Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Closes Automatically After Just A Few Seconds


  • This topic is locked This topic is locked
11 replies to this topic

#1 tdh814

tdh814

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 12 November 2006 - 11:06 AM

Hello,

For the past few days Internet Explorer closes anytime I try to open it after just a few seconds. Typically the page doesn't completely load and I get an error message which says, "Microsoft Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." And it says that an error report has been created.

I have tried repairing IE but that did not help. I recently installed CA's Internet Security suite, updated and ran the anti-spyware and anti-virus programs. I also updated and ran Adaware within the past 24 hours. My computer has been running slower and sometimes hangs so that I am forced to reboot. Please take a look at my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:00:29 AM, on 11/12/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\ISAFE.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXCFG.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXPOL.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\PPRT\BIN\ITMRTSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PRO 9.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CCTRAY\CCTRAY.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\CAVRID.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA PERSONAL FIREWALL\CAPFAEM.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPAM\QSP-5.0.418.0\QOELOADER.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXFWHLP.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\PICTUREPROJECT\NKBMONITOR.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA PERSONAL FIREWALL\CAPFSEM.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\BIN\MPBTN.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPYWARE\CAPPACTIVEPROTECTION.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vglh27b0.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vglh27b0.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\CAINTE~1\CAANTI~3\VETMSG.EXE
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] c:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] c:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPAM\QSP-5.0.418.0\QOELoader.exe"
O4 - HKLM\..\Run: [UmxFwHlp] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O4 - HKLM\..\Run: [UmxAgent] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Launcher.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O4 - HKLM\..\RunServices: [UmxFwHlp] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe /oneshot
O4 - HKLM\..\RunServices: [UmxCfg] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O4 - HKLM\..\RunServices: [UmxPol] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - User Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {74C854E0-42CA-11D4-AC76-00D0B7796A4A} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/sa/us/common/bin/cabsa.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/dell/site/PCPitStop.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

Thanks in advance for your help.
Ron

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 22 November 2006 - 04:17 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tdh814

tdh814
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 26 November 2006 - 03:12 AM

Hello Sam,

Thanks for helping. Yes I am still having problems. Here is a fresh log:

Logfile of HijackThis v1.99.1
Scan saved at 3:03:45 AM, on 11/26/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\ISAFE.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXPOL.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\PPRT\BIN\ITMRTSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CCTRAY\CCTRAY.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\CAVRID.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA PERSONAL FIREWALL\CAPFAEM.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPAM\QSP-5.0.418.0\QOELOADER.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXFWHLP.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXAGENT.EXE
C:\PROGRAM FILES\SCANSOFT\TEXTBRIDGE PRO 9.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\PAGIS\MONITOR.EXE
C:\PROGRAM FILES\NIKON\PICTUREPROJECT\NKBMONITOR.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\BIN\MPBTN.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXCFG.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPYWARE\CAPPACTIVEPROTECTION.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA PERSONAL FIREWALL\CAPFSEM.EXE
C:\WINDOWS\TEMP\0X22451168\99F64E87-1E80-4E55-9F25-BF85270C348A\USETUP.EXE
C:\WINDOWS\TEMP\0X22451168\64ED5CAD-5780-4AD9-A42F-73351B102FFB\ASPYUPDATER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\TEMP\0X22451168\F6FE1BDF-DC5C-4F21-9F54-B97AB4A410CE\USETUP.EXE
C:\WINDOWS\TEMP\0X22451168\D91D5CAC-61F6-4AEF-AD4B-D8B1FB7776FD\USETUP.EXE
C:\WINDOWS\TEMP\0X22635380\99F64E87-1E80-4E55-9F25-BF85270C348A\USETUP.EXE
C:\WINDOWS\TEMP\0X22635380\64ED5CAD-5780-4AD9-A42F-73351B102FFB\ASPYUPDATER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\TEMP\0X22BA2DE0\99F64E87-1E80-4E55-9F25-BF85270C348A\USETUP.EXE
C:\WINDOWS\TEMP\0X22BA2DE0\64ED5CAD-5780-4AD9-A42F-73351B102FFB\ASPYUPDATER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\TEMP\0X22BA2DE0\F6FE1BDF-DC5C-4F21-9F54-B97AB4A410CE\USETUP.EXE
C:\WINDOWS\TEMP\0X22C95C98\99F64E87-1E80-4E55-9F25-BF85270C348A\USETUP.EXE
C:\WINDOWS\TEMP\0X22C95C98\64ED5CAD-5780-4AD9-A42F-73351B102FFB\ASPYUPDATER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\TEMP\0X22C95C98\F6FE1BDF-DC5C-4F21-9F54-B97AB4A410CE\USETUP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vglh27b0.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vglh27b0.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\CAINTE~1\CAANTI~3\VETMSG.EXE
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] c:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] c:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPAM\QSP-5.0.418.0\QOELoader.exe"
O4 - HKLM\..\Run: [UmxFwHlp] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O4 - HKLM\..\Run: [UmxAgent] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Launcher.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O4 - HKLM\..\RunServices: [UmxFwHlp] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe /oneshot
O4 - HKLM\..\RunServices: [UmxCfg] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O4 - HKLM\..\RunServices: [UmxPol] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - User Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {74C854E0-42CA-11D4-AC76-00D0B7796A4A} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/sa/us/common/bin/cabsa.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/dell/site/PCPitStop.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

Ron

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 26 November 2006 - 08:11 PM

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.
Delete everything that is within this folder, but not the folder itself.

C:\WINDOWS\TEMP


Reboot back into normal mode.


Please download Bit Defender 8 Free Edition
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 tdh814

tdh814
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 27 November 2006 - 09:22 AM

OK, here is the log from the BitDefender scan:


//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 27/11/2006 02:27:11
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 2769
Files : 162425
Archives : 875
Packed files : 25450
Identified viruses : 0
Infected files : 0
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 4
Scan time : 01:10:10
Scan speed (files/sec) : 38

Virus definitions : 319136
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 5
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report


Still having issues with IE closing but I assume you figured that already. Please forgive my ignorance, but does deleting the files in the Temp folder in Safe Mode different than deleting in Normal Mode? (I'm trying to educate myself.)

Ron

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 27 November 2006 - 05:24 PM

It can be difficult to delete some files in normal mode because they are in use. Once you reboot into safe mode, those files are easily deleted.

Bit Defender came back clean.
Let's try another one just to be sure that you're clean.

Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 tdh814

tdh814
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 November 2006 - 12:42 AM

Sam,

Counterspy did find a few things, as you can see:

Spyware Scan Details
Start Date: 11/27/06 9:40:35 PM
End Date: 11/27/06 10:25:29 PM
Total Time: 44 mins 54 secs

Detected spyware

IEPlugin Adware (General) more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Deleted

Infected files detected
c:\windows\extract.exe


FunWebProducts Potentially Unwanted Program more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted

Infected files detected
c:\Windows\SYSTEM\Popular Screensavers.scr

Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Program Files\FunWebProducts\Shared\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products JpegConversionLib C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Program Files\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_en.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CacheDir C:\Program Files\FunWebProducts\Installr\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer Dir C:\Program Files\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer Dir C:\Program Files\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CacheDir C:\Program Files\FunWebProducts\Installr\Cache\


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CURRENT_USER\Software\MyWebSearch
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CLSID {3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 MyWebSearch Pseudo Transparent Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msmsgs.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches mwssrcas.dll 0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Toolbar *Uninstalled*
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1\CLSID {3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 MyWebSearch HTML Panel
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pid zuzeb004YYUS_undefined
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Dir C:\Program Files\MyWebSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar PluginPath C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar SettingsDir C:\Program Files\MyWebSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Id 38F13837-7B9F-11DA-AC79-00D0B7796A4A
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CacheDir C:\Program Files\MyWebSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar ConfigDateStamp 2006010221
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HTMLMenuRevision 106
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HistoryDir C:\Program Files\MyWebSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools PlayerPath "C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\m3SkPlay.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant pid zuzeb004YYUS_undefined
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant Dir C:\Program Files\MyWebSearch\SrchAstt\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant esh 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant lsp
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant Id 38F13839-7B9F-11DA-AC79-00D0B7796A4A
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant ConfigDateStamp 2006010221
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant ABS http://www.mywebsearch.com/jsp/cfg_redir2....&searchfor=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant DES http://www.mywebsearch.com/jsp/cfg_redir2....&searchfor=


PartyPoker Potentially Unwanted Program more information...
Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InstallState 0
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker AppPath C:\PROGRAM FILES\PARTYGAMING\PARTYGAMING.EXE
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker id
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InitialPort
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker useCount
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHEnableLog
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHLogDays
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHLogSize
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UserName
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker Password
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker Remember
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InitialIP
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ScreenName
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker TableType
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableSounds
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCardAnimations
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCongratulations
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCallOuts
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker DisableMouseHelp
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker FourColourDeck
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker DisableCharacters
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker MuckLosingHand
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker SearchHiding
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker BlackjackSounds
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker BlackjackVoice
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 1
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 2
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 3
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 4
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 5
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 6
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeFileDate
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeFile
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeInstalled


Cookie: Win-Spy Software Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\windows\cookies\default@doubleclick[1].txt


Also, here is a new HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:19 PM, on 11/27/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\ISAFE.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\PPRT\BIN\ITMRTSVC.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXCFG.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXPOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-VIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPAM\QSP-5.0.418.0\QOELOADER.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXFWHLP.EXE
C:\PROGRAM FILES\CA\SHAREDCOMPONENTS\HIPSENGINE\UMXAGENT.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\BIN\MPBTN.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA PERSONAL FIREWALL\CAPFSEM.EXE
C:\HJTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vglh27b0.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vglh27b0.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\CAINTE~1\CAANTI~3\VETMSG.EXE
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] c:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfaem] c:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-SPAM\QSP-5.0.418.0\QOELoader.exe"
O4 - HKLM\..\Run: [UmxFwHlp] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O4 - HKLM\..\Run: [UmxAgent] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY\CONSUMER\sunserver.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Launcher.exe
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O4 - HKLM\..\RunServices: [UmxFwHlp] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe /oneshot
O4 - HKLM\..\RunServices: [UmxCfg] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O4 - HKLM\..\RunServices: [UmxPol] c:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\SCANSOFT\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender8\bdinit.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - User Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {74C854E0-42CA-11D4-AC76-00D0B7796A4A} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/sa/us/common/bin/cabsa.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/dell/site/PCPitStop.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

Ron

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 28 November 2006 - 10:02 AM

Are you still having the same problems with IE?

You can go ahead and uninstall Bit Defender now. It's probably putting a bit of a strain on your system with CA's suite installed and running.


Do you have your Windows 98 disc?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 tdh814

tdh814
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 November 2006 - 11:16 PM

Yes, I am still having the same problem with IE closing. I uninstalled BitDefender. Not sure where my Windows 98 disc is...the computer is 5-6 years old so I'd have to look for the disc.

More background info that may or may not be of use...I had Norton AV but it was a few years old so I wanted to get a new program. When the subscription expired I planned on buying something more recent...which is how I ended up with CA's suite. (Little did I realize that many newer programs don't run on Win98.) In the month or so gap between my Norton AV subscription expiring and purchasing CA is when I got this problem.

CA's suite requires 256MB RAM...my computer only had 128MB. Since I had a free slot I purchased a 256MB chip (PNY 256S100), bringing my system up to 384MB.

This whole time, I am having problems with my system running slow (right now with Outlook and Firefox open it's at 27% free) and CA's Firewall doesn't work/not responding, meaning I end up closing it. I'm not sure if these problems are related/caused by the same issue plaguing IE or if I should return CA's suite. Do you have any comments on this?

Thanks again,
Ron

#10 tdh814

tdh814
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 November 2006 - 11:18 PM

Just wanted to add that CA's suite was one of the few options which was compatible with Win98.

Also, I am perplexed as to why CA's antispyware (which cost me money) did not detect the IEPlugin whereas Counterspy (free!) did.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 29 November 2006 - 08:27 PM

CA's suite is going to more focused on true viruses as opposed to spyware and adware. That's not to say it won't detect spyware, but that's not what it will be best at.

Unforunately your problem is exactly as you have described, an older system with an even older version of Windows. Microsoft won't support Windows 98 any longer and without the disc to restore any missing or corrupted files, our options are very limited.

Have you tried just uninstalling IE to revert back to an earlier version?

http://support.microsoft.com/kb/293907
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 14 December 2006 - 08:33 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users