1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Several Problems

Discussion in 'Web & Email' started by lusimon, Jan 30, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    I have a couple of problems maybe someone can help me with. One that has already been addressed before and I hate to ask is: the Pop-ups. I did download Spybot and it helped somewhat, but keep getting those BHO boxes and tons of pop-ups. Second-If I click on something and it opens a second window, when I go to maximize that window, the window will maximize, but not the contents in it....(go figure). And lastly, my computer will freeze up periodically. Seems the only way to unfreeze is do the C, A, D keys then press cancel.
    I will paste my startup list and maybe someone can tell me if I have any major problems..... Sorry to burden all of you, but I am not very good on the computer (as you can see) Any advice would be greatly appreciated and thank you in advance......

    StartupList report, 1/30/03, 7:00:09 PM
    StartupList version: 1.51
    Started from : C:\UNZIPPED\STARTUPLIST151[1]\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\OPLIMIT\OCRAWARE.EXE
    C:\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\SYSTEM\SISTRAY.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\MIXER.EXE
    C:\PROGRAM FILES\KAZAA\KAZAA.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
    C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\STARTUPLIST151[1]\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SystemTray = SysTray.Exe
    PTSNOOP = ptsnoop.exe
    cpqns = c:\compaq\cpqinet\cpqnpcss.exe
    EM_EXEC = C:\MOUSE\SYSTEM\EM_EXEC.EXE
    SiS Tray = C:\WINDOWS\SYSTEM\SISTRAY.EXE
    SiS KHooker = C:\WINDOWS\SYSTEM\khooker.exe
    C-Media Mixer = Mixer.exe /startup
    CountrySelection = pctptt.exe
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    KAZAA = C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
    Launcher = "C:\Program Files\KFH\cl\launcher.exe" /P
    MoviePlace = "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    SpyBotSnD = "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
    DownloadWare = "C:\Program Files\DownloadWare\dw.exe" /H

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Weather = C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:
    (Created 29/1/2003, 20:34:48)

    [rename]
    NUL=C:\WINDOWS\TEMP\INS20F4.TMP

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 26/1/2003, 17:21:28)

    [rename]
    C:\STOMP35\CD_ART.PDF=C:\STOMP35\~GLH0556.TMP

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (no name) - (no file) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B}
    (no name) - (no file) - {D14641FA-445B-448E-9994-209F7AF15641}
    (no name) - C:\WINDOWS\IEXPLORR11.DLL - {388D7EBB-CBB9-4126-8DB2-86DC6863A206}
    MediaLoads Enhanced - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    (no name) - (no file) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
    SmartPops - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Scan for Viruses.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [{0F5E63AE-8B1A-11D3-80A4-0050DA2D7351}]
    CODEBASE = http://www1.netsetter.com/r/ns/config/nsconfig.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab

    [sys Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
    CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
    CODEBASE = http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab

    [Support.com Configuration Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLCM.DLL
    CODEBASE = http://support.fastaccess.com/sdccommon/download/tgctlcm.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
    CODEBASE = http://dgl.microsoft.com/downloads/outc.cab

    [Yahoo! Companion]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab

    [{EB6AFDAB-E16D-430B-A5EE-0408A12289DC}]
    CODEBASE = http://download.mediacharger.com/movieplace.cab

    --------------------------------------------------
    End of report, 7,229 bytes
    Report generated in 1.357 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    This is your problem :-

    SmartPops - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}

    First go to the Control panel click add\remove programs and uninstall DOWNLOADWARE

    Then Download "hijackthis"

    http://www.spywareinfo.com/downloads.php#det

    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    save the log file and paste it here

    http://www.doxdesk.com/parasite/NetworkEssentials.html

    Also you do not appear to have anti-virus software or a firewall

    You should get some - there are good free ones available

    It's past 2am here now and time I retired for the night - good luck


    steam
     
  3. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    Hi Steam, I know you are gone right now, but I cannot find a file called DOWNLOADWARE. I did download "hijackthis" but cannot seem to find a place to paste my log file. I'm so sorry, I am just an idiot when it comes to stuff like this. Someone needs to hold my hand. I'll check back later......
     
  4. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    I am so sorry, I have had 19 views, 1 reply (maybe i'm in the wrong place). Does no one want to help me. I have never seen anything on this site that is negative. So please, all you genius's out there, what is my problem. I really need help!! :) :) :) :) :)
     
  5. JustMe2

    JustMe2

    Joined:
    May 31, 2001
    Messages:
    1,047
    First Name:
    Crystal
    lusimon,
    Steam is talking about copying and posting your hijack log into a reply post to to this thread. The second link that he posted was a link with manual instructions for removing downloadware. Once the log is posted, there may be someone else on tonight that has knowledge of hijackthis, also.
    JustMe2
     
  6. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi lusimon

    Go to the Control panel and look for a 'NetworkEssentials' or 'MediaLoads Enhanced' entry in Add/Remove Programs and uninstall

    Then we need your "hijackthis" log

    If you have the log - just click reply and add it to this thread like you posted your startup list - if you don't have the log - let us know at which point you are stuck

    Actualy Spybot should have taken care of this - did you run it correctly - like this :-

    click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

    Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

    you may have to run spybot more than once to clear everything

    Remove everything pre-ticked in Red

    steam
     
  7. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    I apologize for being "pushy" last night. I was just really really having a bad time. I will try this tonight when I get home from work and let you know the results. I really do thank everyone for all the help I get here. Maybe I was just tired last night. Please forgive me. Will get back with you. Thanks again!!!!:D
     
  8. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    Here is the hijack log:
    Logfile of HijackThis v1.91.2
    Scan saved at 6:04:28 PM, on 1/31/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.bellsouth.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=cons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://search.ieplugin.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://search.ieplugin.com/q.cgi?q=%s
    R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL (file missing)
    F1 - win.ini: load=c:\oplimit\ocraware.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O2 - BHO: (no name) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - (no file)
    O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
    O2 - BHO: (no name) - {388D7EBB-CBB9-4126-8DB2-86DC6863A206} - C:\WINDOWS\IEXPLORR11.DLL
    O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
    O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    O4 - HKLM\..\Run: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {0F5E63AE-8B1A-11D3-80A4-0050DA2D7351} - http://www1.netsetter.com/r/ns/config/nsconfig.cab
    O16 - DPF: Yahoo! PagerLite - http://jpager.yahoo.com/jpager/y/pg5_x.cab
    O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
    O16 - DPF: Yahoo! Checkers (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/ks0_x.cab
    O16 - DPF: Yahoo! Towers 2.0 (Shockwave ActiveX Control) - http://yog18.yahoo.com/yog/y/ywm0_x.cab
    O16 - DPF: Yahoo! Go Fish (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: Yahoo! Bingo (YInstStarter Class) - http://download.yahoo.com/games/clients/y/xs0_x.cab
    O16 - DPF: Yahoo! Blackjack (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/movieplace.cab

    Let me know if you need anything else. Got to go to the tanning bed, will check back in about an hour!!!!
     
  9. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi lusimon

    Run hijackthis again and delete these :-

    R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL (file missing)

    O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H

    O2 - BHO: (no name) - {388D7EBB-CBB9-4126-8DB2-86DC6863A206} - C:\WINDOWS\IEXPLORR11.DLL
     
  10. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Also these :-

    O2 - BHO: (no name) - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - (no file)

    O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)

    O2 - BHO: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)

    O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file)

    steam
     
  11. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    Hi there Steam: First of all-thank you so much for all your help. I deleted what you said to . Here is the log again. Do you see anything else on there that needs to be deleted? What's that Xjupiter thing? I told ya I was ignorant when it came to stuff like this. Also, would this also solve when a second window opens up and I maximize it, will the whole window maximize?

    Logfile of HijackThis v1.91.2
    Scan saved at 6:05:41 PM, on 2/1/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.xupiter.com/search2.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.bellsouth.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=cons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.xupiter.com/search2.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://search.ieplugin.com/q.cgi?q=%s
    R3 - Default URLSearchHook is missing
    F1 - win.ini: load=c:\oplimit\ocraware.exe
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
    O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    O4 - HKLM\..\Run: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
    O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
    O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! PagerLite (Shockwave Flash Object) - http://jpager.yahoo.com/jpager/y/pg5_x.cab
    O16 - DPF: Yahoo! Spades (Shockwave Flash Object) - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
    O16 - DPF: Yahoo! Checkers (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/ks0_x.cab
    O16 - DPF: Yahoo! Towers 2.0 (Shockwave ActiveX Control) - http://yog18.yahoo.com/yog/y/ywm0_x.cab
    O16 - DPF: Yahoo! Go Fish (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: Yahoo! Bingo (YInstStarter Class) - http://download.yahoo.com/games/clients/y/xs0_x.cab
    O16 - DPF: Yahoo! Blackjack (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/movieplace.cab

    Is there anything else I should get rid of??? Again, thank you for helping me!!!!!
     
  12. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    You had Xupiter and got rid of it with spybot

    Then somewhere between posting your first hijackthis log and your second hijackthis log you picked up Xupiter again

    You also have downloadware again

    Please run spybot again

    You also removed one you should not have

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL

    Now I suspect your yahoo toolbar will not work (not a big problem, you can always install it again)

    Go to Tools/internet options/advanced and untick these two
    "enable install on demand (internet explorer)"
    "enable install on demand (other)"
     
  13. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    Hi Steam, thanks so much. The yahoo toolbar is no big deal..... Did you see anything else that could cause a problem? Sorry to be such a pain. I do appreciate all the help you have given me.
    My daughter could be part of this. Who knows.

    Thanks again and if you see anything else, please, please let me know!!!!!

    lu
     
  14. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Do everything I've said above and then post another hijackthis log

    restart your computer before posting the new log

    steam
     
  15. lusimon

    lusimon Thread Starter

    Joined:
    Jan 25, 2003
    Messages:
    70
    Hi Again, OK, I think I have done everything you said, here it is:

    Logfile of HijackThis v1.91.2
    Scan saved at 8:33:11 PM, on 2/1/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.xupiter.com/toolbar2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?s=cons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.ieplugin.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.ieplugin.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://search.ieplugin.com/q.cgi?q=%s
    R3 - Default URLSearchHook is missing
    F1 - win.ini: load=c:\oplimit\ocraware.exe
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [cpqns] c:\compaq\cpqinet\cpqnpcss.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
    O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
    O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    O4 - HKLM\..\Run: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! PagerLite (Shockwave Flash Object) - http://jpager.yahoo.com/jpager/y/pg5_x.cab
    O16 - DPF: Yahoo! Spades (Shockwave Flash Object) - http://download.games.yahoo.com/games/clients/y/st2_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab
    O16 - DPF: Yahoo! Checkers (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/ks0_x.cab
    O16 - DPF: Yahoo! Towers 2.0 (Shockwave ActiveX Control) - http://yog18.yahoo.com/yog/y/ywm0_x.cab
    O16 - DPF: Yahoo! Go Fish (Shockwave ActiveX Control) - http://download.games.yahoo.com/games/clients/y/zt0_x.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: Yahoo! Bingo (YInstStarter Class) - http://download.yahoo.com/games/clients/y/xs0_x.cab
    O16 - DPF: Yahoo! Blackjack (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Tic-Tac-Toe (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/ft0_x.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22bb0c6e875624929817/netzip/RdxIE2.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37609.6121990741
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} (Installer2 Class) - http://download.mediacharger.com/movieplace.cab
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/116191

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice