Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Popup pages won't load, error out??

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Popup pages won't load, error out??

Old 07-17-04, 03:28 AM
  #1  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
Popup pages won't load, error out??

Ok sorry if the title sounds lame its hard to describe whats happening.

When I am on a site like Macys.com for example and try to zoom in on a picture, which would require another window to open up with the zoomed picture, the page doesn't load at all. It doesn't give an error message or anything, the window is open but no content. Every site I visit is like that, my computer won't allow another window to open up with the main window.

I am running XP and using AOL 8.0. I tried adjusting the AOL popup controls and that isn't working.

I have also ran Ad-Aware, Spysweeper,Spybot and an AOL Spyware remover, in case it was a spyware related issue, and I have spyware that won't delete I am not sure if this is contribing to the problem.

Any help is appreciated.

Last edited by animalmystic; 07-17-04 at 03:30 AM.
Old 07-17-04, 01:54 PM
  #2  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
try the following:

Close AWOL, Internet Explorer and OutlookExpress
Run each line individually. After each run, you should see a short message stating the command was successful.

Click Start, and then click Run.
In the Open box, type:

regsvr32 Shdocvw.dll

regsvr32 Shell32.dll (only applicable to Windows ME, Windows 2000 and XP - if using an earlier operating system, run regsvr32 shdoc401.dll)

regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll

If the above doesn't work then try holding down the "SHIFT" or "CTRL" key as you click on the link(for the new window)

See if that solves the problem

As for spyware, dowload and run Hijackthis (can be found at majorgeeks.com or a search engine).
Run Hijack this. Click Scan, when finished the scan button with turn to "save log". Save the log to your harddrive and then open the log with Notepad (Make sure to un-check the box that says to open with this program with this filetype). Copy and paste the contents of the log here

Last edited by 68ShelbyGT500KR; 07-17-04 at 01:58 PM.
Old 07-18-04, 12:44 AM
  #3  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
Thank you for the reply much appreciated!

I am going to try this now and see what happens, I will post the results
Old 07-18-04, 01:03 AM
  #4  
Super Moderator
 
RandyC's Avatar
 
Join Date: Aug 1999
Location: shine on you crazy diamond
Posts: 26,038
Likes: 0
Received 0 Likes on 0 Posts
And we never hear from animalmystic ever again....

Old 07-18-04, 01:21 AM
  #5  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by 68ShelbyGT500KR
try the following:

Close AWOL, Internet Explorer and OutlookExpress
Run each line individually. After each run, you should see a short message stating the command was successful.

Click Start, and then click Run.
In the Open box, type:

regsvr32 Shdocvw.dll

regsvr32 Shell32.dll (only applicable to Windows ME, Windows 2000 and XP - if using an earlier operating system, run regsvr32 shdoc401.dll)

regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll

If the above doesn't work then try holding down the "SHIFT" or "CTRL" key as you click on the link(for the new window)

See if that solves the problem

As for spyware, dowload and run Hijackthis (can be found at majorgeeks.com or a search engine).
Run Hijack this. Click Scan, when finished the scan button with turn to "save log". Save the log to your harddrive and then open the log with Notepad (Make sure to un-check the box that says to open with this program with this filetype). Copy and paste the contents of the log here

Ok I ran all those like you said, they said successful, but the pages are still not loading.

I also tried the shift and ctl key, didn't work either.

Ok DL and ran Hijak this, here are the results

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [YDZ] C:\documents and settings\animalmystic\local settings\temp\YDZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSV1_0385i.exe] "C:\WINDOWS\System32\MSV1_0385i.exe"
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {26BD027B-64BB-45C0-91E3-499BC55C448B} - (no file) (HKCU)
O13 - DefaultPrefix:
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/420/online.chm::/on-line.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98A51FA0-CD5C-4A1C-ACA1-BE27FCBC9DD5}: NameServer = 198.81.16.4
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll
Old 07-18-04, 01:31 AM
  #6  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
Also getting this error all the time out of the middle of nowhere

SHDocVwCtl.WebBrowser
Old 07-18-04, 07:34 AM
  #7  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
Must be running a Dell Machine, huh?
This Process should take 10-15 minutes.
Instructions on how to configure are at the bottom of the post
1)Configure AdAware forFullScan mode, then
2)Disable System Restore, then
3)Boot to safe mode

Once in Safe Mode
1)Run AdAware in FullScan mode

2)RunHiJackThis Again and let it fix/delete these Items


R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O4 - HKLM\..\Run: [YDZ] C:\documents and settings\animalmystic\local settings\temp\YDZ.exe
O4 - HKCU\..\Run: [monitor] monitor.exe
O13 - DefaultPrefix:
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {11120607-1001-1111-1000-110199901123} -ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/420/online.chm::/on-line.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/act...ol_v1-0-3-9.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98A51FA0-CD5C-4A1C-ACA1-BE27FCBC9DD5}: NameServer = 198.81.16.4
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll


Make sure sure uncheck the safemode option in "msconfig" upon completion of this exersise to enter Xp Normally

Boot into Windows XP Normally
Run Adaware, and HiJackThis (post the new log here)
When Clean,you can re-enable system Restore


1) ADAWARE 6.181
In Ad-aware click the Gear to go to the Settings area.

The following items should be on a green check, not on a red X.

Under the Scanning button:

Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Advanced button, check ALL under Log detail level (this makes it easier for

visitors to the Lavasoft Support Forums to see what options you have selected should you

require assistance.)

Under the Tweak button...

Some of these may not be an available option, depending on your version of Ad-aware and your

version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:

Unload recognized processes during scanning

Include info about ignored objects in logfile, if detected in scan

Include basic Ad-aware settings in logfile

Include additional Ad-aware settings in logfile

Include used command line parameters in logfile


In Cleaning Engine:

XP/2000: Allow unloading explorer to unload shell extensions prior to deletion

Let Windows remove files in use at next reboot

UNCHECK: Automatically try to unregister objects prior to deletion


Click Proceed to save these settings. When you would like to perform a "Full Scan," switch

the scan mode from SmartScan to Custom.



2)SYSTEM RESTORE IN XP:
To turn off Windows XP System Restore

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore" or "Turn off System Restore on all drives" check

box.
5.Click Apply. The a confirmation message appears.
6. This will delete all existing restore points. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do. For example, removing viruses. Restart the computer and

follow the instructions in the next section to turn on System Restore.


3)Entering Safemode the Easy way (or you can use F8 at startup)
Click on Start,
then Run.
In the Run dialog box type "msconfig" and press enter to start the MSCONFIG utility
click on the Boot.ini tab you will see some checkboxes at the bottom under Boot Options.

Click the checkbox next to /SAFEBOOT and select Minimal.

Last edited by 68ShelbyGT500KR; 07-18-04 at 07:43 AM.
Old 07-18-04, 07:57 AM
  #8  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by animalmystic
Also getting this error all the time out of the middle of nowhere

SHDocVwCtl.WebBrowser
That is an IE related error from what I see, first do the System Cleanup
Old 07-18-04, 02:25 PM
  #9  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by 68ShelbyGT500KR
Must be running a Dell Machine, huh?
This Process should take 10-15 minutes.
Instructions on how to configure are at the bottom of the post
1)Configure AdAware forFullScan mode, then
2)Disable System Restore, then
3)Boot to safe mode

Once in Safe Mode
1)Run AdAware in FullScan mode

2)RunHiJackThis Again and let it fix/delete these Items


R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O4 - HKLM\..\Run: [YDZ] C:\documents and settings\animalmystic\local settings\temp\YDZ.exe
O4 - HKCU\..\Run: [monitor] monitor.exe
O13 - DefaultPrefix:
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {11120607-1001-1111-1000-110199901123} -ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/420/online.chm::/on-line.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/act...ol_v1-0-3-9.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98A51FA0-CD5C-4A1C-ACA1-BE27FCBC9DD5}: NameServer = 198.81.16.4
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll


Make sure sure uncheck the safemode option in "msconfig" upon completion of this exersise to enter Xp Normally

Boot into Windows XP Normally
Run Adaware, and HiJackThis (post the new log here)
When Clean,you can re-enable system Restore


1) ADAWARE 6.181
In Ad-aware click the Gear to go to the Settings area.

The following items should be on a green check, not on a red X.

Under the Scanning button:

Scan within archives

Under Memory & Registry, Check EVERYTHING

In Check Drives & Folders, make sure all of your hard drives are selected

Under the Advanced button, check ALL under Log detail level (this makes it easier for

visitors to the Lavasoft Support Forums to see what options you have selected should you

require assistance.)

Under the Tweak button...

Some of these may not be an available option, depending on your version of Ad-aware and your

version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:

Unload recognized processes during scanning

Include info about ignored objects in logfile, if detected in scan

Include basic Ad-aware settings in logfile

Include additional Ad-aware settings in logfile

Include used command line parameters in logfile


In Cleaning Engine:

XP/2000: Allow unloading explorer to unload shell extensions prior to deletion

Let Windows remove files in use at next reboot

UNCHECK: Automatically try to unregister objects prior to deletion


Click Proceed to save these settings. When you would like to perform a "Full Scan," switch

the scan mode from SmartScan to Custom.



2)SYSTEM RESTORE IN XP:
To turn off Windows XP System Restore

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore" or "Turn off System Restore on all drives" check

box.
5.Click Apply. The a confirmation message appears.
6. This will delete all existing restore points. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do. For example, removing viruses. Restart the computer and

follow the instructions in the next section to turn on System Restore.


3)Entering Safemode the Easy way (or you can use F8 at startup)
Click on Start,
then Run.
In the Run dialog box type "msconfig" and press enter to start the MSCONFIG utility
click on the Boot.ini tab you will see some checkboxes at the bottom under Boot Options.

Click the checkbox next to /SAFEBOOT and select Minimal.
Great! Thanks again for the help, much appreciated!!!!!

I am going to try this now



Must be running a Dell Machine, huh?

You are VERY good!
Old 07-18-04, 02:40 PM
  #10  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by animalmystic
Great! Thanks again for the help, much appreciated!!!!!

I am going to try this now
Must be running a Dell Machine, huh?

You are VERY good!

This is the line that told me it *should* be a Dell System
O4HKLM\..\Run:[DVDSentry]C:\WINDOWS\System32\DSentry.exe


Just curious, and a little off topic, why are you using AWOL? I figure for the $$ you can go DSL without all the bloated sotware that AWOL "forces" on you.
Are you on Dialup, DSL or Cable?
AWOL uses its internal, branded Intenet Explorer as the browser unless it has changed recently. In order to use another browser , you still would have to dial into AWOL as you usually would, but after you get connected, you can open another browser such as Firefox or Mozilla.
Old 07-18-04, 06:03 PM
  #11  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
This is the line that told me it *should* be a Dell System
O4HKLM\..\Run:[DVDSentry]C:\WINDOWS\System32\DSentry.exe
You are rellllly good!


Just curious, and a little off topic, why are you using AWOL? I figure for the $$ you can go DSL without all the bloated sotware that AWOL "forces" on you.Are you on Dialup, DSL or Cable? AWOL uses its internal, branded Intenet Explorer as the browser unless it has changed recently. In order to use another browser , you still would have to dial into AWOL as you usually would, but after you get connected, you can open another browser such as Firefox or Mozilla.
AWOL? Meaning AOL? (sorry not sure what the W means) If so then yes.

I have actually looked into getting highspeed (currently dialup ) just looking for the best price in my area, looks like it might be Qwest or Comast.

Ok I did everything you said and here is the new Hijak log:

Logfile of HijackThis v1.98.0
Scan saved at 2:48:31 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CasinoOnline\CsRemnd.exe
C:\WINDOWS\System32\mcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MSV1_0385i.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\ANIMALMYSTIC\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://eegohi.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {88067875-FC3D-4087-93AB-88A4E1B8FE80} - C:\WINDOWS\System32\iibef.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSV1_0385i.exe] "C:\WINDOWS\System32\MSV1_0385i.exe"
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {26BD027B-64BB-45C0-91E3-499BC55C448B} - (no file) (HKCU)
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll
O18 - Filter: text/plain - {A6110330-073B-4B62-B768-C8F22619FB25} - C:\WINDOWS\System32\iibef.dll

Monitor.exe message/error has stopped.

The windows problem are still not opening though

I just wanted to say thanks again for all your help!!!
Old 07-18-04, 09:09 PM
  #12  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
Have System Restore turned off until everything is cleared!!

Run an online trojan scanner and see if it picks up this item(scagent.exe)
Online trojan Scanners:
http://housecall.trendmicro.com/hous...start_corp.asp
http://www.pandasoftware.com/activescan/
http://security.symantec.com/sscv6/v...23&pkj=KZSLRHY

TINMHDKDCWLL
if all else fails, try this 30day demo
http://www.simplysup.com/tremover/download.html

Look in the control Panel >add remove programs and see if AOL or yahoo Companion is listed,

if so remove it. (could be cause the no window problem)
Also remove Spysweeper...I don't know why there are 2 entries in Running Processes dept)
Go to Safe Mode and Run Adaware, HiJackThis and CWShredder Download for CWShredder:

http://www.majorgeeks.com/download4086.html

Do a search(find files) for notepad (with no extension)
Make sure these are not hidden files in Wndows Explorer>Tools>Folder Options>View tab
C:\WINDOWS\system32
C:\WINDOWS\
Right click on the notepad.exe and select properties, file size should read
64.5 KB (66,048 bytes)
68.0 KB (69,632 bytes)
Version tab Must say Microsoft as the company.
any other notepad.exe or any other extension needs to be deleted
Extract a good MS Copy from your CD

RunAdaware, HiJackTHis and CWS in Safe Mode as per ealier instructions
let Hijackthis fix the below items:
C:\WINDOWS\system32\scagent.exe (trojan)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

file://C:\DOCUME~1\ANIMAL~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

http://eegohi.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O2 - BHO: (no name) - {88067875-FC3D-4087-93AB-88A4E1B8FE80} - C:\WINDOWS\System32\iibef.dll

O4 - HKCU\..\Run: [MSV1_0385i.exe] "C:\WINDOWS\System32\MSV1_0385i.exe"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {26BD027B-64BB-45C0-91E3-499BC55C448B} - (no file) (HKCU)
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} -

C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll
O18 - Filter: text/plain - {A6110330-073B-4B62-B768-C8F22619FB25} -

C:\WINDOWS\System32\iibef.dll



C:\WINDOWS\System32\MSV1_0385i.exe ( I don't know what this item is for)
Right click on the file and select Properties>Version tab...Does it sound like a legit

company??? If not delete and rename in Safe Mode.


Re-Post your new log and tes tthe New Window, Also try CTRL N to open a new window (Hold

down the CTRL key and click N)


Be Patient with this process, some things are very stubborn to remove.

After everything is cleared, Protect yourself!
Old 07-21-04, 12:21 AM
  #13  
Suspended
Thread Starter
 
Join Date: Oct 2003
Location: Seattle
Posts: 1,385
Likes: 0
Received 0 Likes on 0 Posts
68ShelbyGT500KR YOU ARE THE MAN! (or woman, sorry I don't know)

If I could I would buy you a beer or 2!

Trojan eliminated!
Windows functioning as normal!
Computer processing faster.

All seems to be working well

THANKS AGAIN!!! For all your help it is much appreciated!!!

Here is the current list though, just to make sure:

Logfile of HijackThis v1.98.0
Scan saved at 9:20:41 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CasinoOnline\CsRemnd.exe
C:\WINDOWS\System32\mcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\ANIMALMYSTIC\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{98A51FA0-CD5C-4A1C-ACA1-BE27FCBC9DD5}: NameServer = 198.81.17.4
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll
Old 07-21-04, 08:47 PM
  #14  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
animalmystic,

Good to hear your system is running better. Keep System Restore off until these 3 items are cleared!!
I am male. The Shelby is in reference to my ex-car, I can't afford ($60-85,000) one now. Here is what it looked like, RAW American Muscle http://www.thecarsource.com/shelby/1...gt500kr-s.html



3 lines in HijackThis need to be cleared up (Mr. trojan is lurking)

These 2 lines need to be removed!!!! (part of the Trojan)
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll

This running Process needs to be removed
C:\WINDOWS\system32\scagent.exe (part of the Trojan team for the above "018" entries from HiJackThis)

Instructions:

Boot To Safe Mode

Item 1: When in SafeMode, do a ctrl alt del to bring up the task manager, make sure "scagent" is NOT listed. If it is highlight it and click on the "end process Button.

In Windows explorer, navigate to C:\WINDOWS\system32\scagent.exe and delete the file. If it won't delete,then right click on the File and select Properties>un check "read only"...change to archive> Click "OK. Then try to delete.

If it still will not delete, try to move to the desktop, then delete.


Item 2:

Click on the Start Button>Run>type in "regsvr32 /u msxword.dll" (without the quotes). It will give you a dll unregistered confirmation box, if done correctly

Next do the same as above but type in "regsvr32 /u httpfilter.dll"

Copy and paste into the run box if need be for the above

Next,open Windows Explorer and paste each of these lines in the address bar or navigate to these locations:
C:\WINDOWS\System32\msxword.dll and delete the file, then
C:\WINDOWS\httpfilter.dll and delete the file

(any delete errors, change the attribute from read only to archive)



When finished with the above, go to regedit via Start>run>type in "regedit" without the quotes:
Backup each location if found by File>Export PRIOR to deletion in REGEDIT. Name the file what ever you desire.

Copy and paste the each line seperately via Edit>Find command
53B95211-7D77-11D2-9F81-00104B107C96 delete if found
EE7A946E-61FA-4979-87B8-A6C462E6FA62 delete if found

If found, delete, AFTER the FILE>Export...just in case!! Protect yourself

Reboot to Windows Normally. Run adaware, CWShredder and HijackThis when in normal Windows. The following lines *should* NOT be in HijackThis.

Running Process C:\WINDOWS\system32\scagent.exe
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll


Is the New Windows problem taken care of now or are you still not getting a new Window in IE/FireFox.

Are you sure McAfee is set to do a full scan, scan inside compressed (zipped) files?

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.