Virus/Spyware problems.

[Babs1]

I am not sure I am writing in the correct forum , please let me know if I am in the wrong one. I am having trouble with Internet Explorer coming up with an error "IE is experiencing a problem and needs to shut down". This happens when I click on IE to start browsing the web. I am able to browse and I just click off the error report by just clicking "Don't Send". If I click on another web page it pops up again and I just click it off and keep on going.

I explained this to a computer tech in a retail store and he said for me to just install Firefox because it is a better option than dealing with IE. I need to get some information on this. If I did install it would I have Outlook Express still?

Thanks, Babs1

 

[howard_hopkinso]

Yes, if you choose to use Firefox, which I deffinitely recommend, you can still use Outlook Express.

However, before doing anything else, I suggest you go and read this thread HERE.

Then, post a HJT log into this thread.

The reason I want you to do this, is because it`s possible you have a virus/spyware problem.

Regards Howard

 

[Babs1]

log

Howard,
Thank you for the reply, I did look at some posts regarding logs and it looked so complicated I thought I could get around trying it but I will try reading all of it again and see if I can do it. Than I am to put it back into my thread that I just posted -- correct?
Babs1

 

[howard_hopkinso]

Don`t worry about it looking complicated, it really isn`t that difficult. In any case, if it turns out you have a spyware problem etc, I will point you in the right direction.

Click on the link I gave you and once you`ve read the instructions, make a new post in this thread and attach a fresh HJT log.

Regards Howard

 

[Babs1]

log

Howard, Let me know if this is right. Babs1

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint\Viewpoint Manager
Supergames

Close control panel.

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sparkpeople.com/

R3 - URLSearchHook: Supergames Toolbar - {CF490793-3A68-4931-9C10-A29A856D36F3} - C:\Program Files\Supergames\Toolbar\msg_toolbar.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: XBTP03710 Class - {8CC5CF9F-B05E-49a8-9540-DD8EAD0A8912} - C:\PROGRA~1\SUPERG~1\Toolbar\MSG_TO~1.DLL

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll

O3 - Toolbar: Supergames Toolbar - {CF490793-3A68-4931-9C10-A29A856D36F3} - C:\Program Files\Supergames\Toolbar\msg_toolbar.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

O9 - Extra button: MammaBar - {5A6372AB-9667-4199-A9F7-C2F66C0BC8E3} - C:\WINDOWS\DOWNLO~1\mammabar.dll

Fix all 016-DPF entries. That`s any entry that starts with 016.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint Delete the whole viewpoint folder.
C:\Program Files\Supergames Delete the whole supergames folder.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.

You might want to copy and paste this post into a notepad file. Then you can open the notepad file and follow the instructions, while you`re in safe mode.


Regards Howard

 

[Babs1]

Log

Should I have put this log into the Security forum instead?

 

[howard_hopkinso]

Should I have put this log into the Security forum instead?

It`s ok Babs. I have moved this thread to the security and the web forum.

You weren`t to know when you posted this thread, that you had a spyware problem, so don`t worry.

Just carry on posting in this thread until we`ve got your system cleaned up.

Regards Howard

 

[Babs1]

log

Will do and than I will post reply. Babs1

 

[Babs1]

log

Howard,
I did everything listed but it would not let me delete the Viewpoint folder in c/programs. It let me delete the Supergames folder. Here is the new log.

 

[Babs1]

log

Didn't upload the last post. Here it is. Babs1

 

[Babs1]

IE error box

The whole time I was clicking into IE to reply to post after doing the log the IE error box was popping up. I just clicked off "Don't Send" and kept posting. I can work on the IE and surf and do my business but the box is annoying. Babs1 Would it help to post what was in the "click here for details" box in the IE error report? Babs1

 

[Babs1]

Firefox

Howard,
While I was waiting I installed FireFox. Now I have a new problem. I get a message saying that I have Counterfeit Windows Software and they lead me to a page that explains how to obtain Genuine Windows Software. What does this all mean?

 

[howard_hopkinso]

Download the Pocket killbox programme from HERE. Extract it, but don`t run it yet.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: (no name) - {CF490793-3A68-4931-9C10-A29A856D36F3} - (no file)

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter.

C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

Once your system has rebooted, turn system restore back on.

As to your Windows problem, do the following.

Run HJT and click on the config button, then the backups button. Fine the following entry.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

Tick the little box nest to the above entry and click the restore button.

The programme will ask you if you want to restore that entry, click yes. Reboot your computer.

Post a fresh HJT log.

Regards Howard

 

[Babs1]

Problem

Howard, Thanks for the reply. Had to get some sleep. I fixed the Window problem by justing updating again. That did it. Yes I took out 016 tool by mistake. Didn't know.

Know I will work on your reply. I did download the Killer but a download little box came up after downloading from that site and it says "Open -- Remove". I presume I don't touch it yet but I don't know where it went when I downloaded it. When I go back to Safe Mode how do I find it.

And I really don't understand when I do open it what file do I type in there --- the ones you have listed? I am not very savvy at this but I am trying. I do know it is the Viewpoint file but that folder has alot in it. It is located under the c/progam on my computer.

Thanks for your patience. Babs1

 

[Babs1]

Killer File

Howard,
The R3 and the 08 were not in the log and I have know lost my Killer Download. I did a Search while in Safe Mode but it is not found. I am on another computer so I can work on the laptop. Do I go back to Normal Mode and download the Killer again and than go back to Safe Mode?

Babs1

 

[Babs1]

Killbox

Howard,
When in Safe Mode I cannot get Killbox. When in Niormal mode I can. What do I do next. Babs1

 

[Babs1]

Found

Howard,
Found KillBox, did everything you said, turned back on IE to see what would happen and the "Error Box" popped up again. Tried it again and same thing. I quess I am not going to be able to get rid of it. Thanks, Babs1

 

[howard_hopkinso]

Please post a fresh HJT log.

Regards Howard

 

[Babs1]

log

Howard,
I will post new log . Thanks, Babs1

 

[Babs1]

Log

Howard,
I made a mistake and ran the Hijackthis while in Normal mode and than I realized the mistake and ran it in safe mode. But in Normal mode I noticed that the two items you gave me from the last post: R3 and 08 where on that log. When I ran it in Safe mode they were not there. Is there anything to that? Here is the last log done in Safe mode. Babs1

 

[Babs1]

log

Howard.
I have a few logs from Hijackthis. Can I delete some of them or do I keep them all? It is getting confusing when I try to upload? I also went into the "click here" on the IE error box and it has at least 87 Modules listed and they all end in the dll. I don't know a thing about it but does it help to have that error report? It had items like: kernel32.dll, msvcrt.dll, user32.dll , GDI32.dll, shlwapi.dll, ADVAPI32.dll etc. Babs1 ---Thanks!

 

[piklemeup]

I am requesting a better title for this thread, "firefox versus IE" is very misleading

 

[Babs1]

Thread

Well, you are right - It started out with a question about Firefox but now we are working on an IE problem. I don't know how to change thread! Babs1

 

[howard_hopkinso]

Delete all your HJT logs and scan with HJT again, in normal mode.

Then post the HJT log as an attachment into this thread.

I will change the thread title.

Regards Howard