in IE - revolting. Please help

By runthroughfire ยท 20 replies
Aug 10, 2005
  1. Hi

    IE pops out the attached [now removed] revolting window, can't be resized, dragged or got rid of - have to shut down machine

    Am attaching my hijackthis log




    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. runthroughfire

    runthroughfire TS Rookie Topic Starter

    Fixed the O6 entries
    Tried to run trendmicro scan from IE, but IE still infected
    New HJT log attached

    Attached Files:

  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Looks like you did not run MS Antispyware!

    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    put HijackThis in e.g C:\HJT and NOT on your Desktop or in Temp!.

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Next, open Windows Task Manager.

    On Windows 95/98/ME, press CTRL+ALT+DELETE.
    On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
    Click the Processes tab, select the process (if there), click End Process for:

    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\WIRESS\rssfeed.exe
    C:\Program Files\LocalProxy\proxy4free.exe
    C:\Program Files\SHA256\secure.exe
    C:\Program Files\DSB\dsb.exe
    C:\Program Files\WIZZ\dazzler.exe
    C:\Program Files\Kaps\kaps_mm.exe
    C:\Program Files\AdsBlocker\stopAds.exe

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    C:\Program Files\WIRESS\rssfeed.exe
    C:\Program Files\LocalProxy\proxy4free.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1040
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WIRESS] C:\Program Files\WIRESS\rssfeed.exe
    O4 - HKLM\..\Run: [SHA256] C:\Program Files\SHA256\secure.exe
    O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
    O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\dsb.exe
    O4 - HKLM\..\Run: [WIZZ] C:\Program Files\WIZZ\dazzler.exe
    O4 - HKLM\..\Run: [Kaps] C:\Program Files\Kaps\kaps_mm.exe
    O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe
    O4 - Global Startup: BTTray.lnk = ?
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
    O15 - Trusted Zone: *
    O15 - Trusted Zone: *
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9BB65A-EEBF-451C-8C05-EDD8F2C640BD}: NameServer =
    O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
    Now click on the Fix Checked button in HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.
  5. mc68k

    mc68k TS Rookie

    I've got a problem very like this, sorry for digging up such an old post. Tis here pop up only came up when you connected to the internet early in the morning(BST) so I think my other problem could be closely linked to it. The info here helped me get rid of this pop up butmy internet connection still breaks every couple of minutes, after 8pm(BST). Obviously this gets very annoying. Just hope someone can help out if this is a virus.

    HJT log

    Anyone have any idea why my internet connection could be breaking so frequently(does it look like a virus/spyware)?
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  7. mc68k

    mc68k TS Rookie

    sorry seen the log file earlier in the post and thought I'd get away with it. :rolleyes: Well here it is attached this time, sorry for the mistake earlier. Oh yeah just for the record too, did the above but adsBlocker came back, dbs proxy4free and dazzler didn't.
    Any help much appreciated.

  8. Spike

    Spike TS Evangelist Posts: 2,168

    here's your problem, in part at least...

    Boot into safe mode, turn system restore OFF, and hit control alt delete. End any of the following processes should they be running...
    O4 - HKLM\..\Run: [Indexindicator] C:\WINDOWS\system32\Indexindicator.exe /check
    O4 - HKLM\..\Run: [MEMreaload] C:\Program Files\ServicePackFiles\MEMreaload.exe /checkmouse /updateratio
    O4 - HKLM\..\Run: [Suite] C:\WINDOWS\system32\SuiteOffices.exe /cleandb
    O4 - HKLM\..\Run: [Reload] C:\Program Files\ServicePackFiles\reload.exe /reloadenterpice
    O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\system32\Recalculate.exe /reloadenterpice
    O4 - HKLM\..\Run: [AdsBlocker] C:\Program Files\AdsBlocker\stopAds.exe

    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe

    Run a virus/trojan scan (see sticky in this forum).

    Run HJT, and let it fix any of the above entries should they exist,
    And of course, all 016 entries.
  9. mc68k

    mc68k TS Rookie

    Alright thanks spike that seems to have done the job. I'll just wait until tonight to see wether the internet connection continues to break and if the pop up comes back. Think its finally sorted.
  10. mc68k

    mc68k TS Rookie

    My internet connection still breaks after 8 at night, though none of the files are back from above. I've attached my hjt file, taken at night (now) when connection's breaking every couple of minutes.
  11. Spike

    Spike TS Evangelist Posts: 2,168

    The only thing that's wrong with that log is that there are now lots of entries with missing files that you should fix, if only because it makes the file easier to read.

    Other than that, as far as I can see your disconnections from the internet are caused by something other than what can be seen in your HJT log. The fact that it breaks after 8 in the night suggests that it's something other than spyware causing the problem.
  12. mc68k

    mc68k TS Rookie

    I fixed the missing file ones from hjt, any idea what I should be looking for as to why it would go off at certain times of the day? Cheers for all the help so far too.
  13. Shadowrunner

    Shadowrunner TS Rookie Posts: 106

    get firefox it blocks popups/annoying toolbars
    if that doesnt work
    or trend micro, remove all ur temp internet files. i maen EVERYTHING. back passwords/usernames up if need be -- just do it in notepad
  14. Spike

    Spike TS Evangelist Posts: 2,168

    It does - but that doesn't remove the problem. The only way to solve a spyware problem you already have is to remove the spyware. THEN it's a good idea to take preventative measures. The problem with those popups has been fixewd now though.

    as for the disconnecting, I don't have any idea at all. Maybe you could start a thread in storage and networking
  15. mc68k

    mc68k TS Rookie

    I'll check it out tonight, see if I can see the process that is run just as connection breaks to work it out.
  16. lizisonfire

    lizisonfire TS Rookie

    heya, i have the same pop-up and it's not very pretty. i tried to follow the advice up there ^ of RealBlackStuff and so deleted quite a few things.... it doesn't seem to have gone though =(

    can anyone please help me? my hijack this log is attached hopefully...
  17. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    See this post for reference: Use these HJT-instructions when asked
    The text underneath goes between the dotted lines of that post.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
    /P/ O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    /P/ O4 - HKLM\..\Run: [Indexindicator] C:\WINDOWS\SYSTEM\Indexindicator.exe /check
    /P/ O4 - HKLM\..\Run: [MEMreaload] C:\Program Files\ServicePackFiles\MEMreaload.exe /checkmouse /updateratio
    /P/ O4 - HKLM\..\Run: [Suite] C:\WINDOWS\SYSTEM\SuiteOffices.exe /cleandb
    /P/ O4 - HKLM\..\Run: [Reload] C:\Program Files\ServicePackFiles\reload.exe /reloadenterpice
    /P/ O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\SYSTEM\Recalculate.exe /reloadenterpice
    /P/U/ O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\RunServices: [VidSvr]
    /P/U/ O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O9 - Extra button: Freeserve - {659E8680-F8EA-11D3-83E4-C80559E5362D} - (file missing) (HKCU)
    Fix all your O16 - DPF: entries
  18. lizisonfire

    lizisonfire TS Rookie

    so far so good... it came up for a while but then i realised i hadn't deleted the temp files and so did it again. thankya very much x
  19. mc68k

    mc68k TS Rookie

    Still the internet connection continues to break at night, every about 5 mins or so, right through (from 7pm to 7am) every night. I posted in the network forum, but no luck as yet sorting out this problem. I still get the feeling it's the left overs from a virus or something. Any way I took a screen shot exactly as the internet connection was broken of the task manager, hope this can help lead to the solution, not honestly sure if it helps, but just incase nayone recognises any of the processes, or what my next step should be.

    Cheers for any help

    Edit couldn't attach the file, it's bmp so should be ok, though was getting standard can't find server, can't display page error in IE and a popup error in firefox saying document contains no data. I'll try posting again later.
  20. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    If you are on dial-up, try another ISP. You may also have set your timeout/disconnect after being idle for 5 minutes or so.
    If you are on broadband, sort it with your ISP.
  21. mc68k

    mc68k TS Rookie

    it would appear I fixed the problem, the answer might make more sense to you tech minded people rather than myself(software engineer). Originally the internet connection was a half Mb connection, got upgraded automatically by the isp to a 1.1 (the max we could get on the line). There's 2 phones in the house, at the start with the smaller line didn't need microfilter on the one upstairs, though just before I rung to find out realised with the increased traffic in the evening, having no microfilter on second phone socket could be causing connection to drop. I plugged it in, connection hasn't dropped since. Seems like it's fixed it.

    Cheers for all the help.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...