Now before you all go "OMG NOOB USE MOZILLA", I do use Mozilla. However, I also use I.E. for some things such as hotmail (it opens automatically in IE, so I run with it) and I'd like to figure out the problem.... but more importantly how to fix it.

I should probably mention that the power went out unexpectedly twice last night, and some of these problems have popped up since then (at no coincidence I'm sure).


My problems are as follows:


1) The explorer freezes randomly sometimes, and I have to CtrlAltDel it to get it to go away now. I've only noticed this trying to use hotmail so far.

2) Every time I open IE from it's icon on the toolbar or start menu, I get what I guess is a pop up page that sticks at the bottom of the screen like a toolbar. It does not appear on the process list, and is not a separate window, so I'm thinking maybe the .exe got replaced with "their version"?

3) Pop ups appear all the time, even when I'm not browsing.




The things I've tried:

1) I've located and removed any process that I don't recognize as open or a system process, delete the file (if I can), and removed it from the registry. Some of them come back anyway, I dunno how that works exactly but I'm impressed at the skill the guy who wrote that bish has.

2) I've ran Adaware and quarantined/removed all files it finds, it fixed none of my problems

:(

I just fixed hotmail locking up for my brother not 3 days ago. All I did was run adaware and spybot S&D and hotmail opened up fine for him.

Run HiJackThis, post the log and I'll let you know what to do.

fyi, I use Firefox & IE (IE at home for my OWA, Windows/Office Update).

if you have the accual XP CD... you can put that in and then go to the Run prompt.. and put in /sfc scannow... and see if this fixes anything

He's getting popups, sfc won't fix that :(

Are they those network popups? He said he's getting them when not browsing. Isn't there a setting in Win2k+ to disable those random network popups?

I turned my windows firewall on and it stoped the Network popups.

You need to go buy a MAC!!! :)

Are they those network popups? He said he's getting them when not browsing. Isn't there a setting in Win2k+ to disable those random network popups?

Yes. Common "network" popups like GET YOUR DIPLOMA NOW! crap CAN be stopped. In Win2K+ just go into Services and Stop and Disable the MESSENGER service. That will stop them

I know from experience that there is also a trojan that causes them.

Do what Roo said. He ran it on mine. After a little bit of him checking and cleaning, I am virus free and pop-up free.

2) Every time I open IE from it's icon on the toolbar or start menu, I get what I guess is a pop up page that sticks at the bottom of the screen like a toolbar. It does not appear on the process list, and is not a separate window, so I'm thinking maybe the .exe got replaced with "their version"?


That one happened constantly during the virus.

ohhh... Pop-ups... lol.. thought it said his IE was crashing... lol... gawd...
i can't read sometimes..

Still waitin Mickey!

(course, maybe it's so bad he can't get back here now)

OK OK !! I'll post the logs ASAP. Those Win2k network messages were really annoying yeah, but you can disable that option (which I did as soon as I started getting them). I can see where they'd come in handy for a network administrator.

Most users have no clue what the messages really mean though - even if you spell it out.

Yeah we used to use those messages at work here, but now we just use them on our terminal servers.

Since the users tend to have no idea what any kind of message means, even if it's an email.. it doesn't really matter.

HAHA.. you are right about the email.

man... I would spell stuff out... and I'd get a user saying they never got it -- RIGHT... there it is, in the Deleted Items, UNREAD. Bastage.

Users are teh suk.

My IE explorer seems to be getting hung up on the "detect proxy settings" stage.

I ran adaware/spybot and AVG, all clean. Would running that prog and posting results do anything?

Yeah, try plugging your internet cable in. That usually fixes the problem :P

Here's the log file -



Logfile of HijackThis v1.99.0
Scan saved at 2:39:46 AM, on 12/16/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\byerian.BLAKE\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.pmaoziawpzhtcxexatrztbc.us/jy_sISfjh_bzrRpzeXhN5H_uRWwBKX56mX58STE6b183kwfkYN jWspKe2KVYpkOT.html
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ExtraWave] C:\DOCUME~1\BYERIA~1.BLA\APPLIC~1\DRIVER~1\DrvUplo adStyle.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

Kill these.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.pmaoziawpzhtcxexatrztbc....Ke2KVYpkOT.html (http://web.pmaoziawpzhtcxexatrztbc.us/jy_sISfjh_bzrRpzeXhN5H_uRWwBKX56mX58STE6b183kwfkYN jWspKe2KVYpkOT.html)
O4 - HKCU\..\Run: [ExtraWave] C:\DOCUME~1\BYERIA~1.BLA\APPLIC~1\DRIVER~1\DrvUplo adStyle.exe


Morety, unless you have a proxy server, go into IE, Tools, Options, Connnection, LAN Settings, UNCHECK auto detect proxy settings (first block I think).

Killed em, still having the problem. HijackThis isn't coming up with anything else. I honestly think that IE itself got haxored. Maybe they replaced the exe file with their own version

My sister had the same problem with hotmail+exploder. Spybot cured it, but who knows for how long.