Hijackthis hangs, so does IE browser

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
Hello. I am running Win98SE on a Pentium II 233 MHz with 224 MB of RAM. I know I should upgrade to a more powerful computer but I am trying to make do for now and would appreciate any help on the following. When I open Internet Explorer (6.00.2800.1106, SP1), it frequently does not open completely and hangs there. Sometimes I can ctrl+alt+del to start again and sometimes I lose control of the cursor and have to power down and then back up again. After 3 or 4 times powering back up, I can usually get IE working. Sometimes, it hangs not on the first website I open to but on the 2nd or 3rd subsequent webpage I click into.

I have McAfee Virusscan 9 and Personal Firewall 6 (and I see people's general view of McAfee on these forum - but that's what I have now and I'd like to see if I can make this work for now.) I have run McAfee scans and Ad-aware scans and Spybot S&D, the latter in safe mode. Nothing turned up. After reading the forums, I have also downloaded IESPYAD, and ran trojan.vundo fix but nothing came up.

I use Verizon DSL for internet and had disabled Verison's MotiveBridge software that would have made the Verizon portal more interactive because the MotiveBridge seemed to get in the way of other things operating.

I have read through some of the forums here. Downloaded Hijackthis. Ran it once, generated the following start-up list:

StartupList report, 6/26/05, 3:42:51 PM
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
EnsoniqMixer = starter.exe
VSOCheckTask = "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
VirusScan Online = "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
MCAgentExe = C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
MPFExe = C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

McVsRte = C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\WINDOWS

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
McAfee.com Update Check 05262005104932.job

--------------------------------------------------

Enumerating Download Program Files:

[{0E5F0222-96B9-11D3-8997-00104BD12D94}]

[PreQualifier Class]
InProcServer32 = C:\PROGRAM FILES\COMMON FILES\VERIZON ONLINE\SFP\MOTIVEPREQUAL.DLL

[{A8658086-E6AC-4957-BC8E-8D54A7E8A790}]

[{1A0DC5DA-3FC4-417D-8499-15A3D467DB3D}]

[{5F0C30E4-1E72-4DCC-85E5-57810F1CA97B}]

[CFForm Runtime]
InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
CODEBASE = https://my.ascd.org/CFIDE/classes/CFJava.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCGDMGR.DLL
CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 4,034 bytes
Report generated in 0.135 seconds


Now, when I try running Hijackthis to generate a system scan logfile, I find that HIjackthis itself hangs, each time in the same place, when it's trying to do "O15 - Trusted Zone enumeration..." the last entry being "O13 WWW. Prefix "http://" Ctrl+Alt+Del produces a "not responding" message for Hijackthis. I uninstalled Hijackthis, including find references to Hijackthis in the registry and deleting them. Then I reinstalled Hijackthis but came up with the exact same hanging at the same place, O15.
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
To add to the previous information, in case it's useful:

Here's the end of my (incomplete) bootlog:

Init = Final USER
InitDone = Final USER
Init = Installable Drivers
InitDone = Installable Drivers
Init = TSRQuery
InitDone = TSRQuery
[0010559B] Enumerating Standard Floppy Disk Controller (BIOS\*PNP0700\12)
[0010559C] Enumerated Standard Floppy Disk Controller (BIOS\*PNP0700\12)

My resources are generally 80-84% when I first boot up, and then drop to 60-75% when I open programs thru Win 98SE. Programs tend to open very slowly.

Appreciate any help with these issues.
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
1. I downloaded the self-extracting version of Hijackthis to Program Files.
2. Each time I try scanning, Hijackthis stops responding when it gets to "O15 Trusted Zones Enumeration."
3. In Control Panel, the Internet Properties box freezes up when I try clicking on Trusted Zones.
4. I have run a Scandisk, a Defrag, an Ad-Aware scan, and a Spybot Search & Destroy in normal and safe modes, but have not turned up anything.
5. McAfee Virusscan 2005 has not helped either.
6. I tried running CWShredder, but it didn't turn up anything.
7. I am running Windows 98SE with 224 MB RAM.
8. Could anyone let me know what else I could try to run a complete Hijackthis scan so I could send a logfile?
 

telecom69

Gone but never forgotten
Joined
Oct 12, 2001
Messages
9,807
Its possible that some entries in your trusted zone are stopping this so do the following ....

To remove all the sites listed in the Restricted Zone

Download: DelDomains.inf - Right-click and select: Save Target As
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

http://www.mvps.org/winhelp2002/DelDomains.inf
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
Thank you very much, Telecom 69, for your response.

I downloaded DelDomains.inf and installed it. Sure enough, my Trusted Domains is no longer blocked up and I can now get a complete Hijackthis log. Could anyone have a look and tell me how it is:

Logfile of HijackThis v1.99.1
Scan saved at 8:14:17 AM, on 7/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=13826&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} -
O16 - DPF: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} -
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://my.ascd.org/CFIDE/classes/CFJava.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 

telecom69

Gone but never forgotten
Joined
Oct 12, 2001
Messages
9,807
I see nothing in your log that may be causing the problems ....I woud suggest you go here http://www.lavasoftusa.com/software/adaware/ and download,update then run adaware se and get rid of anything that it finds

Also go here http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button and download spybot again update it before running and get rid of anything it finds that is ticked in RED .....

Do this as well http://www.personal-computer-tutor.com/deletingtempfiles.htm

Also have you done a defrag lately?
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
Thanks very much for the suggestions, Telecom69.

I tried the suggestions in the webpage on deleting temp files. Very nice!

I ran a defrag 3 days ago and generally do it every week or two, or sooner if after a lot of computer activity.

I ran Ad-Aware SE 2 days ago and found nothing new. Also ran the update for 6/30/05.

My Spybot S&D is version 1.3, not 1.4 like the link you provided. Spybot S&D updated to 6/26/05 on my version but did not mention the next version to upgrade. Should I upgrade to 1.4, and if so, should I uninstall 1.3 or will 1.4 overwrite 1.3?

I noticed in my hijackthis report that one of my running programs in TkBell.exe which, correct me if I'm wrong, is the update-checking machine for Real video. I don't want Real video to be checking for updates when my OS is booting up or now and then since I rarely use Real video anyway. Can I remove that update-checking of Real video from running programs, and if so, how?

Here's the latest hijackthis log after updating Spybot 1.3 and AD-Aware SE:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:46 AM, on 7/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=13826&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} -
O16 - DPF: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} -
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://my.ascd.org/CFIDE/classes/CFJava.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 

telecom69

Gone but never forgotten
Joined
Oct 12, 2001
Messages
9,807
I just updated to 1.4 of Spybot myself and it overwrote 1.3 it also offered some updates that you may want to install so check for that ......

Yes you can delete the following if you dont need it ...

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Put a tick to the left of it in the log and have hijack fix checked
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
1. Fixed TkBell.exe through Hijackthis.

2. Hijackthis works now, thanks to Telecom69's advice.

3. Still having problems with iexplore hanging the first time I boot up Win98SE. Home page comes up, but the next page (either typed in the address line or chosen from Favorites) doesn't come, not even a DNS Error. The blue status line on the bottom of the screen shows that it hangs at about 5-30% progress (varies.) Sometimes I lose control of the cursor. Usually get blue screens, or black screens in between Ctrl+Alt+Del attempts. Blue screens state:
"fatal exception OD...current app will be terminated" followed by
"system is busy waiting for Close Program dialog box to be displayed"
followed by: "warning - system either busy or has become unstable"
This iexplore hanging is an ongoing problem - not every time, just sometimes.

Tried turning off and turning back on my DSL modem. Took two freeze-ups, then ---

4. Updated to Spybot S&D 1.4 and unearthed several problems - any help would be appreciated. Here they are:

5. I keep getting a popup from Spybot S&D stating:
"Registry change: Global browser toolbar
{8E718888-423F-11D2-876E-00A0C9082467}
old data: hex: 00"
When I try to close this message box, I get another popup box stating:
"Registry change denied by resident"
These two popups keep going one after the other unless Ctrl+Alt+Del close Spybot S&D.

Three other problems identified by Spybot S&D as registry changes:

6. nsrvt.exe loaded by nerte-trojan and masquerading as scanregw.exe

7. asdapi.exe loaded by cabro-trojan and masquerading as LoadPowerProfile, rundll.exe,powrprof.dll,LoadCurrentPwrScheme

8. SearchURL http://www.search-for-you/srh/145
This one gets a popup saying registry change denied by resident.

OK. That's what I've got for now.
What should I do next?
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
Here is the most recent Hijackthis log to go along with my previous posting:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:56 AM, on 7/3/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-for-you.com/srh/145/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=13826&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} -
O16 - DPF: {1A0DC5DA-3FC4-417D-8499-15A3D467DB3D} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} -
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://my.ascd.org/CFIDE/classes/CFJava.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 

aa-vt

Thread Starter
Joined
Jun 26, 2005
Messages
8
This is the first time in 11 days I've been online. Borrowed computer. I appear to have lost everything. My OS is not found. I've sent my hard drive to a techie friend to see if he can clean it. I won't be checking back in to this forum any time son. I am very disappointed.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top