOWS\TEMP\CGD218.EXE

C:\WINDOWS\system32\srv32.exe

C:\WINDOWS\SYSTEM32\dxtpdx.dll

Once your system has rebooted, turn system restore back on and post a fresh HJT log.

Regards Howard :)
 
Thanks Howard, I went through those steps, except the "regsvr32 /u C:\WINDOWS\SYSTEM32\dxtpdx.dll" wouldn't run. Even with the spacing and stuff it said it couldn't find it.

Also,
"C:\WINDOWS\TEMP\CGD218.EXE

C:\WINDOWS\system32\srv32.exe

C:\WINDOWS\SYSTEM32\dxtpdx.dll" - none of these could be found to delete in killbox.

I believe the 017s belong to my ISP.

Here's the latest HJT log, done upon restart. thanks a lot for the help thus far.
 
Download and run the Ccleaner programme from HERE.

The only problem in your new HJT log is this entry.

C:\WINDOWS\TEMP\NUE824.EXE

Run HJT and click on the config button, then the misc tools button. Click on delete file on reboot button and browse to the above file(if there). Click on it and click open. You will be prompted to reboot your system. click yes.

Please post a fresh HJT log.

Regards Howard :)
 
OK, it looks like a successful extermination! Ran the scan, did as you instructed and was able to visit wikipedia just now! Here's the results of the latest scan...tell me if there's any more to do, but if not thanks heaps for all your time. The people on these sorts of forums are amazing. I'm off to download Firefox.
 
Damn. Now you`ve got this nasty entry.

C:\WINDOWS\TEMP\KC154A.EXE

Obviously it keeps regenerating with a different file name.

You also have this entry that wasn`t there before.

O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing

Here`s what I want you to do.

Go and download the free AVG antivirus programme and the free Zonealarm firewall. You can get them from HERE and HERE.

Diconnect from the net and uninstall your trend officescan programme completely.

Install Zonealarm, followed by AVG and reboot your system. Reconnect to the net and run the AVG updates.

Then, go HERE and follow the instructions. This deals specifically with the 010 entry in your HJT log.

Once you`ve done that, boot into safe mode and turn system restore off, do a full system scan with AVG. Delete whatever it finds.

Reboot into normal mode and turn system restore back on. Post a fresh HJT log.

Regards Howard :)
 
Status
Not open for further replies.
Back