• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Agent Orange

Browser Not Working

10 posts in this topic

Hi there,

 

I'm so glad there is a forum like this to help people out. I'm writing on behalf of my dad who is a computer newbie so when he has troubles I try my best to help him out. I'm now stuck. I've run Spybot and Adaware and SW Shredder but nothing seems to be working. Whenever he tries to get onto Internet Explorer his browser doesn't load up a page even though his connection is fine. When I reboot the computer, Explorer works for maybe one or two page views and then it gives him an error page. I think it's hijacked and managed to run hijack this. I've posted the log below. Any help is very much appreciated as we're both at a loss.

Thanks,

 

Chris

 

Logfile of HijackThis v1.97.7

Scan saved at 12:17:56 PM, on 5/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\s3hotkey.exe

C:\WINDOWS\System32\S3Tray2.exe

C:\WINDOWS\System32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\System32\TFNF5.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Corel\Suite8\Programs\DAD8.EXE

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\John Orange\Local Settings\Temporary Internet Files\Content.IE5\4TE7MTO5\HijackThis[1].exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.rogers.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hispeed.rogers.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - C:\Program Files\Rogers Hi-Speed Internet\RHSI Toolbar\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3Hotkey] s3hotkey.exe

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\simcss\simcss.exe

O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers Hi-Speed Internet\RHSI SelfHealing\SHS.exe" /background

O4 - HKLM\..\RunOnce: [Register OCX] regsvr32.exe /s msdxm.ocx

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.com

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

Share this post


Link to post
Share on other sites

Hello Agent Orange!

I apologize for the delay in getting to your request. I have reviewed your log and have discovered a few things that we need to fix.

 

You may wish to print out a copy of these instructions to follow while you complete this procedure.

 

icon11.gif The most serious issue that you have is a variant of the MagicControl Downloader Trojan. You can get more info on this from http://www.doxdesk.com/parasite/MagicControl.html

 

The first step is to run HijackThis. It looks like you ran HijackThis from a temporary location. Please Click Here to download HijackThis. Extract the zip file into a folder of it's own. I suggest using C:\HJT or something similar. Using a permanant folder will keep the backup files that HijackThis creates safely in the program folder so they are easy to find in the event they are needed later. Also ensure that all application and browser windows are closed during this process.

 

Click on the Scan button

Put a check beside the following line(s)

  • O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\simcss\simcss.exe

QuickTime and OSA.EXE are considered optional fixes but I recommend that you fix them. They are resource hogs that can be started manually if you need them. If you want to remove them, also check the following:

  • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  • O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

I also recommend fixing PowerReg Scheduler. This is a registration reminder used by several companies. Some believe that it reports back to the company information about your computer. To remove it check the following

  • O4 - Startup: PowerReg SchedulerV2.exe

Click on the "Fix Checked" button

 

icon11.gif Now Reboot your PC into Safe Mode by doing the following:

  • Start Windows, or if it is running, shut Windows down, and then turn off the computer.
  • Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
  • As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

icon11.gif Delete the following folder when your PC Reboots. You may have to make sure you are set to Show Hidden Files and Folders:

 

C:\WINDOWS\simcss\

 

icon11.gif Reboot your computer normally again and reply to this topic with an updated HijackThis Log and report if your problems persist.

Share this post


Link to post
Share on other sites

Thanks and my dad thanks you. I will get him to try this out (he lives in a different city) and will report back with an updated Hijack This log. No worries about the delay as I can tell you're all swamped!! You guys rock!

Share this post


Link to post
Share on other sites

I'm finally back at my dad's house and have followed your instructions.

Here is my dad's new hijackthis log:

 

Logfile of HijackThis v1.98.0

Scan saved at 4:55:00 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\s3hotkey.exe

C:\WINDOWS\System32\S3Tray2.exe

C:\WINDOWS\System32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\System32\TFNF5.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Corel\Suite8\Programs\DAD8.EXE

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\QuickTime\qttask.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.rogers.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hispeed.rogers.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - C:\Program Files\Rogers Hi-Speed Internet\RHSI Toolbar\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3Hotkey] s3hotkey.exe

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers Hi-Speed Internet\RHSI SelfHealing\SHS.exe" /background

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.com

O16 - DPF: {237F3A38-E718-4FE3-AB18-BCF0AF75B34A} (DownloadScanEngine.ctlDSE300663) - http://downloads.rogershelp.com/updates.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

 

Please let me know if there is anything else I should be removing at this point. I think the browser is working better now but I'll need to reboot a few times and test it to be sure. Thanks again for all your help.

Share this post


Link to post
Share on other sites

BUMP

The browser is still not working and we get "Page not Found" most of the time. Could it be a problem on the ISP's end??!! Any help is appreciated.

 

Thanks!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0