5 replies to this topic

[lilcesar]

Everytime I go to certain websites I go so far and then IE closes on me. Example: I go into the UPS website, try to track a package. I enter the tracking number, check the "Agree to terms" box and then I click on track (or hit enter) and IE just closes on me. Any ideas on how to fix or what could be causing it?

[Micah_6:8]

Greetings and welcome to TomCoyote.com!!

I noticed you posted this log:

http://forums.tomcoy...topic=13239&hl=

And no one replied.

I see a lot of things in there that shouldn't be. If they are still there, they're probably responsible for your problems.

Please post a new log file for examination.

Even if the log file in the post above isn't from the machine you're having problems with, a CURRENT log file would be a good place to start.

Edited by Micah_6:8, 05 August 2004 - 10:34 AM.

[lilcesar]

Thanks for the info, I greatly appreciate any help you can give. The post actually is from the computer that is giving me the problems. Here is the most current log:

Logfile of HijackThis v1.98.0
Scan saved at 7:26:51 AM, on 8/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\System32\NILaunch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\wdskctl.exe
C:\WINNT\goidr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Infotriever\Agent\infoclient.exe
C:\Documents and Settings\rreyes\Desktop\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: SDWin32 Class - {3522F2E2-29E4-4AC0-8810-9CEE34B30FC2} - C:\WINNT\system32\qeszu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - HKLM\..\Run: [goidr] C:\WINNT\goidr.exe
O4 - HKLM\..\Run: [qeszuc] C:\WINNT\system32\qeszuc.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [goidr] C:\WINNT\goidr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Infotriever.lnk = C:\Program Files\Infotriever\Agent\infoclient.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...w.jhtml?photo=6
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) - http://a248.g.akamai...g2/download.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.info...in/ifhelper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE6.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...ron/install.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - AppInit_DLLs: NVDESK32.DLL

This problem is really killing me, thanks in advance for any help you can provide.

[Micah_6:8]

Well... Let's start off with a fresh run of Spybot and Adaware.

I see you already have them installed. Please run them one more time each with the following instructions:

download and run Spybot-Search&Destroy and Ad-Aware; they are the standard programs for finding and cleaning malware off your system.  Here are links to both programs, and instructions for their use.

Get Spybot - Search & Destroy from http://security.kolla.de  (This is the NEW Version 1.3)
Get AdAware 6 from http://www.lavasoft....upport/download

Download and install these programs in their own PERMANENT folders if you don't already have them. If you do have them, make sure they are UPDATED AND CONFIGURED AS DESCRIBED.

To run Spybot S&D:

After installing first press "Online", click on "Search for Updates", then select all updates.  Beside the download button is a little down-pointed arrow, which gives you a choice of several download sites; select one of the servers listed (the Australian server usually works well).  Now, press "Download Updates." If that site doesn't work or you get an error message, try a different server.

When the updates are finished, close your browser and ALL WINDOWS EXCEPT THE ONE SPYBOT IS RUNNING IN, then press 'Check for Problems'; THE SCAN WILL TAKE SEVERAL MINUTES.  Have SpyBot remove all it finds THAT ARE MARKED IN RED.  When it's finished, REBOOT your system.

Get AdAware 6 from http://www.lavasoft....upport/download

Then, Run ADAWARE:

Before you scan with AdAware, ALWAYS check for updates of the reference file by using the "webupdate" button at the lower right of the panel. Updates for this program come out frequently to keep up with new malware.  THIS IS CRITICAL; updating is as important as installing these programs.

Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......
click "Use custom scanning options>Customize" and have these options ON: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........
go to settings(the gear icon on top of AdAware)>Tweak>Scanning engine and click "Unload recognized processes during scanning" ...........then........"Cleaning engine" and  "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.
To scan, click NEXT.  This scan will also take several minutes.

When the scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press "next" and then say YES to the prompt, "do you want to remove all these entries?"  Reboot again. 

I don't see an virii or trojans in the log, but a good virus scan or two (or 3) is worth it's weight in gold. Virii and trojans don't always show up in a log file.

Please try these free online virus scans of your system:

Trend-Micro:
http://housecall.tre.../start_corp.asp

Panda:
http://www.pandasoft...com/activescan/

Etrust:
http://www3.ca.com/s...sinfo/scan.aspx

Choose fix or clean.

Let them remove any infections found. Reboot inbetween each scan.

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
MOVE HijackThis into this folder, and off the desktop.

If required a tutorial is here = Hijackthis Folder Tutorial

When finished, reboot, run Hijack This! again and fix any of these that are still present in the log:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll

O2 - BHO: SDWin32 Class - {3522F2E2-29E4-4AC0-8810-9CEE34B30FC2} - C:\WINNT\system32\qeszu.dll

O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

O4 - HKLM\..\Run: [goidr] C:\WINNT\goidr.exe

O4 - HKLM\..\Run: [qeszuc] C:\WINNT\system32\qeszuc.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [goidr] C:\WINNT\goidr.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...w.jhtml?photo=6

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE6.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...ron/install.cab

Reboot in "safe" mode. Use the link in my signature to tell you how if necessary.

Find and delete:

C:\WINNT\wdskctl.exe <--- file

C:\WINNT\goidr.exe <--- file

C:\WINNT\mxTarget.dll <--- file

C:\WINNT\system32\qeszu.dll <--- file

C:\WINNT\system32\qeszuc.exe <--- file

C:\Program Files\TV Media <--- FOLDER

Some malware files may be "hidden". Use the link in my signature to explain how to show "hidden" files if necessary.

Reboot in normal mode and post a new log file.

[lilcesar]

Thanks again for the help, the computer seems to be working fine now, the process you posted worked great.

[Micah_6:8]

Could you please post another log so we can be sure everything is taken care of, and then we can close this thread?