1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

(Solved) Internet explorer only half working!

Discussion in 'Web & Email' started by RosCrowe, Oct 3, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. RosCrowe

    RosCrowe Thread Starter

    Joined:
    Oct 3, 2003
    Messages:
    9
    I run a windows 98 system, and I use Internet explorer.
    2 days ago my internet explorer stopped letting me search the web using Altavista, msn, yahoo, or Google. And on top of that My MSN messenger will not log in. I have checked all my settings, and ran a virus check, and adaware, I have cleaned the cache, cookies, and offline content, the temp internet files, and even reinstalled msn messenger.NO go.
    Could some one help me please.
    When i try to go to google it comes up with www.www.google.ca.com which then goes to ( my domain for sale or something) and when we search the others, it comes up page will not be displayed.
    Yet dogpile, and mysearch.com will work.
    I'm stuck.
     
  2. Miz

    Miz

    Joined:
    Jul 1, 2002
    Messages:
    2,146
    The symptoms you describe indicate the presence of a trojan horse, Trojan.Qhosts.

    More about it and a link to download a removal tool can be found on this Symantec page.
     
  3. dabwid

    dabwid

    Joined:
    Aug 3, 2003
    Messages:
    209
    Try to repair IE by going to Start>Programs>Accessories>System Tools>System Info>Tools, Then the top option should be repair IE, If that doesn't work try to reinstall IE from MicroSoft.
     
  4. RosCrowe

    RosCrowe Thread Starter

    Joined:
    Oct 3, 2003
    Messages:
    9
    *crys*
    neither of those worked
    but thanks guys
    I'm up for anything at this point
     
  5. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    RosCrowe
    Welcome to TSG!
    You may of been Hijacked if the other suggestions didn't work!

    Download and run HiJack This from link below and follow instructions to post results back here for review.
    http://www.tomcoyote.org/hjt/

    Dave
     
  6. RosCrowe

    RosCrowe Thread Starter

    Joined:
    Oct 3, 2003
    Messages:
    9
    ok here it is, somehow I'm thinking this is not a good looking one..... lol

    Logfile of HijackThis v1.97.2
    Scan saved at 6:22:51 PM, on 10/4/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ALIANT TELECOM\HIGH-SPEED CONNECTION\APP\ENTERNET.EXE
    C:\WINDOWS\DESKTOP\TERI\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 207.44.240.65 ads.x10.com
    O1 - Hosts: 207.44.240.65 images.x10.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
    O1 - Hosts: 207.44.240.65 images.trafficmp.com
    O1 - Hosts: 207.44.240.65 ads.specificpop.com
    O1 - Hosts: 207.44.240.65 ads.specificclick.com
    O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
    O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 media1.fastclick.net
    O1 - Hosts: 207.44.240.65 media19.fastclick.net
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media29.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
    O1 - Hosts: 207.44.240.65 www.satellitepop.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 z1.adserver.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 servedfor.valuead.com
    O1 - Hosts: 207.44.240.65 banners.valuead.com
    O1 - Hosts: 207.44.240.65 img.mediaplex.com
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 popuptraffic.com
    O1 - Hosts: 207.44.240.65 leader.linkexchange.com
    O1 - Hosts: 207.44.240.65 rad.msn.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
    O1 - Hosts: 207.44.240.65 a.tribalfusion.com
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.194.56 www.google.akadns.net
    O1 - Hosts: 207.44.194.56 www.google.com
    O1 - Hosts: 207.44.194.56 www.altavista.com
    O1 - Hosts: 207.44.194.56 altavista.com
    O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
    O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
    O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
    O1 - Hosts: 207.44.194.56 au.search.yahoo.com
    O1 - Hosts: 207.44.194.56 de.search.yahoo.com
    O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
    O1 - Hosts: 207.44.194.56 www.lycos.de
    O1 - Hosts: 207.44.194.56 www.lycos.ca
    O1 - Hosts: 207.44.194.56 www.lycos.jp
    O1 - Hosts: 207.44.194.56 www.lycos.co.jp
    O1 - Hosts: 207.44.194.56 alltheweb.com
    O1 - Hosts: 207.44.194.56 web.ask.com
    O1 - Hosts: 207.44.194.56 ask.com
    O1 - Hosts: 207.44.194.56 www.ask.com
    O1 - Hosts: 207.44.194.56 www.teoma.com
    O1 - Hosts: 207.44.194.56 search.aol.com
    O1 - Hosts: 207.44.194.56 www.looksmart.com
    O1 - Hosts: 207.44.194.56 ca.search.msn.com
    O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
    O1 - Hosts: 207.44.194.56 search.fr.msn.be
    O1 - Hosts: 207.44.194.56 search.fr.msn.ch
    O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
    O1 - Hosts: 207.44.194.56 search.msn.at
    O1 - Hosts: 207.44.194.56 search.msn.be
    O1 - Hosts: 207.44.194.56 search.msn.ch
    O1 - Hosts: 207.44.194.56 search.msn.co.in
    O1 - Hosts: 207.44.194.56 search.msn.co.jp
    O1 - Hosts: 207.44.194.56 search.msn.co.kr
    O1 - Hosts: 207.44.194.56 search.msn.com.br
    O1 - Hosts: 207.44.194.56 search.msn.com.hk
    O1 - Hosts: 207.44.194.56 search.msn.com.my
    O1 - Hosts: 207.44.194.56 search.msn.com.sg
    O1 - Hosts: 207.44.194.56 search.msn.com.tw
    O1 - Hosts: 207.44.194.56 search.msn.co.za
    O1 - Hosts: 207.44.194.56 search.msn.de
    O1 - Hosts: 207.44.194.56 search.msn.dk
    O1 - Hosts: 207.44.194.56 search.msn.es
    O1 - Hosts: 207.44.194.56 search.msn.fi
    O1 - Hosts: 207.44.194.56 search.msn.fr
    O1 - Hosts: 207.44.194.56 search.msn.it
    O1 - Hosts: 207.44.194.56 search.msn.nl
    O1 - Hosts: 207.44.194.56 search.msn.no
    O1 - Hosts: 207.44.194.56 search.msn.se
    O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
    O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
    O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
    O1 - Hosts: 207.44.194.56 search.yupimsn.com
    O1 - Hosts: 207.44.194.56 uk.search.msn.com
    O1 - Hosts: 207.44.194.56 search.lycos.com
    O1 - Hosts: 207.44.194.56 www.lycos.com
    O1 - Hosts: 207.44.194.56 www.google.ca
    O1 - Hosts: 207.44.194.56 www.google.uk
    O1 - Hosts: 207.44.194.56 www.google.co.uk
    O1 - Hosts: 207.44.194.56 www.google.com.au
    O1 - Hosts: 207.44.194.56 www.google.co.jp
    O1 - Hosts: 207.44.194.56 www.google.jp
    O1 - Hosts: 207.44.194.56 www.google.at
    O1 - Hosts: 207.44.194.56 www.google.be
    O1 - Hosts: 207.44.194.56 www.google.ch
    O1 - Hosts: 207.44.194.56 www.google.de
    O1 - Hosts: 207.44.194.56 www.google.se
    O1 - Hosts: 207.44.194.56 www.google.dk
    O1 - Hosts: 207.44.194.56 www.google.fi
    O1 - Hosts: 207.44.194.56 www.google.fr
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {59a8d520-d73e-11d7-892a-00055df4027d} - C:\WINDOWS\APPLICATION DATA\QUBRLLTRWJ.DLL
    O3 - Toolbar: uglchblllst - {59a8d521-d73e-11d7-892a-00055df4027d} - C:\WINDOWS\APPLICATION DATA\QUBRLLTRWJ.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\SYSTEM\LVCOMS.EXE
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.2922106481
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22154f8a235cd9d98120/netzip/RdxIE601.cab
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {1D870C86-AA3C-4451-81E4-71D480A1A652} - http://216.93.172.116/sub2bc.exe
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
     
  7. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Ros
    Your right it is not a very good looking one!:eek: ;)

    Give me a bit of time to work through it and I will post back on what to have HiJack This remove.

    Dave
     
  8. RosCrowe

    RosCrowe Thread Starter

    Joined:
    Oct 3, 2003
    Messages:
    9
    oh boy
    well I hope you can figure it out! and thanks a lot for all your help! :)
     
  9. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    RosCrowe

    Below are the items you need to select for having HiJack This fix.
    Rerun Hijack This and select the ones below and have HiJack fix them.
    Go slow in selecting since there are many of them.

    Restart system afterwards and you may have to reset your home page. Now try your search capability.


    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 207.44.240.65 ads.x10.com
    O1 - Hosts: 207.44.240.65 images.x10.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
    O1 - Hosts: 207.44.240.65 images.trafficmp.com
    O1 - Hosts: 207.44.240.65 ads.specificpop.com
    O1 - Hosts: 207.44.240.65 ads.specificclick.com
    O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
    O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 media1.fastclick.net
    O1 - Hosts: 207.44.240.65 media19.fastclick.net
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media29.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
    O1 - Hosts: 207.44.240.65 www.satellitepop.com
    O1 - Hosts: 207.44.240.65 count.exitexchange.com
    O1 - Hosts: 207.44.240.65 z1.adserver.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 servedfor.valuead.com
    O1 - Hosts: 207.44.240.65 banners.valuead.com
    O1 - Hosts: 207.44.240.65 img.mediaplex.com
    O1 - Hosts: 207.44.240.65 media28.fastclick.net
    O1 - Hosts: 207.44.240.65 media39.fastclick.net
    O1 - Hosts: 207.44.240.65 media.fastclick.net
    O1 - Hosts: 207.44.240.65 popuptraffic.com
    O1 - Hosts: 207.44.240.65 leader.linkexchange.com
    O1 - Hosts: 207.44.240.65 rad.msn.com
    O1 - Hosts: 207.44.240.65 view.atdmt.com
    O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
    O1 - Hosts: 207.44.240.65 a.tribalfusion.com
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.194.56 www.google.akadns.net
    O1 - Hosts: 207.44.194.56 www.google.com
    O1 - Hosts: 207.44.194.56 www.altavista.com
    O1 - Hosts: 207.44.194.56 altavista.com
    O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
    O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
    O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
    O1 - Hosts: 207.44.194.56 au.search.yahoo.com
    O1 - Hosts: 207.44.194.56 de.search.yahoo.com
    O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
    O1 - Hosts: 207.44.194.56 www.lycos.de
    O1 - Hosts: 207.44.194.56 www.lycos.ca
    O1 - Hosts: 207.44.194.56 www.lycos.jp
    O1 - Hosts: 207.44.194.56 www.lycos.co.jp
    O1 - Hosts: 207.44.194.56 alltheweb.com
    O1 - Hosts: 207.44.194.56 web.ask.com
    O1 - Hosts: 207.44.194.56 ask.com
    O1 - Hosts: 207.44.194.56 www.ask.com
    O1 - Hosts: 207.44.194.56 www.teoma.com
    O1 - Hosts: 207.44.194.56 search.aol.com
    O1 - Hosts: 207.44.194.56 www.looksmart.com
    O1 - Hosts: 207.44.194.56 ca.search.msn.com
    O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
    O1 - Hosts: 207.44.194.56 search.fr.msn.be
    O1 - Hosts: 207.44.194.56 search.fr.msn.ch
    O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
    O1 - Hosts: 207.44.194.56 search.msn.at
    O1 - Hosts: 207.44.194.56 search.msn.be
    O1 - Hosts: 207.44.194.56 search.msn.ch
    O1 - Hosts: 207.44.194.56 search.msn.co.in
    O1 - Hosts: 207.44.194.56 search.msn.co.jp
    O1 - Hosts: 207.44.194.56 search.msn.co.kr
    O1 - Hosts: 207.44.194.56 search.msn.com.br
    O1 - Hosts: 207.44.194.56 search.msn.com.hk
    O1 - Hosts: 207.44.194.56 search.msn.com.my
    O1 - Hosts: 207.44.194.56 search.msn.com.sg
    O1 - Hosts: 207.44.194.56 search.msn.com.tw
    O1 - Hosts: 207.44.194.56 search.msn.co.za
    O1 - Hosts: 207.44.194.56 search.msn.de
    O1 - Hosts: 207.44.194.56 search.msn.dk
    O1 - Hosts: 207.44.194.56 search.msn.es
    O1 - Hosts: 207.44.194.56 search.msn.fi
    O1 - Hosts: 207.44.194.56 search.msn.fr
    O1 - Hosts: 207.44.194.56 search.msn.it
    O1 - Hosts: 207.44.194.56 search.msn.nl
    O1 - Hosts: 207.44.194.56 search.msn.no
    O1 - Hosts: 207.44.194.56 search.msn.se
    O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
    O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
    O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
    O1 - Hosts: 207.44.194.56 search.yupimsn.com
    O1 - Hosts: 207.44.194.56 uk.search.msn.com
    O1 - Hosts: 207.44.194.56 search.lycos.com
    O1 - Hosts: 207.44.194.56 www.lycos.com
    O1 - Hosts: 207.44.194.56 www.google.ca
    O1 - Hosts: 207.44.194.56 www.google.uk
    O1 - Hosts: 207.44.194.56 www.google.co.uk
    O1 - Hosts: 207.44.194.56 www.google.com.au
    O1 - Hosts: 207.44.194.56 www.google.co.jp
    O1 - Hosts: 207.44.194.56 www.google.jp
    O1 - Hosts: 207.44.194.56 www.google.at
    O1 - Hosts: 207.44.194.56 www.google.be
    O1 - Hosts: 207.44.194.56 www.google.ch
    O1 - Hosts: 207.44.194.56 www.google.de
    O1 - Hosts: 207.44.194.56 www.google.se
    O1 - Hosts: 207.44.194.56 www.google.dk
    O1 - Hosts: 207.44.194.56 www.google.fi
    O1 - Hosts: 207.44.194.56 www.google.fr

    O2 - BHO: (no name) - {59a8d520-d73e-11d7-892a-00055df4027d} - C:\WINDOWS\APPLICATION DATA\QUBRLLTRWJ.DLL
    O3 - Toolbar: uglchblllst - {59a8d521-d73e-11d7-892a-00055df4027d} - C:\WINDOWS\APPLICATION DATA\QUBRLLTRWJ.DLL


    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22154f8a235cd9...ip/RdxIE601.cab
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/product...ldsDownload.cab
    O16 - DPF: {1D870C86-AA3C-4451-81E4-71D480A1A652} - http://216.93.172.116/sub2bc.exe


    Dave
     
  10. RosCrowe

    RosCrowe Thread Starter

    Joined:
    Oct 3, 2003
    Messages:
    9
    HURRAH!
    THank you! It worked! You're my new hero! lol

    oh but only one thing left lol sorry :S
    Everything works great except MSN messenger still wont sign in, I don't suppose you know how to fix that? How much fluttering of eyelashes will it take? lol
     
  11. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    RosCrowe
    Considering what your system just went through I think we came out OK!
    You might want to uninstall messenger and reinstall it now after the stuff was removed. Much of it must of also been affected by the garbage.

    Dave
     
  12. RosCrowe

    RosCrowe Thread Starter

    Joined:
    Oct 3, 2003
    Messages:
    9
    she is having the same problem I did a while ago
    She cant get into google, or messenger...this is her log file
    Logfile of HijackThis v1.97.2
    Scan saved at 9:55:29 PM, on 11/10/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SM56HLPR.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAMAS\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\LXSUPMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\OS MEUS DOCUMENTOS\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAMAS\CASIO\PHOTO LOADER\PLAUTO.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\OS MEUS DOCUMENTOS\STUFF FOR PC 33\HIJACKTHIS.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = %SEARCH_PAGE_URL%
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = %SEARCH_PAGE_URL%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = %START_PAGE_URL%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = %SEARCH_PAGE_URL%
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [VerificarRegisto] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [MonitorTarefas] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
    O4 - HKLM\..\Run: [GsiReboot] rundll32 gspndll.dll,postInstall requestReboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [RealTray] C:\Programas\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Os meus documentos\WinZip\WZQKPICK.EXE
    O4 - Startup: Photo Loader supervisory.lnk = C:\Programas\CASIO\Photo Loader\Plauto.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Oni (HKCU)
    O9 - Extra button: OniNet (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=
    O14 - IERESET.INF: START_PAGE_URL=
    O15 - Trusted Zone: http://www.zone.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://www.talkingbuddy.com/talkingbuddyinstall.exe
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37679.8745717593
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/bounce/install.cab

    If you could let me know what to get her to fix that would be great
    Thanks
    Ros
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ros, Davey asked me to take a look at this. I must say this might be harder to resolve as I see know obvious reasons for the problem.

    But for starters, try the following to remove some unnecessary startups. Put checks in the following HijackThis Scanlog entries and click "fix checked":

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = %SEARCH_PAGE_URL%

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = %SEARCH_PAGE_URL%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = %START_PAGE_URL%
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = %SEARCH_PAGE_URL%

    O4 - HKLM\..\Run: [LoadQM] loadqm.exe

    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

    Reboot afterwards

    Next, without opening Internet Explorer, go to the Internet applet in the Control panel.

    Select Internet Options and delete History, Cookies, Temporary Internet Files and offline content. On the Advanced and Security tabs click the "Default" options.

    Go to Add/Remove Programs and select Internet Explorer > Remove > Repair. This is to run the IE Repair tool.

    For good measure, go to Start>Run and enter:

    regsvr32 urlmon.dll

    For good measure go to Start > Run
     
  14. Shelob

    Shelob

    Joined:
    Aug 10, 2002
    Messages:
    180
    Thank you very much Rollin' Rog, you've helped me once again because I was the friend with the comp probs.
    I actually hadn't tried Messenger, but I couldn't access google, yahoo OR this forum, hence asking Ros to come here on my behalf. But it seems to be all working again, thanks to your advice!
    And thanks to Ros for intervening! :)
    Love Shelob
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Well that's good to hear! It was just kind of a buckshot approach so we won't know exactly what fixed it :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169334

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice