1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer 6 error message

Discussion in 'Earlier Versions of Windows' started by treefo, Feb 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. treefo

    treefo Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    11
    For the past month I have had problems with internet explorer. A message comes up saying it has to shut down and sorry for the inconvenience. Then it gives me a choice to restart IE or to send or not send this to Microsoft. I have done both and still no help. I am running 98SE and on microsofts site it gives me a solution the only problem is I can't get into the tool bar to follow the steps. IE forces me to shut down I can still surf the web I just can't open IE alone. I know it sounds confusing I'll try to answer any questions to any relpies I'm just frustrated please help. There are patches for the same problems for 2000 and xp but for 98 it gives you a 5 step process which I can't even start!
    HELP!!!
     
  2. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi treefo

    Could you post the link to the Microsoft article you refer to ?

    And also could you do this :-

    If you post your startup list we may be able to spot something

    Please post your startup list by doing the following :-

    Please go here and download startuplist 1.51 :-

    http://www.lurkhere.com/~nicefiles/

    Download to any folder or your desktop
    Unzip the zipfile
    Double click the exe file
    go to Edit - select all - copy - and paste the results in a new post here

    steam
     
  3. Del

    Del

    Joined:
    Aug 31, 2001
    Messages:
    3,452
    If you can't get into the toolbar, do you mean when you click on it you get an error message about restrictions?
    If M$ is saying to go to Internet Options, try Start > Settings > Control Panel and click Internet Options there and try their fix, by the way, can you post the fix you're trying to follow?
     
  4. treefo

    treefo Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    11
    THIS IS THE FIX I FOUND BUT SINCE I CAN'T GET INTO THE CONTROL PANEL TO CORRECT IT I GUESS I HAVE TO UPGRADE FROM 98 WHICH I'M NOT CRAZY ABOUT DOING. DON'T MOST PC GAMES HAVE PROBLEMS WITH XP? OR EVEN 2000 OR MILLENIUM? I KNOW ITS OFF THE SUBJECT AT HAND BUT THAT HAS BEEN THE MAIN REASON I NEVER UPGRADED MY OS THANK YOU ALL FOR YOUR HELP.


    SYMPTOMS
    You may receive the following error message in Windows Explorer, Internet Explorer, or MSN Explorer:

    Microsoft Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.
    To see the data that the error report contains, click the click here link at the bottom of the message box. The following error signature information may appear:

    Program Name Program Version Module Name Module Version Offset
    --------------------------------------------------------------------------
    Explorer.exe various Pdm.dll 6.0.0.8169 varies
    Iexplore.exe various Pdm.dll 6.0.0.8169 varies
    Netdocs.exe various Pdm.dll 6.0.0.8169 varies
    Msn6.exe various Pdm.dll 6.0.0.8169 varies


    RESOLUTION
    To resolve this problem, update the Pdm.dll file by installing the appropriate upgrades that are described in this section.

    NOTE: If you are running Windows 98 or Windows Millennium Edition (Me), the following upgrades do not install an updated version of Pdm.dll. The only resolution currently available is to upgrade your operating system. Microsoft is researching this problem and will post more information in this article when the information becomes available. See the Workaround section in this article for information about how to work around this problem on a Microsoft Windows 98-based or Windows Millennium Edition-based computer.

    If you are running Microsoft Office 2000, upgrade to Microsoft Office 2000 Service Release 1 (SR-1). For more information, visit the following Microsoft Web site:
    http://office.microsoft.com/downloads/2000/O2kSR1DDL.aspx

    If you are running Microsoft Visual Studio 6.0, upgrade to Microsoft Visual Studio 6.0 Service Pack 3 (SP3) or later. For more information, visit the following Microsoft Web site:
    http://msdn.microsoft.com/vstudio/downloads/updates.asp

    If you are running the Microsoft Script Debugger, upgrade to a newer version. For more information, visit the following Microsoft Web site:
    http://msdn.microsoft.com/scripting/default.htm?/scripting/debugger/

    WORKAROUND
    To work around this problem, disable script debugging in Internet Explorer. This procedure is recommended for Windows 98 and Windows Millennium Edition only. To resolve this problem on other operating systems, apply one of the upgrades that are listed in the Resolution section of this article. To disable script debugging, follow these steps:
    Start Internet Explorer.
    On the Tools menu, click Internet Options.
    On the Advanced tab, click to select the Disable Script Debugging check box in the Browsing section.
    Click OK, and then restart Windows.
    STATUS
    Microsoft has determined that problems exist in Pdm.dll version 6.0.0.8169. If you install the appropriate upgrade that is listed in the Resolution section, a more recent version of the Pdm.dll file (version 6.0.0.8424 or later) is installed on your computer except if you are running Windows 98 or Windows Millennium Edition.
     
  5. treefo

    treefo Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    11
    THIS IS MY STARTUP LIST AND THANKS AGAIN FOR THE WALKTHRU

    SYMPTOMS
    You may receive the following error message in Windows Explorer, Internet Explorer, or MSN Explorer:
    StartupList report, 2/17/03, 9:29:04 AM
    StartupList version: 1.51
    Started from : C:\WINDOWS\DESKTOP\MY BRIEFCASE\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\PLEXTOR2000\PLXTASK.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\WNAD.EXE
    C:\PROGRAM FILES\SAVENOW\SAVENOW.EXE
    C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
    C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
    C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\PROGRAM FILES\XUPITER\XUPITERSTARTUP2003.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\PROGRAM FILES\ROAD RUNNER\MEDIC\RRMEDIC.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\XUPITER\XTCFGRUNNER.EXE
    C:\PROGRAM FILES\XUPITER\XTCFGLOADER.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\XUPITER\POPUNDER.EXE
    C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNFORM.EXE
    C:\WINDOWS\DESKTOP\MY BRIEFCASE\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
    America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    Adaptec DirectCD = C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    PLXSTART = C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE
    PLXTASK = C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE
    QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
    WNAD = C:\WINDOWS\WNAD.EXE
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
    SaveNow = C:\PROGRA~1\SAVENOW\SaveNow.exe
    SVAPlayer = C:\Program Files\SVA Player\SVAPLAYER.EXE
    MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
    WinampAgent = "C:\PROGRAM FILES\WINAMP3\\winampa.exe"
    XNSearchAssistant = C:\Program Files\iWon\Search Assistant\SrchAsst.exe
    Aornum = C:\PROGRAM FILES\IWON\SEARCH ASSISTANT\SRCHASST.EXE
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
    tgcmd = "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
    XupiterStartup = C:\Program Files\Xupiter\XupiterStartup2003.exe
    Zenet = rundll32.exe C:\PROGRA~1\COMMON~2\TOOLBAR\CNBabe.dll,DllStartup
    XupiterCfgLoader = C:\Program Files\Xupiter\XTCfgLoader.exe
    New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 11/2/2003, 2:9:30)

    [Rename]
    NUL=C:\PROGRA~1\NEWDOT~1\UNINST~2.EXE
    NUL=C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET BLASTER=A220 I5 D1 H1 T4
    C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    BabeIE - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\BABEIE.DLL - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0}
    Activater - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F}
    MediaLoads Enhanced - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    (no name) - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL - {2662BDD7-05D6-408F-B241-FF98FACE6054}
    (no name) - C:\Program Files\NewDotNet\newdotnet4_80.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
    BabeIE - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL - {00000000-0000-0000-0000-000000000000}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}]
    CODEBASE = http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab

    [{15589FA1-C456-11CE-BF01-00AA0055595A}]
    CODEBASE = http://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe

    [DFRun Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\IEGATOR.DLL
    CODEBASE = http://webpdp.gator.com/v3/download/iegator_3296_hd3ptdm.cab

    [{9C813B33-52A2-466D-8C51-EB4189C1FF98}]
    CODEBASE = http://image.imgfarm.com/images/nocache/aornumIWRLV1.3.0.1.cab

    [{A27CFCAE-9351-4D74-BFFC-21EB19693D8C}]
    CODEBASE = http://www.xupiter.com/xt/install/XupiterToolbarLoader.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37621.7174305556

    [Helper Class]
    InProcServer32 = C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNHELPER.DLL
    CODEBASE = http://www.commonname.com/english/toolbar/cnbabeb3.cab

    [Adult Links]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\QCBAR.DLL
    CODEBASE = http://www.mainentrypoint.com/linkzz/QcBar_icon.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
    CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #2: C:\Program Files\NewDotNet\newdotnet4_80.dll
    Protocol #1: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL
    Protocol #2: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL
    Protocol #3: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL
    Protocol #10: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL

    --------------------------------------------------
    End of report, 8,517 bytes
    Report generated in 0.805 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Steam is not on line at present, so allow me to jump in.

    You've got a truly mind boggling amount of spyware and other thrash installed, and it needs to be removed.

    First go to Control Panel > Add/Remove Programs, and uninstall New.Net (domains) Also uninstall SaveNow.

    Reboot when you're done.

    Subsequently do the following in order to facilitate removing this stuff:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.

    NOTE: A small help file for HijackThis is located at http://tomcoyote.org/hjt
     
  7. treefo

    treefo Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    11
    I have no idea what this all means but here its and thanks for the walkthru.




    Logfile of HijackThis v1.91.2
    Scan saved at 10:15:47 AM, on 2/17/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.xupiter.com/search2.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.commonname.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.xupiter.com/toolbar2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.commonname.com/english/toolbar/sidebar.asp
    R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL
    O2 - BHO: BabeIE - {A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\BABEIE.DLL
    O2 - BHO: Activater - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL
    O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [PLXSTART] C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE
    O4 - HKLM\..\Run: [PLXTASK] C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP3\\winampa.exe"
    O4 - HKLM\..\Run: [XNSearchAssistant] C:\Program Files\iWon\Search Assistant\SrchAsst.exe
    O4 - HKLM\..\Run: [Aornum] C:\PROGRAM FILES\IWON\SEARCH ASSISTANT\SRCHASST.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
    O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\TOOLBAR\CNBabe.dll,DllStartup
    O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
    O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
    O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
    O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O10 - Hijacked Internet access by CommonName
    O10 - Hijacked Internet access by CommonName
    O10 - Hijacked Internet access by CommonName
    O10 - Hijacked Internet access by CommonName
    O11 - Options group: [CommonName] CommonName
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe
    O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} (DFRun Class) - http://webpdp.gator.com/v3/download/iegator_3296_hd3ptdm.cab
    O16 - DPF: {9C813B33-52A2-466D-8C51-EB4189C1FF98} - http://image.imgfarm.com/images/nocache/aornumIWRLV1.3.0.1.cab
    O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/xt/install/XupiterToolbarLoader.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37621.7174305556
    O16 - DPF: {860489A4-76CF-496C-ACA6-534F391D5332} (Helper Class) - http://www.commonname.com/english/toolbar/cnbabeb3.cab
    O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QcBar_icon.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thank you! :)

    Please do this:

    Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
    Next, shut down all Internet Explorer Windows, and have HT fix all checked.

    Now go to Control Panel > Internet (Options) > Temporary Internet Files, and press "delete files".
    Next, go to the Programs tab, and press 'Reset Web Settings'
    In the dialog box, make sure 'Also reset my home page' check box is ticked.

    Reboot when you're done.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.xupiter.com/search2.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.commonname.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.xupiter.com/toolbar2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.commonname.com/english/toolbar/sidebar.asp

    R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL

    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
    O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL

    O4 - HKLM\..\Run: [WNAD] C:\WINDOWS\WNAD.EXE
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [XNSearchAssistant] C:\Program Files\iWon\Search Assistant\SrchAsst.exe
    O4 - HKLM\..\Run: [Aornum] C:\PROGRAM FILES\IWON\SEARCH ASSISTANT\SRCHASST.EXE
    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
    O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\TOOLBAR\CNBabe.dll,DllStartup
    O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe

    O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
    O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
    O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
    O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm

    O11 - Options group: [CommonName] CommonName

    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product...erInstaller.exe
    O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} (DFRun Class) - http://webpdp.gator.com/v3/download...296_hd3ptdm.cab
    O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/xt/install/X...olbarLoader.cab
    O16 - DPF: {860489A4-76CF-496C-ACA6-534F391D5332} (Helper Class) - http://www.commonname.com/english/toolbar/cnbabeb3.cab
    O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QcBar_icon.cab

    O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL


    That leaves the Commonname foistware on your computer, but we're going to use an other application for that one.

    After rebooting, download Spybot - Search & Destroy

    After installing, press Online, and search for, put a check mark at, and install all updates.

    Next, go to Settings > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

    Good luck,
     
  9. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    Tony:
    A naive question...

    Won't SpyBot detect and remove things like Xupiter, Commonname, DW, Wnad, etc???
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    WhitPhil,

    Yes, for sure!

    And Medialoads, and Spywarenuker, and the QCBar ActiveX object.... :rolleyes:

    It's just that I always like to see any kind of log before doing any serious cleaning, and Hijack This will show stuff that may not yet be detected by AAW or SpyBot.

    Both will occasionally leave behind the odd startup entry or ActiveX object, and by running HT first, you're sure to get them all.
     
  11. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    Tx.

    Phil
     
  12. treefo

    treefo Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    11
    Hey Tony thank you I got as far as downloading the search and destroy but after I installed it where am I pressing online ? I can't understand the last part of your message please be patient with me I'm computer dumb.
     
  13. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Click the spybot icon to run spybot

    click the online tab ( you'll see that on the left hand side of the screen) to search for and download the updates, then shut down and relaunch SpyBot.

    Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

    you may have to run spybot more than once to clear everything

    Remove everything pre-ticked in Red

    steam
     
  14. treefo

    treefo Thread Starter

    Joined:
    Feb 13, 2003
    Messages:
    11
    HEY STEAM AND TONY YOU GUYS KNOW YOUR STUFF THANKS A LOT. I WONDER IF ANY OF THESE THINGS I REMOVED HAS ANY THING TO DO WITH MY DEGRAG NOT GOING PAST 0%. I KNOW I'M GOING OFF IN ANOTHER DIRECTION AGAIN BUT I REALLY HAVE A PROBLEM WITH THAT. I REALLY DON'T DEFRAG AS MUCH AS I SHOULD I WILL TRY IT NOW JUST TO SEE THANKS AGAIN GUYS.
     
  15. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Glad to hear you were able to get rid of it.

    As for defragging, the most important thing is to shut down as many programs as possible, especially your antivirus.

    An alternative is runing defrag in Safe Mode.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118764

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice