1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Email popups and jumpy cursor....

Discussion in 'Earlier Versions of Windows' started by cadillacgrl, Sep 22, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    My computer acts up now and then and it's starting to worry me. Sometimes when I turn it on, I'll open up OE and emails will start popping up in new windows. They only go away when I close OE. then after that happens my cursor will start jumping and so does the status bar info on web pages, when I go to start (to shut it down) it'll just shut itself off. I'll restart, then things are fine. I have an extra screen saver that opens up after I get to my desk top to keep my kids from accessing my computer (they learned how to bypass the windows password). I run a virus scan (AVG)and it shows no virus. I also can only get scandisk to run all the way through when puter is in safe mode. Below is all the info I could find about my computer. Thanks for any help!


    Logfile of HijackThis v1.97.2
    Scan saved at 4:52:23 PM, on 9/22/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MSNBC\ALERT\NEWSALRT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\SMARTPOPUPKILLER\POPUPKILLERTRAY.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=M3
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {BD51AEC6-7991-4A60-94D6-D5FEBB655D10} - C:\WINDOWS\SYSTEM\IEMSG.DLL
    O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\PROGRAM FILES\SMARTPOPUPKILLER\POPUPKILLERIEDLL.DLL
    O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINDOWS\REM00001.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
    O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINDOWS\BS2.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE C:\WINDOWS\BS2.DLL,DllRun
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [News Alert] C:\Program Files\MSNBC\Alert\NEWSALRT.EXE
    O4 - Startup: Fish.scr
    O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-000000000000} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/049486fe1496fa5ccb22/netzip/RdxIE601.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) - http://activex.liveupdate.com/controls/cres.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab



    StartupList report, 9/22/2003, 4:55:30 PM
    StartupList version: 1.52
    Started from : C:\PROGRAM FILES\HIJACKTHIS.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MSNBC\ALERT\NEWSALRT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\SMARTPOPUPKILLER\POPUPKILLERTRAY.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Fish.scr

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    BookedSpace = RunDLL32.EXE C:\WINDOWS\BS2.DLL,DllRun

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    News Alert = C:\Program Files\MSNBC\Alert\NEWSALRT.EXE

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 22/9/2003, 13:55:56)

    [rename]
    NUL=C:\WINDOWS\TEMP\$AVGUPD$.516
    NUL=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516
    C:\PROGRA~1\GRISOFT\AVG6\version.avg=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\version.avg
    C:\PROGRA~1\GRISOFT\AVG6\avgk32.dll=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avgk32.dll
    C:\PROGRA~1\GRISOFT\AVG6\avg.exe=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avg.exe
    C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avgcc32.exe
    C:\PROGRA~1\GRISOFT\AVG6\avgw.exe=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avgw.exe
    C:\PROGRA~1\GRISOFT\AVG6\bootup.exe=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\bootup.exe
    C:\PROGRA~1\GRISOFT\AVG6\avg.lng=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avg.lng
    C:\PROGRA~1\GRISOFT\AVG6\avgcore.vxd=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avgcore.vxd
    C:\PROGRA~1\GRISOFT\AVG6\setup.lng=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\setup.lng
    C:\PROGRA~1\GRISOFT\AVG6\avgscan.exe=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avgscan.exe
    C:\PROGRA~1\GRISOFT\AVG6\avg.ovl=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.516\avg.ovl

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;"C:\Program Files\Executive Software\DiskeeperLite\"
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\WINDOWS\SYSTEM\IEMSG.DLL - {BD51AEC6-7991-4A60-94D6-D5FEBB655D10}
    (no name) - C:\PROGRAM FILES\SMARTPOPUPKILLER\POPUPKILLERIEDLL.DLL - {A09790E7-DD00-4A83-B632-5B563423CFBB}
    (no name) - C:\WINDOWS\REM00001.DLL - {2B3452C5-1B9A-440F-A203-F6ED0F64C895}
    myBar BHO - (no file) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
    (no name) - C:\WINDOWS\SYSTEM\STLBDIST.DLL - {2CF0B992-5EEB-4143-99C0-5297EF71F443}
    (no name) - C:\WINDOWS\BS2.DLL - {392BE62B-E7DE-430A-8859-0AFE677DE6E1}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{02BF25D5-8C17-4B23-BC80-000000000000}]
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
    CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

    [WebHandler Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DLHELPER.DLL
    CODEBASE = http://activex.microgaming.com/DLhelper/version6/dlhelper.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [RdxIE Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
    CODEBASE = http://207.188.7.150/049486fe1496fa5ccb22/netzip/RdxIE601.cab

    [LiveUpdate Crescendo]
    InProcServer32 = C:\WINDOWS\SYSTEM\CRES.OCX
    CODEBASE = http://activex.liveupdate.com/controls/cres.cab

    [PCPitstop Utility]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [iCC Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPCONNCHECK.DLL
    CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

    [mhLabel Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHLBL.DLL
    CODEBASE = http://www.pcpitstop.com/mhLbl.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
    AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

    --------------------------------------------------
    End of report, 7,185 bytes
    Report generated in 0.024 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only



    .

    Operating System System Model
    Windows Millennium Edition (build 4.90.3000) Asset Tag: 0123ABC
    Processor a Main Circuit Board b
    1250 megahertz AMD Athlon XP
    128 kilobyte primary memory cache
    256 kilobyte secondary memory cache Bus Clock: 66 megahertz
    BIOS: American Megatrends Inc. 062710 07/15/97
    Drives Memory Modules c,d
    79.98 Gigabytes Usable Hard Drive Capacity
    67.98 Gigabytes Hard Drive Free Space

    CD-R/RW CW079D CD-R/RW [CD-ROM drive]
    DVD-ROM [CD-ROM drive]
    Generic floppy disk drive (3.5")

    WDC WD800BB-75CAA0 Ultra DMA 100 [Hard drive] (79.98 GB) -- drive 0 496 Megabytes Installed Memory

    Slot '0' has 512 MB
    Slot '1' is Empty
    Slot '2' is Empty
    Slot '3' is Empty
    Local Drive Volumes

    c: (on drive 0) 79.98 GB 67.98 GB free

    Logins Network Drives
    No details available

    Installed Microsoft Hotfixes Printers
    DataAccess
    Q318203 (details...) on 06/28/03
    Q329414-25 (details...) on 06/28/03
    DirectX
    DX819696 (DirectX Update 819696)
    Internet Explorer
    Q330994 (details...)
    Q818529 (details...)
    Q822925 (details...)
    SP1 (SP1)
    Windows Media Player
    WM308567 (details...)
    WM320920.1 (details...)
    WM819639 (details...)
    WinME
    UPD273017 (details...)
    UPD273991 (details...)
    UPD287564 (details...)
    UPD290700 (details...)
    UPD299014 (details...)
    UPD311311 (details...)
    UPD323172 (details...)
    UPD323255 (details...)
    UPD329048 (details...)
    UPD329115 (details...)
    UPD811630 (details...)
    UPD812709 (details...)
    UPDQ823559 (details...)


    Click here to see all available security Hotfixes.

    Marks a HotFix that verifies correctly
    Marks a HotFix that fails verification
    (Failing hotfixes need to be reinstalled)
    An unmarked HotFix lacks the data to allow verification Lexmark 1020 Color Jetprinter on LPT1:
    Lexmark Z22-Z32 Series on LPT1:

    Controllers Display
    Standard Floppy Disk Controller
    Primary IDE controller (dual fifo)
    Secondary IDE controller (dual fifo)
    SiS 5513 Dual PCI IDE Controller SiS 630/730 [Display adapter]
    Default Monitor
    Bus Adapters Multimedia
    SiS 7001 PCI to USB Open Host Controller
    SiS 7001 PCI to USB Open Host Controller Gameport Joystick (no joystick connected)
    MPU-401 Compatible MIDI Device
    SiS 7018 Audio Driver
    Wave Device for Voice Modem
    Communications Other Devices
    Broadxent DSI V.92 PCI DI3631 [Modem]
    Motorola SurfBoard 4200 USB Cable Modem
    SiS 900 PCI Fast Ethernet Adapter
    Network Card MAC Address: 00:0B:06:E0:E5:71
    Network IP Address: 12.219.56.56 / 21 DSI WDM MODEM ENUMERATOR
    Standard 101/102-Key or Microsoft Natural Keyboard
    USB Root Hub
    USB Root Hub
    Software Licenses

    Microsoft - Internet Explorer (Key: )
    Microsoft - MediaPlayer (Key: )
    Microsoft - MediaPlayer
    Microsoft - Windows Millennium Edition (Key: )

    Software Versions
    Adobe Acrobat Reader Version 5.1.0.0 *
    Aladdin Systems - StuffIt for Windows Version 8.0.0.148 *
    Apple Computer, Inc. - QuickTime QuickTime 5.0.1 *
    Apple Computer, Inc. - QuickTime QuickTime 6.0.2 *
    Belarc, Inc. - BelManage Client Version 6.0g *
    BigPatience *
    Blue Fang Games, LLC - Zoo Tycoon Version 10.07.00.0005 *
    BookWorm Deluxe Version 1.0 *
    Cinematronics - 3D Pinball Version 4.90.3000.1 *
    Clickteam - AllFive 2000 *
    Discover Painting for Kids *
    Eastman Software, Inc., A Kodak Business - Imaging for Windows® Version 1.01.1312 *
    Electronic Arts - Network Play System Version 1.1 *
    Frontcode Technologies - WinMX Version 3.31 *
    Fun Factory - Absolute Mastermind v1.3 Version 1.30 *
    GRISOFT s.r.o. - AVG Anti-Virus System Version 6, 0, 0, 0 *
    GRISOFT(c) SOFTWARE - AVG Anti-Virus System Version 6, 0, 0, 0 *
    GRISOFT, s.r.o. - AVG Anti-Virus System Version 6, 0, 0, 0 *
    HammerTap - HammerSnipe PowerTool Version 2.00 *
    HASBRO Interactive, Candy Land Version 1, 0, 0, 1 *
    IconForge *
    Indigo Rose Corporation - Setup Factory 6.0 Runtime Module Version 6.0.0.3 *
    InstallShield unInstaller Version 2.20.926.0 *
    InterVideo WinDVD Version 3.1.58.12 *
    Jasc Software Inc. - Animation Shop 3 Version 3.00 *
    Jasc Software, Inc. - Paint Shop Pro 7 Version 7.00 *
    Jasc Software, Inc. - Paint Shop Pro Version 7,0,0,0 *
    javaw.exe *
    John's Funny Face Game *
    Jordan Russell - If you want to undo changes made by Spybot-S&D, use the Recovery instead! *
    Lexmark ColorFine Version 3.2.1 *
    Lexmark Supplies Monitor Version 1, 0, 0, 1 *
    Lucian Wischik - Stick Figures Version 3, 1, 0, 0 *
    Macromedia Director Version 6.0.2 *
    Mickey and Friends Print Studio *
    Microsoft (r) PCHealth Version 4.90.0.3004 * Microsoft (r) Windows Script Host Version 5.6.0.6626 *
    Microsoft Corporation - DirectShow Version 6.4.07.1112 *
    Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 *
    Microsoft Corporation - MSN Gaming Zone Version 1.00.523.4 *
    Microsoft Corporation - Spider Version 2, 0, 0, 1 *
    Microsoft Corporation - Windows Installer Version 2.0.2600.2 *
    Microsoft Corporation - Windows Movie Maker Version 1.0.1377.0 *
    Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
    Microsoft Money Version 3.00.00.00 *
    Microsoft(R) Windows Media Player Version 9.00.00.2980 *
    MindVision - Installer VISE 2.8.3 Version 2.8.3 *
    Money Preview *
    Monopoly *
    More Space File Utility *
    NEWSALRT.EXE *
    PepiMK Software - Spybot - Search & Destroy Version 1.2.1.0 *
    PepiMK Software - SpyBot-S&D Version 1.2 *
    PictureWorks Technology, Inc. - HotShots Version 1.5.09 *
    Play Dynomite *
    PopCap - Alchemy Version 1.1 *
    Popcap - NoahsArk Version 1.1 *
    PopCap.com - Bejeweled Version 1.4 *
    Ratloop, Inc DBA "Mekada" - Gearhead Garage Game Version 0, 0, 0, 0 *
    Shortcut to WHEEL *
    Silicon Integrated Systems Corporation - SiS (R) 630/730 SiSTray application for Windows 95&98 Version 0.0.0.2030 *
    Simone Tellini - Wiz Solitaire Version 1.0.0.0 *
    Software 2000 UnSetup Version 2.1.9.9 *
    Systweak - Advance System Optimizer Version 1, 2, 0, 0 *
    The Most Advanced File Sharing Tool *
    The Sims...800x600 *
    Ulead Systems, Inc - BatchDL Application Version 7, 0, 0, 0 *
    Ulead Systems, Inc. - PhotoImpact Version 7.0 *
    VERITAS Software Corp. - RecordNow Version 3.00.1249 *
    WinCinema Manager for InterVideo WinCinema products Version 1, 0, 0, 1 *
    WinZip Version 8.1 (4331) *
    Wiz Solitaire Version 1.0.0.0 *
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    In Hijack This, check all of the following items, then close all browser windows, and press "Fix Checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=M3

    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch

    O2 - BHO: (no name) - {BD51AEC6-7991-4A60-94D6-D5FEBB655D10} - C:\WINDOWS\SYSTEM\IEMSG.DLL
    O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINDOWS\REM00001.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL
    O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINDOWS\BS2.DLL

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL

    O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE C:\WINDOWS\BS2.DLL,DllRun
    O4 - Startup: Fish.scr

    O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/049486fe1496fa...ip/RdxIE601.cab
     
  3. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    I did as you said and hope it'll help. Many thanks!


    Logfile of HijackThis v1.97.2
    Scan saved at 5:47:21 PM, on 9/22/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\MSNBC\ALERT\NEWSALRT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\PROGRAM FILES\SMARTPOPUPKILLER\POPUPKILLERIEDLL.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [News Alert] C:\Program Files\MSNBC\Alert\NEWSALRT.EXE
    O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-000000000000} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) - http://activex.liveupdate.com/controls/cres.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
     
  4. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    Well, I just turned on my computer and it happened again. The email pop ups and jumpy (or maybe a better term - flashing) cursor etc. I clicked on start and the whole thing shut itself down. Any other suggestions? :confused:
     
  5. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Does it act up if you don't open OE ?
     
  6. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    Yes, the jumpiness will happen when I open a webpage without ever opening OE.
     
  7. Miz

    Miz

    Joined:
    Jul 1, 2002
    Messages:
    2,146
    Have you scanned for spyware? If not, download, install, immediately update and then run Spybot and/or AdAware (you can use them both.) Let whichever one you choose clean up any spyware it finds.
     
  8. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    I run Spybot at least once a week and did so again yesterday. Any other suggestions?
     
  9. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Have you tried to repair Internet Explorer ?

    You will find the repair tool here. Start/Programs/Accessories/System Tools/System Information/Tools/Internet Explorer Repair Tool
     
  10. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    Under Tools there is no IE repair tool. I'm using WinMe.
     
  11. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Sorry my mistake, you will find the repair tool by going to the control panel/add/remove programs and click on IE, then it should give you the option to repair it.
     
  12. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    you can also fix this with hijackthis:


    O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM

    and this.....if you dont use limeshop
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm


    re-boot and delete:
    C:\WINDOWS\Web\ERS_DEF.HTM
     
  13. cadillacgrl

    cadillacgrl Thread Starter

    Joined:
    Jul 26, 1999
    Messages:
    17
    I actually don't have Internet Explorer in my add/remove program list (OE isn't there either). Anything else?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166672

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice