Several Problems

[lusimon]

I have a couple of problems maybe someone can help me with. One that has already been addressed before and I hate to ask is: the Pop-ups. I did download Spybot and it helped somewhat, but keep getting those BHO boxes and tons of pop-ups. Second-If I click on something and it opens a second window, when I go to maximize that window, the window will maximize, but not the contents in it....(go figure). And lastly, my computer will freeze up periodically. Seems the only way to unfreeze is do the C, A, D keys then press cancel.
I will paste my startup list and maybe someone can tell me if I have any major problems..... Sorry to burden all of you, but I am not very good on the computer (as you can see) Any advice would be greatly appreciated and thank you in advance......

StartupList report, 1/30/03, 7:00:09 PM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151[1]\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\KAZAA\KAZAA.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST151[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SystemTray = SysTray.Exe
PTSNOOP = ptsnoop.exe
cpqns = c:\compaq\cpqinet\cpqnpcss.exe
EM_EXEC = C:\MOUSE\SYSTEM\EM_EXEC.EXE
SiS Tray = C:\WINDOWS\SYSTEM\SISTRAY.EXE
SiS KHooker = C:\WINDOWS\SYSTEM\khooker.exe
C-Media Mixer = Mixer.exe /startup
CountrySelection = pctptt.exe
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
KAZAA = C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
Launcher = "C:\Program Files\KFH\cl\launcher.exe" /P
MoviePlace = "C:\Program Files\MoviePlace\MoviePlace.exe" /H
SpyBotSnD = "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
DownloadWare = "C:\Program Files\DownloadWare\dw.exe" /H

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Weather = C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 29/1/2003, 20:34:48)

[rename]
NUL=C:\WINDOWS\TEMP\INS20F4.TMP

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 26/1/2003, 17:21:28)

[rename]
C:\STOMP35\CD_ART.PDF=C:\STOMP35\~GLH0556.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - (no file) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B}
(no name) - (no file) - {D14641FA-445B-448E-9994-209F7AF15641}
(no name) - C:\WINDOWS\IEXPLORR11.DLL - {388D7EBB-CBB9-4126-8DB2-86DC6863A206}
MediaLoads Enhanced - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
(no name) - (no file) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
SmartPops - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Scan for Viruses.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{0F5E63AE-8B1A-11D3-80A4-0050DA2D7351}]
CODEBASE = http://www1.netsetter.com/r/ns/config/nsconfig.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLCM.DLL
CODEBASE = http://support.fastaccess.com/sdccommon/download/tgctlcm.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE = http://dgl.microsoft.com/downloads/outc.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab

[{EB6AFDAB-E16D-430B-A5EE-0408A12289DC}]
CODEBASE = http://download.mediacharger.com/movieplace.cab

--------------------------------------------------
End of report, 7,229 bytes
Report generated in 1.357 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[steamwiz]

This is your problem :-

SmartPops - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}

First go to the Control panel click add\remove programs and uninstall DOWNLOADWARE

Then Download "hijackthis"

http://www.spywareinfo.com/downloads.php#det

Unzip, doubleclick HijackThis.exe, and hit "Scan".

save the log file and paste it here

http://www.doxdesk.com/parasite/NetworkEssentials.html

Also you do not appear to have anti-virus software or a firewall

You should get some - there are good free ones available

It's past 2am here now and time I retired for the night - good luck


steam

 

[lusimon]

Hi Steam, I know you are gone right now, but I cannot find a file called DOWNLOADWARE. I did download "hijackthis" but cannot seem to find a place to paste my log file. I'm so sorry, I am just an idiot when it comes to stuff like this. Someone needs to hold my hand. I'll check back later......

 

[lusimon]

I am so sorry, I have had 19 views, 1 reply (maybe i'm in the wrong place). Does no one want to help me. I have never seen anything on this site that is negative. So please, all you genius's out there, what is my problem. I really need help!!

 

[JustMe2]

lusimon,
Steam is talking about copying and posting your hijack log into a reply post to to this thread. The second link that he posted was a link with manual instructions for removing downloadware. Once the log is posted, there may be someone else on tonight that has knowledge of hijackthis, also.
JustMe2

 

[steamwiz]

Hi lusimon

Go to the Control panel and look for a 'NetworkEssentials' or 'MediaLoads Enhanced' entry in Add/Remove Programs and uninstall

Then we need your "hijackthis" log

If you have the log - just click reply and add it to this thread like you posted your startup list - if you don't have the log - let us know at which point you are stuck

Actualy Spybot should have taken care of this - did you run it correctly - like this :-

click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

you may have to run spybot more than once to clear everything

Remove everything pre-ticked in Red

steam

 

[lusimon]

I apologize for being "pushy" last night. I was just really really having a bad time. I will try this tonight when I get home from work and let you know the results. I really do thank everyone for all the help I get here. Maybe I was just tired last night. Please forgive me. Will get back with you. Thanks again!!!!

 

[lusimon]

Here is the hijack log:
Logfile of HijackThis v1.91.2
Scan saved at 6:04:28 PM, on 1/31/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=cons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://search.ieplugin.com/q.cgi?q=%s
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL (file missing)
F1 - win.ini: load=c:\oplimit\ocraware.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O2 - BHO: (no name) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - (no file)
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O2 - BHO: (no name) - {388D7EBB-CBB9-4126-8DB2-86DC6863A206} - C:\WINDOWS\IEXPLORR11.DLL
O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0F5E63AE-8B1A-11D3-80A4-0050DA2D7351} - http://www1.netsetter.com/r/ns/config/nsconfig.cab
O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/jpager/y/pg5_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
O16 - DPF: Yahoo! Checkers (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/ks0_x.cab
O16 - DPF: Yahoo! Towers 2.0 (Shockwave ActiveX Control) - http://yog18.yahoo.com/yog/y/ywm0_x.cab
O16 - DPF: Yahoo! Go Fish (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Bingo (YInstStarter Class) - http://download.yahoo.com/games/clients/y/xs0_x.cab
O16 - DPF: Yahoo! Blackjack (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/movieplace.cab

Let me know if you need anything else. Got to go to the tanning bed, will check back in about an hour!!!!

 

[steamwiz]

Hi lusimon

Run hijackthis again and delete these :-

R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL (file missing)

O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H

O2 - BHO: (no name) - {388D7EBB-CBB9-4126-8DB2-86DC6863A206} - C:\WINDOWS\IEXPLORR11.DLL

 

[steamwiz]

Also these :-

O2 - BHO: (no name) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - (no file)

O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)

O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)

O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)

steam

 

[lusimon]

Hi there Steam: First of all-thank you so much for all your help. I deleted what you said to . Here is the log again. Do you see anything else on there that needs to be deleted? What's that Xjupiter thing? I told ya I was ignorant when it came to stuff like this. Also, would this also solve when a second window opens up and I maximize it, will the whole window maximize?

Logfile of HijackThis v1.91.2
Scan saved at 6:05:41 PM, on 2/1/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.xupiter.com/search2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=cons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.xupiter.com/search2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://search.ieplugin.com/q.cgi?q=%s
R3 - Default URLSearchHook is missing
F1 - win.ini: load=c:\oplimit\ocraware.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! PagerLite (Shockwave Flash Object) - http://jpager.yahoo.com/jpager/y/pg5_x.cab
O16 - DPF: Yahoo! Spades (Shockwave Flash Object) - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
O16 - DPF: Yahoo! Checkers (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/ks0_x.cab
O16 - DPF: Yahoo! Towers 2.0 (Shockwave ActiveX Control) - http://yog18.yahoo.com/yog/y/ywm0_x.cab
O16 - DPF: Yahoo! Go Fish (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Bingo (YInstStarter Class) - http://download.yahoo.com/games/clients/y/xs0_x.cab
O16 - DPF: Yahoo! Blackjack (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/movieplace.cab

Is there anything else I should get rid of??? Again, thank you for helping me!!!!!

 

[steamwiz]

You had Xupiter and got rid of it with spybot

Then somewhere between posting your first hijackthis log and your second hijackthis log you picked up Xupiter again

You also have downloadware again

Please run spybot again

You also removed one you should not have

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL

Now I suspect your yahoo toolbar will not work (not a big problem, you can always install it again)

Go to Tools/internet options/advanced and untick these two
"enable install on demand (internet explorer)"
"enable install on demand (other)"

 

[lusimon]

Hi Steam, thanks so much. The yahoo toolbar is no big deal..... Did you see anything else that could cause a problem? Sorry to be such a pain. I do appreciate all the help you have given me.
My daughter could be part of this. Who knows.

Thanks again and if you see anything else, please, please let me know!!!!!

lu

 

[steamwiz]

Do everything I've said above and then post another hijackthis log

restart your computer before posting the new log

steam

 

[lusimon]

Hi Again, OK, I think I have done everything you said, here it is:

Logfile of HijackThis v1.91.2
Scan saved at 8:33:11 PM, on 2/1/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.xupiter.com/toolbar2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=cons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://search.ieplugin.com/q.cgi?q=%s
R3 - Default URLSearchHook is missing
F1 - win.ini: load=c:\oplimit\ocraware.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! PagerLite (Shockwave Flash Object) - http://jpager.yahoo.com/jpager/y/pg5_x.cab
O16 - DPF: Yahoo! Spades (Shockwave Flash Object) - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
O16 - DPF: Yahoo! Checkers (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/ks0_x.cab
O16 - DPF: Yahoo! Towers 2.0 (Shockwave ActiveX Control) - http://yog18.yahoo.com/yog/y/ywm0_x.cab
O16 - DPF: Yahoo! Go Fish (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Bingo (YInstStarter Class) - http://download.yahoo.com/games/clients/y/xs0_x.cab
O16 - DPF: Yahoo! Blackjack (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} (Installer2 Class) - http://download.mediacharger.com/movieplace.cab