• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jahrim

HELP PLEASE!

9 posts in this topic

I am new to this, and I was reccommended to come here and check with you guys so hopefully you can help me.

 

So heres the problem:

 

Everytime I go to google, yahoo etc. and type in the search bar, it freezes. The same thing happens when I try and type in username and passwords at websites. I also freezes when I click buttons. For example, when I hit the button to submit my password and username (which also froze when I put those in) it froze AGAIn. It took me 5 minutes to log in here!!!:eek:. I have my hijack log below. Hopefully you guys can help.

 

Thanks a bunch in advance

 

 

Here is the log:

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:54:48 PM, on 6/3/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE

C:\PROGRAM FILES\XEROX\PAGIS\MONITOR.EXE

C:\PROGRAM FILES\XEROX\PAGIS\EREG\REMIND32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\NOTEPAD.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hispeed.rogers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hispeed.rogers.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Pagis Scheduler.lnk = C:\Program Files\Xerox\Pagis\Monitor.exe

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Xerox\Pagis\Ereg\REMIND32.EXE

O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0956419711e7f9...ip/RdxIE601.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: IEToolbarCab - http://www.animetoolbar.com/DailyToolbar.CAB

O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.008i.com//x//f//12802/msits.exe

Share this post


Link to post
Share on other sites

Hi,

 

Run your Hijack scan again and check all of the following entries, then click on 'FIX' ...

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html

 

O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.008i.com//x//f//12802/msits.exe

 

O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)

 

------>

 

Click on Start / Programs / Ms Dos Prompt

 

At the blinking cursor type the following commands and hit enter after each:

Deltree temp

Deltree tempor~1

 

You'll get a question from windows asking ' delete temporary internet files and all of it's subdirectories?' .... y/n choose y for YES, for both of them,

 

Note: this character ~ to the left of numeral 1 on keyboard,

 

See if it works better and post back,

 

;)

Share this post


Link to post
Share on other sites

Hey thanks starwaves for your help, but it didnt seem to work. The computer is still freezing when I hit buttons like "submit" or "add reply" Etc. When I post this, it freezes.

 

Thanks again, and I hope we can find a solution.

Share this post


Link to post
Share on other sites

now its only mainly doing it at a website i visit frequently called:

 

www.tournawiz.com

 

I run a tennis league, and it is vital for me to get into this website to create and post draws.

 

Thanks again for all your help...

Share this post


Link to post
Share on other sites

ok...so it started doing it again. It keeps freezing when ever i have to press a button on a webpage...please help!

 

Thanks

Share this post


Link to post
Share on other sites

i tried using both the spyware removal programs, it found some new stuff, and I fixed them, but the problem still occurs.

 

ANyhelp is greatly appritiated!

Share this post


Link to post
Share on other sites

Jahrim,

 

I'm not sure if you're still having that problem or not, but here's some info for you that might help.

 

I run two separate PCs. One with virus protection and a firewall, the other without either. They both run with identical operating systems, Win-98 second edition. So logically, all of my windows and systems files should remain the same on both machines.

 

The reason I do this is to trouble-shoot problems such as you're having. I had similar problems, with my browser freezing up, my home-page constantly resetting to something other than what I had it set for, and endless pop-ups telling me that spyware had been detected on my PC, and it could be cured for $29.95. The problem is, the guy CAUSING these pop-ups was most likely the same guy who planted the bug in my machine.

 

To find out why this was happening, I did a fresh re-install of Win-98 in two machines - - protected one, but not the other.

 

What I found was that certain web pages (usually 'adult' in nature), were trying to download two application files into my PC. They are: MSITS.EXE and MSHTA.EXE.

 

In my protected machine, these files slipped right by my virus software, but WERE caught by my firewall. Hence, you need both in order to protect your PC.

 

In the un-protected PC, I never even knew that anything had been downloaded. I was on a page that simply seemed to be loading slow - but my hard drive was humming away, writing something. And then the problems started.

 

I found that MSHTA.EXE is basically a "timer" which works with your system clock. It seems to determine a specific date and time to activate the other file, MSITS.EXE. The command-string in the timer-file, MSHTA.EXE, has the potential to be set as a variable. Anywhere from 0 days and 1 minute, to several months, hours, and days.

 

But once MSITS was set off, it changed four critical Windows files that are essential for smooth operation: AUTOEXEC.BAT; CONFIG.SYS; COMMAND.COM; and SYSTEM.INI. These four files were changed in my infected machine at the exact same time MSITS.EXE was executed. And no back-ups were saved.

 

Once MSITS runs, there seems to be no way in hell to get rid of it without a fresh re-install of your OS. I believe it embeds itself in the Registry itself.

 

Here's my recommendation: First, download a free Registry Checker to run a diagnostics on your PC. There are quite a few of them out there that will diagnose your problems, but won't repair them unless you buy the software. But you don't want to buy it - - you just want to see if you have any Registry problems.

 

If you do, save all your user files to disks or CDs, and then do a complete re-install of your OS. Then, go to http://www.grisoft.com and download their free virus software. It works great and doesn't cost anything.

 

THEN, go to http://www.zonealarm.com and download their free version of Firewall.

 

My protected PC hasn't had a problem since, and I believe this will solve your problems as well.

 

Bob

Share this post


Link to post
Share on other sites

Oh,,,,

 

And if you look at the very last line of your "HijackThis" log, you'll find that you do indeed have MSITS.EXE on your machine.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0