1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explore Freezes

Discussion in 'Web & Email' started by memoryman, Jul 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. memoryman

    memoryman Thread Starter

    Joined:
    Jul 21, 2003
    Messages:
    4
    Ever since I installed IE6, I am having problems with it freezing.
    I have listed my Hijackthis log below. Can someone please help???

    Thank you very much!


    Logfile of HijackThis v1.95.1
    Scan saved at 3:52:35 PM, on 7/20/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\COMPAQ\INTERNET\ISDBDC.EXE
    C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\COMPAQ\CPQINET\CPQINET.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOLTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kazaa-lite.ws/results.php?show=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.kazaa-lite.ws/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kazaa-lite.ws/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V1\SCBAR.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - (no file)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V1\SCBAR.DLL
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic5\UTILITY\MMOVER32\PQINIT.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
    O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V1\SCBAR.EXE" /U
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: @Home (HKCU)
    O12 - Plugin for .ply: C:\PROGRA~1\INTERN~1\PLUGINS\npPetz.dll
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} - http://download.yahoo.com/dl/fv/yv.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {01110A81-3E00-11D2-8470-0060089874ED} (Support.com - Control Command Class) - http://www.comcastsupport.com/sdcCommon/download/tgcmd.cab
    O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/swimsuitnetwork.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
    O16 - DPF: Yahoo! Checkers (Yahoo! Companion) - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Go Fish (Yahoo! Companion) - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Chinese Checkers (Yahoo! Companion) - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/turbo.cab
    O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/payload2.cab
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Just to be on the safe side, I would advise you download and run RapidBlaster Killer. It's free, very small and takes about 2 seconds to check for RB, a spyware that is changing filenames a lot lately, it is hard to detect with anything else.
    Then post a new scan with HJT here and we can get rid of the rest, there are a few, but RapidBlaster must be gotten rid of...I see some things in the first scan that look like it- the only tool to really clean that out is RB Killer, available here::


    http://www.wilderssecurity.net/specialinfo/rapidblaster.html

    Just save it to desktop, 2 click to install. Have it scan and see what it finds....anything it detects will be RapidBlaster and should go. Then post a new Hijackthis scan, OK?
     
  3. memoryman

    memoryman Thread Starter

    Joined:
    Jul 21, 2003
    Messages:
    4
    Ok....I ran RB Killer, and it did not find anything. Does anyone have any other suggestions?
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Yes, now you need a program to remove the malwares you do have....please download and install SpyBot Search and Destroy 1.2 from here:: But, before you use it to remove anything, please go online and use the Update button within SS&D to check for and download the latest updates. You have to be online before you start the Updater....at least, with my AOL you do.
    ( By the way, the RapidBlaster app is going to be updated fairly often if the amount of new files RB can morph to is any indication....I know you did not have it now, but there is always tomorrow...if you get and use a spyware preventer, hopefully you will not get any more spyware junk. )
    download area for SS&D, which is only a remover:::
    http://www.lurkhere.com/~nicefiles/index.html

    Here is a link to read about what it is and how to use it-

    http://tomcoyote.org/SPYBOT/

    Hope this helps you! SpyBot is mostly an automated remover....it will preselect what should be removed= these items in RED with checkmarks in them, all should go.
    Then, after you have scanned with the updated SS&D- post a NEW scanlog with HiJack- which may show us what is left that should also go....

    Additionally- there are several small free programs you can get that will prevent this stuff from entering the computer, just yell if you want the locations....they are posted here quite often, I just saw a post with some good ones in a link....OK, here it is::

    http://forums.techguy.org/t149097/s.html
     
  5. memoryman

    memoryman Thread Starter

    Joined:
    Jul 21, 2003
    Messages:
    4
    I ran Spybot, and here is my new Hijackthis log:
    I really do appreciate the help!


    Logfile of HijackThis v1.95.1
    Scan saved at 9:17:06 PM, on 7/22/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\COMPAQ\INTERNET\ISDBDC.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\COMPAQ\CPQINET\CPQINET.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOLTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kazaa-lite.ws/results.php?show=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.kazaa-lite.ws/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kazaa-lite.ws/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhos;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - (no file)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
    O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic5\UTILITY\MMOVER32\PQINIT.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
    O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: @Home (HKCU)
    O12 - Plugin for .ply: C:\PROGRA~1\INTERN~1\PLUGINS\npPetz.dll
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} - http://download.yahoo.com/dl/fv/yv.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {01110A81-3E00-11D2-8470-0060089874ED} (Support.com - Control Command Class) - http://www.comcastsupport.com/sdcCommon/download/tgcmd.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
    O16 - DPF: Yahoo! Checkers (Yahoo! Companion) - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
    O16 - DPF: Yahoo! Go Fish (Yahoo! Companion) - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Chinese Checkers (Yahoo! Companion) - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/turbo.cab
    O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8102/payload2.cab
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    In Hijack This, check ALL of the following items. Doublecheck so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com...d=sesm&sstring=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.kazaa-lite.ws/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kazaa-lite.ws/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com...d=sesm&sstring=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/

    R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
    O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - (no file)
    O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - (no file)
    O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P

    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...B8102/turbo.cab
    O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...02/payload2.cab



    Now restart your computer, and delete:

    The "C:\Program Files\MoviePlace folder
    The C:\Program Files\KFH folder

    Finally, download Spybot - Search & Destroy

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds.

    Cheers,
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    hi memoryman----Any chance you could tell us the results of the cleaning up?
     
  8. memoryman

    memoryman Thread Starter

    Joined:
    Jul 21, 2003
    Messages:
    4
    Sorry, I have been away for a few days. I have done everything that you suggested, and I am going to give it a few days to see if things have improved. So far, so good!

    Many thanks for the help.
     
  9. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hiya- thanks for getting back to us- we are very used to people being tied up after they manage to get in here and post a problem....glad you are untied now....I know after some bouts with these puters it takes a few days to unscramble the eyeballs and brain!
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/148906

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice