IE/Outlook Express:

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,378
My IE/Outlook Express has gone psychotic. It does things on its own, e.g., goes to caps and back again and freezes. Anyone out there have any ideas? Thanks in advance.

:confused:
 
Joined
Aug 30, 2003
Messages
1,281
Ok we need to try and eliminate any problems caused by spyware/adware first, so please do the following.

First Delete Temp files, Cookies and offline content.To do this,
Open Internet Explorer/Tools/Internet Options/delete cookies/delete files
select off-line content/clear history.


Download cwshredder from here

http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Close all browser windows (including minimized windows)
Run cwshredder

When it is finished Reboot your computer.

Download Adaware from here

Go here http://www.lavasoftusa.com/software/adaware/

Make sure you select "Check for updates now" and get the latest reference files.

Run Adaware and hit the Scan now button, make sure Activate indepth scan is selected and then
hit next. After the scan has completed delete everything it finds.

Restart your computer.

Then Download Spybot search & destroy from here. Read the instructions while you're there.

http://tomcoyote.org/SPYBOT/index1.html

Install the program (Close all browser windows) and run it.

Before scanning press "Online" and "Search for Updates"

Put a check mark at and install all updates.

Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds in red.

Restart your computer.

Download "Hijack this" from here

http://www.tomcoyote.org/hjt/


Once you have unzipped it and have it running, Hit the scan button, when the scan is finished the button will change to a save log button, click it and then a notepad window will open, you need to copy and paste all of the log contents in here and someone will look at it for you.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,378
I checked my system with Adaware6 and Spybot. Below is the result of my scan with Hijack This. BTW, how can I keep from being infested with Gator? I had a lot of Gator files found with Adaware and Spybot? Thanks.

Logfile of HijackThis v1.97.1
Scan saved at 10:25:22 AM, on 9/30/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\WINDOWS\System32\KzgPN.exe
C:\WINDOWS\System32\EsdH.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Documents and Settings\Carl Neighbors\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\LhoK8W3.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.2688078704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
 
Joined
Aug 30, 2003
Messages
1,281
Ok run Hijack This again and check the following entries:

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

Close all browser windows and then select Fix/Checked

Then reboot into safe mode and delete the following folder.

C:\Program Files\AWS [folder]

Repost a new log when done.
 
Joined
Aug 30, 2003
Messages
1,281
Someone more experienced with logs may see something I have missed ? If so please feel free to butt in ;)
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,378
Quick qustion: will I lose Weatherbug if I delete these files. Also, Weatherbug is very informative but... is is a great source for spyware? If so, and I delete all traces of Weatherbug, is there a better weather (nonspyware) program out there? Thanks.
 
Joined
Aug 30, 2003
Messages
1,281
Yes you will lose Weatherbug.
The Jury is still out on whether this is spyware or not, however it is definately adware and will slow your browser and send you unwanted pop ups.
I don't know of any alternatives to Weatherbug, someone else may know though.
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,378
Evile-Ey, much thanks. Below is the result of my last scan using Hijack This. Also, I think I had better call Steven Speleberg (sp?) because I think my computer has polderguists. When I am typing, all of a sudden the curser disapears and I can't get it back and the mouse doesn't work at all. Also, I frequently hear a dull, "plunking" sound whenever this happens. Just recently, the Microsoft Search Companion (complete with cute dog) came up on its own. And, for no apparent reason, the blue border at the top of the screen that now says, "IE/Outlook Express: - Tech Support Guy forums - Microsoft ENternet Explorer" will go from dark blue to light blue at which time I lose the ability to use the mouse and the curser. I expect the monitor to begin spinning and spitting pea soup at any time. Is this a viris or maybe a polderguist. (I kind of hope it is a polderguist. That way I can call the National Inquirer and really retire. 8~).

Logfile of HijackThis v1.97.1
Scan saved at 10:48:12 AM, on 10/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\WINDOWS\System32\Ccbt.exe
C:\WINDOWS\System32\FnwN9.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Carl Neighbors\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\MtyJ62F.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.2688078704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
 
Joined
Aug 30, 2003
Messages
1,281
I have requested this post be moved to the security forum as I am sure you have something on your system that shouldn't be there.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
O4 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\MtyJ62F.exe

That is definitely the baddie there, I think if you fix that, then do a search for that file name and delete it......
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,378
I have deleted MtyJ62F.exe and below is my latest scan using Hijack This. What was this MtyJ62F.exe? Also, I have a Windows folder entitled "Prefetch." What is this? It seems to contain many "buggers" that have the potential to harm my computer.
Many thanks.

Logfile of HijackThis v1.97.1
Scan saved at 9:00:45 PM, on 10/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\ZhdNmV4l.exe
C:\WINDOWS\System32\OqxOq.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carl Neighbors\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\LhoK8W3.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37894.2688078704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
 

referee07

Thread Starter
Joined
Sep 11, 2003
Messages
1,378
What is: 04 - HKLM\..\Run: [5BGB87A2Y5ZCER] C:\WINDOWS\System32\LhoK8W3.exe?
This is an "exe" program, and I am thinking
maybe it doesn't belong on my computer.
Thanks again.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top