IE 6 seems corrupted on windows XP SP2

first of all Thank you for giving me the opportunity to be heard ..
I've started having problems with IE and not sure if it's related to uninstalling IE Beta 2 almost 3 weeks ago and my Windows automatically reverted back to IE 6.0. I was having server not found messages and thought it was just DSL Yahoo acting up but after 2 hrs of checking with two different seems to be intelligent techs from India they said everything is okay and it could be a virus and/or spyware on my pc which I guess Avast anti-virus didn't catch
... hope my pc won't crash as one of the techs said if I just ignore this problem. He said pretty soon Firefox will act up and then the brain of the pc would crash. Firefox has already acted up with an error message of server not found but not today...but lets stick with IE 6.
1. it takes too long for websites to open or they never open at all and the progress bar just sits there running its course on the task bar
2. IE 6 homepage can NOT be changed despite changing it thru Adware
3. Can't install IE Beta 3 (tried relentlessly for 6 times) followed all troubleshooting advice which I deactivated Zonaalarm and Avast anti-virus and nothing helped! Even risked it by changing the registry security sub-keys to show allow to replace special permission.
4. Did restore to different points as back as May as it wouldn't go back further than that and nothing helped. Was told anyhow that can't undo a spyware if it's what I have.
5. Ran Spybot, Adware, Avast virus boot scan which found 0 infected files...
6. of course from the get-go deleted IE browser cookies ....
I'm wondering if installing Beta 2 is the culprit here. I would appreciate help in this. My friend who is a consultant told me to re-install W XP...but would hate to re-install 20 programs that I have and re-configure one year's of work so if anyone has a better option I would appreciate it greatly.
Thank you,
Vicki

specs: I've W XP SP 2 purchased just 11 mos ago

 

first of all Thank you for giving me the opportunity to be heard ..
I've started having problems with IE and not sure if it's related to uninstalling IE Beta 2. It's gotten worse by the day
.. hope my pc won't crash.
1. it takes too long for websites to open or they never open at all and the progress bar just sits there running its course on the task bar
2. IE 6 homepage can NOT be changed despite changing it thru Adware
3. Can't install IE Beta 3 (tried relentlessly for 6 times) followed all troubleshooting advice which I deactivated Zonaalarm and Avast anti-virus and nothing helped! Even risked it by changing the registry security sub-keys to show allow to replace special permission.
4. Did restore to different points as back as May as it wouldn't go back further than that and nothing helped. Was told anyhow that can't undo a spyware if it's what I have.
5. Ran Spybot, Adware, Avast virus boot scan which found 0 infected files...
6. of course from the get-go deleted IE browser cookies ....
I'm wondering if installing Beta 2 is the culprit here. I would appreciate help in this. My friend who is a consultant told me to re-install W XP...but would hate to re-install 20 programs that I have and re-configure one year's of work so if anyone has a better option I would appreciate it greatly.
Thank you,
Vicki

specs: I've W XP SP 2 purchased just 11 mos ago

 

Are you just having the IE problem, no other issues?

Have you tried Firefox?

 

my firefox works okay lately since DSL re-configured it from keep live to re-connect at all times. But anyhow they said if IE doesn't work then if it's a virus it will spread to firefox ... I didn't find any viruses thru Avast scan today but that also could mean that some viruses couldn't be detected by it.
Btw just ran MS windows defender (beta 2) and it found nothing and said my computer is running normally. What could it be that is screwing up my pc?
Thank you,
Vicki

 

Please see the below thread, then attach a current HJT log.
http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

I tried to re-configure my W xp pc as per you pre-Hijack scan instructions which stated that I need to disable Msconfig which to me that meant to disable everything in xp's startup tab and then I was instructed to select normal startup ...but when I'm prompted to restart and I then get back on the pc and test msconfig ...it reverts back to selective startup so in a nutshell can't have normal startup with disabling all programs in startup tab.
Thank you,
Vicki waiting for answer before proceeding ...

 

Click Start > Run > type in msconfig

Select "Normal Startup" and click ok, when it ask if you want to REBOOT, click NO!

Now, run HJT and attach the log.

 

as per your instructions before running Hijack "... also disable msconfig or any other similar startup control programs...."
what do you mean exactly? The way I understood it is I clicked on start then Run I typed msconfig and in the startup tab I disabled all startup items. Then when I selected Normal startup in General tab and didn't re-boot just exited this time as per your last reply and but against your instructions it still enables all startup items automatically b4 and after I exit from msconfig. In a nutshell it won't let you disable startup items and leave on normal startup it changes to selective Startup. So I'm kind of confused. Want to make sure my pc is configured right for the most optimum scan. So far all scans found nothing and I know there is something as my pc's performance is definitely slowing down.

Thanks,
Vicki

 

Follow my post exactly as it appears. Set it to normal startup, click ok, click no or cancel when it ask to restart, then attach a HJT log but do NOT reboot. I need to see everything that is loading.

Click Start > Run > type in msconfig

Select "Normal Startup" and click ok, when it ask if you want to REBOOT choose the option NO.

Now, run HJT and attach the log.

 

Hijackthis.log is attached. Hope you can find a trace of something that is obviously that has taken over my pc against my will and its performance.

Again I currently have Avast Anti-virus and Zonealarm Firewall and Adaware that I run regularly. I ran in the last week Spybot and MS Windows Defender and all came up with nothing


Keeping my fingers crossed as my last option as per a few people is to re-install windows xp

Thank you,
Vicki

 

Please look in Add/Remove Programs for the following and uninstall them if found:

MyWebSearch

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=84cff070 21917817a84728c7c9e16ca9&url=http%3A%2F%2Fd.66.155.171.79.downloads.estara.com.% 2Fas%2FOneCCDM.php&template=4614&sessionid=1820548480_66.155.171.79_49118&=&req= 1126077361812OneCC.cab

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\MyWebSearch ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.


Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Before I start I just wanted to ask how to go into safe mode - is it F9? and can you plse. be more specific as to what to do step-by-step once in safe mode?
Also how to prevent this spyware from hijacking my pc again?
What is the reason to clean restore points? so I don't ever do a go-back?
I was told after my unsuccessful attempt in using the go-back feature last week that it doesn't remove a spyware .. so don't assume it would add it back if I ever do a go-back.
Thank you very much for all your immeasurable help.
Vicki

 

One more thing I just read on the internet that Spybot should have found it or Adaware. How come they didn't find it on my pc when I ran them? Is it because it's hidden from other spyware removal tools and not hidden with HijackThis cause I renamed it to Analyse.exe? Also it is not in my add/remove programs. Just checked. No surprise here. Also wanted to mention my friend has mywebsearch by Smiley Central also on her pc and she is not experiencing any problems. Could my problems be due to another "hidden" spyware that HijackThis might not have caught and\or a virus that Avast scan didn't catch.
Thanks,
Vicki

 

One more thing I check my registry and did edit find Fun Web Products and it didn't find it. www.pchell.com suggested that once you uninstall it go to delete it in registry. So far I've observed that it's not in add/remove programs and not in regedit and not in windows explorer under C:/program files and not in my IE toolbar as I remember it being when I installed it now that I think about it. Is that odd or what?

Confused,
Vicki

 

also I realized that fun web products was on my pc since a mo after purchasing the pc last year..so why the problems now?
also it is not that my pc is slowing down it's also that it doesn't find the server every now and then and DSL tech said it's not them. So do you know if a spyware can actually make you lose connection to the net while you're on it constantly. It's not that I walk away from it ... even though if I did DSL still shouldn't disconnect.

 

It is F8 when you see the BIOS splash screen.

When I said "Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain".

This is where you reboot into Safe Mode. Everything after this is done is Safe Mode.

We will cover this once it has been removed.

To clean anything that is malicious that could be hiding in the restore folder.

If you did a restore back to a point where you did not have the infection it would not be here unless someone caused it.

 

Did you update before running?

It's hiding from anything, we can see it. Renaming HJT to "analyse" is for another infection, not this one.

Thing do not always show here, it's just the first place to look.

Anything related to MyWebSearch is known adware and should be removed whether problems are experienced or not, however it's the users option to keep it or not.

 

First, let me say "Regedit" is for advanced users, modifying anything in here could cause your system to crash. I am not saying your not advanced I just want to you be aware of the danger of regedit if used improperly.

 

FunWebProducts has many different types of software, some have issues and some do not. All I know is anything related to FunWebProducts and MyWebSearch is not clean and should be removed.

Why would a ISP blame themselves? They are always going to blame it on someone else. DSL is not a steady connection like cable, it has a set timer as it can go to sleep basically.

 

Go back to my previous fix and run it step by step, when you get into C:\Program Files\ delete any folder that says "MyWebSearch" or "MyWeb" anything related remove it.

Once you have completed my previous fix, reboot back to normal mode and attach a fresh HJT log.

 

Hello well I deleted items as per the instruction re: my first Hijackthis log. I'm sending the new one. So you know I'm now able to change my homepage which was locked up by the spyware. I wasn't able under Safe mode aka F8 to see the my websearch. It's no where to be found. When I did F8 a screen full of words came up I page down and then I was prompted to input my password. I then went to control panel and it wasn't there .. I did a search under programs and nothing, and yes I did enable operating system files etc as per tutorial. Where is it still hiding? can it be it's not there but the spyware associated with it were functioning on their own?
I'll do the rest later e.g. CCLeaner, Spybot, and Ad-Aware (I've the free version) and will refresh the restore point (why ? I still don't know) would be nice if you clarify what is the purpose of that ...
Let me know if you see anything else on the new log? and I will let you know if the performance of the pc gets better in the next couple of days. the fact that my home page is functioning better is a good sign
Thank you very much.
Vicki

 

This entry below shows a restriction, most likely from Spybot. I would remove this from within Spybot.

 

can I remove something from a program that was the creator? won't it restrict me from doing that? so what good is Spybot?
Also can you explain how to find my websearch within safemode?
also last night after my e-mail I checked my yahoo mail to see if the smiley's were still there .. not that I ever used them and they weren't but on top there was a field saying websearch. Is this what you want me to get rid of?
thanks

 

Yes, you can remove this restriction within Spybot. Spybot when the "Immunize" feature is used adds malicious sites to the restricted list so they can not load and infect your computer. It also provides different shields that will protect from infections but in cases can be annoying.

Once in Safe Mode, manunally locate any folder or file related to MyWebSearch.

It's up to you whether you remove this or not, personally I would remove it quick.

 

this is my last log hopefully. I deleted the last suggestion thru Hijackthis ... Spybot found nothing wrong so couldn't delete it thru Spybot as you suggested.
Should I unhide system files now that I don't need to?
thank you!

 

why CCleaner doesn't delete what it came up with as attachment shows?

 

It appears to be a log for ZoneAlarm.

 

Your log looks good, are you having any further problems?

 

not really .. looks good .thank you for dealing with all my questions all these two weeks almost.
Questions
1 what to do with the ccleaner log that you said yesterday that it is refering to Zonealarm. What to do with this? delete, not delete, if delete, how?
2 should I re-configure hiding of system files?

Thank you
Vicki

 

Just run CCleaner, it will clean all it can. Those logs can't be deleted because they are constantly being used by the program.

You can default your settings which will hide them back.

 

when I logged under guest the IE browser wouldn't even open giving me an error popup of stmain.dll so went to the Hijackthis log and saw it was MSN spyware so deleted and now I can open IE when signing on as a guest. Question - why IE was fine under administrator login but not under guest? Strange ha? Could some spyware be user specific?
Hopefully this spyware deleting of would be the end.. I want to start using my computer but scared of all these malwares that continuously hijack my pc. How to stop them if some popup come on my pc and when I try to get rid of them by clicking the x that actually installs a spyware. How to go about it? I run Adware SE regularly but it didn't delete all the ones that you told me about that were identified by HijackThis?
Thanks,
Vicki

 

Each account has it's on settings so I would clean each one.

You should see this article on How to Protect yourself from malware!

 

last question relating to your last reply. then do I need to install hijackThis while in guest? and then enable administration in guess sign on as I don't think you have any rights to downloads while in guest.
thanks

 

Running HJT from this location "C:\Program Files\HJT\" sweeps all accounts so you do not need to run HJT on all. However, I would run CCleaner and any other programs you use on the other accounts such as Spybot just as a precaution. If you use for example Spy Sweeper, it will scan each account for you as long as you have Admin rights.

 

Hi again it has been only 2 months later (was in Europe 1 month so my pc was not in use) and my sytem is slow again Plse. look at the attached updated log to see if anything else has hijacked my
pc since over a month ago... irritating to say the least .. hope you can help! Haven't gone to many sites just travel sites before I left to Europe ...
p.s. I've Avast anti-virus and zone alarm updated automatically, and Spybot that I just ran found nothing ...
Thank you very much and,
Vicki

 

Your HJT log looks ok, a slow computer can be caused from a ton of different things. The only thing I see of concern is "Limewire", this is a no no because these P2P networks contain thousands of baddies which you do not want on your computer. Personally, I buy the stuff legal but that's me.

Check your memory, if you don't have at least 512MB I would add some to help improve performance. Be sure you close anything you do not need running.

If you would like, run a few of the online scans to be sure you do not have any bugs hiding around in your system. If you do this attach the logs to your next post.

 

Dell Dimension DIM3000
Pentium(R) 4CPU 2 80 GHz
279 GHz ,512 MB of RAM
so I think it's fine as my pc is only 14 mos old ... you're right I must have had a lot of applications open and I've heard that could slow down performance but it was internet that was slow not Excel or Word or Outlook. Funny that you mentioned LimeWire cause I read their disclaimer and they swear that they don't have a bundle software and it comes with no malware, spyware etc etc. and three nights ago when my pc was slow and when I decided to contact your site for help, I couldn't connect to LimeWire all day literally despite all my efforts and now I could connect with ease for some strange reasons as I twicked nothing. Any explanations for this you might have? could it be LimeWire server was down? WHAT SCANS on the net ARE YOU TALKING ABOUT?
what do you mean by this statement ... P2P networks contain thousands of baddies?

Thanks,
Vicki

 

The online virus scans from the READ ME.

BitDefender

Panda ActiveScan

I mean there are thousands of infections on P2P networks such as Limewire, Ares, Edonkey all those applications. The program itself isn't what is infected (most arent't anyway), it's the network of which your downloading from that contains the infections. Personally I would stay away from any P2P application because of the threats today but that's up to you.