IE hangs when tying an address into adress bar

  • Thread starter Thread starter Janice
  • Start date Start date
J

Janice

I'm having a problem with IE hanging if I type an address into the address
bar. This doesn't happen the first time nor sometimes the second time. If I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware and it found
some browser hijack items. I've cleaned these using Ad Aware but still can't
get IE to behave - it still hangs after the 2nd or third time of typing and
address.

How can I get back to normal?

I'm using IE6 with XP Pro.

Janice
 
Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
 
Mike,

I had a look at that site, checked the registry entries and tried the repair
file. Still the same problem.

Any advice?

Janice



Mike Burgess said:
Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
I'm having a problem with IE hanging if I type an address into the address
bar. This doesn't happen the first time nor sometimes the second time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware and it found
some browser hijack items. I've cleaned these using Ad Aware but still can't
get IE to behave - it still hangs after the 2nd or third time of typing and
address.

How can I get back to normal?

I'm using IE6 with XP Pro.

Janice
 
Janice,
Did you run HijackThis and post the logfile to their Forum?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

I had a look at that site, checked the registry entries and tried the repair
file. Still the same problem.

Any advice?

Janice



Mike Burgess said:
Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
I'm having a problem with IE hanging if I type an address into the address
bar. This doesn't happen the first time nor sometimes the second time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware and it found
some browser hijack items. I've cleaned these using Ad Aware but still can't
get IE to behave - it still hangs after the 2nd or third time of
typing
and
address.

How can I get back to normal?

I'm using IE6 with XP Pro.

Janice
 
Mike,

Yes but still awaiting a reply.

Janice


Mike Burgess said:
Janice,
Did you run HijackThis and post the logfile to their Forum?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

I had a look at that site, checked the registry entries and tried the repair
file. Still the same problem.

Any advice?

Janice



Mike Burgess said:
Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware and it found
some browser hijack items. I've cleaned these using Ad Aware but still
can't
get IE to behave - it still hangs after the 2nd or third time of typing
and
address.

How can I get back to normal?

I'm using IE6 with XP Pro.

Janice
 
Janice,
Couldn't find your post ..... who did you sign in as?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

Yes but still awaiting a reply.

Janice


Mike Burgess said:
Janice,
Did you run HijackThis and post the logfile to their Forum?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

I had a look at that site, checked the registry entries and tried the repair
file. Still the same problem.

Any advice?

Janice



Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

I'm having a problem with IE hanging if I type an address into the
address
bar. This doesn't happen the first time nor sometimes the second time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware and it
found
some browser hijack items. I've cleaned these using Ad Aware but still
can't
get IE to behave - it still hangs after the 2nd or third time of typing
and
address.

How can I get back to normal?

I'm using IE6 with XP Pro.

Janice
 
Mike,

It was my son who posted as the problem is on his computer. His name is
m0ns00n. His post is here;

http://forums.spywareinfo.com/index.php?showtopic=11368

Janice
Mike Burgess said:
Janice,
Couldn't find your post ..... who did you sign in as?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

Yes but still awaiting a reply.

Janice


Mike Burgess said:
Janice,
Did you run HijackThis and post the logfile to their Forum?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Mike,

I had a look at that site, checked the registry entries and tried the
repair
file. Still the same problem.

Any advice?

Janice



Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

I'm having a problem with IE hanging if I type an address into the
address
bar. This doesn't happen the first time nor sometimes the second time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware
and
 
Janice,
You still have some leftovers .......

O1 - Hosts: 216.40.230.4 desktop.kazaa.com

Although I don't see Kazaa running, your HOSTS file *was* edited.

O2 - BHO: (no name) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
- C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)

Leftover entry from Comet spyware ....

Note: Messanger Plus is *highly* questionable .......
You also need to reduce the amount of unneeded apps running at startup.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

It was my son who posted as the problem is on his computer. His name is
m0ns00n. His post is here;

http://forums.spywareinfo.com/index.php?showtopic=11368

Janice
Mike Burgess said:
Janice,
Couldn't find your post ..... who did you sign in as?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

Yes but still awaiting a reply.

Janice


Janice,
Did you run HijackThis and post the logfile to their Forum?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Mike,

I had a look at that site, checked the registry entries and tried the
repair
file. Still the same problem.

Any advice?

Janice



Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

I'm having a problem with IE hanging if I type an address into the
address
bar. This doesn't happen the first time nor sometimes the second
time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad Aware
and
it
found
some browser hijack items. I've cleaned these using Ad Aware but
still
can't
get IE to behave - it still hangs after the 2nd or third time of
typing
and
address.

How can I get back to normal?

I'm using IE6 with XP Pro.

Janice
 
Mike,

He uses Kazaa Lite and only has it running when he's actually using it -
should I still remove the 01 entry?

We ran Spybot as well and cleaned all entries to do with Browser hijacking
and Comet cursor. Still no luck - problem is still there.

I pointed out the problem of Messenger Plus to him last night as this seemed
to happen when he updated Messenger Plus. However even after uninstalling
the program we still have the problem.

The strange thing is that it works fine when we just type in www etc for the
first time and sometimes even the second time. It will usually hang after
the third time.

Janice


Mike Burgess said:
Janice,
You still have some leftovers .......

O1 - Hosts: 216.40.230.4 desktop.kazaa.com

Although I don't see Kazaa running, your HOSTS file *was* edited.

O2 - BHO: (no name) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
- C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)

Leftover entry from Comet spyware ....

Note: Messanger Plus is *highly* questionable .......
You also need to reduce the amount of unneeded apps running at startup.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

It was my son who posted as the problem is on his computer. His name is
m0ns00n. His post is here;

http://forums.spywareinfo.com/index.php?showtopic=11368

Janice
Mike Burgess said:
Janice,
Couldn't find your post ..... who did you sign in as?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Mike,

Yes but still awaiting a reply.

Janice


Janice,
Did you run HijackThis and post the logfile to their Forum?
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Mike,

I had a look at that site, checked the registry entries and
tried
the
repair
file. Still the same problem.

Any advice?

Janice



Janice,
Dealing with Unwanted Spyware, Parasites, Toolbars and Search
Engines
http://mvps.org/winhelp2002/unwanted.htm

Sounds like you still have some leftovers, etc.
Also see: Repair the corrupted or altered (spyware) HTTP prefixes
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
into
the
address
bar. This doesn't happen the first time nor sometimes the second
time.
If
I
type http:// first it's fine.

I've run my virus checker and it's OK. I've also run Ad
Aware
and
it
found
some browser hijack items. I've cleaned these using Ad Aware but
still
can't
get IE to behave - it still hangs after the 2nd or third
time
 
Janice,
The HOSTS file entries are actually redirecting you to:
http://216.40.230.4/kazaa/ (then begs for you to send $$ to: hsds.net)

Rename your HOSTS file and see if that resolves the problem.
You can use a simple batch file to rename the HOSTS file "on-the-fly".
Download: RenHosts.bat
http://www.mvps.org/winhelp2002/hosts.htm
--
As for "Kazza Lite"
http://www.spywareinfo.com/articles/p2p/

As for "GoZilla!"
http://www.oit.duke.edu/ats/support/spyware/gozilla.html
It is also listed here:
http://www.spywareinfo.com/bhos/
X {CD4C3CF0-4B15-11D1-ABED-709549C10000}: Goiehlp.dll - Go'Zilla

Finally I would suggest completely clearing your cache:
How To: Delete the Internet Explorer Temporary Internet Files
http://www.mvps.org/winhelp2002/delcache.htm
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

He uses Kazaa Lite and only has it running when he's actually using it -
should I still remove the 01 entry?

We ran Spybot as well and cleaned all entries to do with Browser hijacking
and Comet cursor. Still no luck - problem is still there.

I pointed out the problem of Messenger Plus to him last night as this seemed
to happen when he updated Messenger Plus. However even after uninstalling
the program we still have the problem.

The strange thing is that it works fine when we just type in www etc for the
first time and sometimes even the second time. It will usually hang after
the third time.

Janice


Mike Burgess said:
Janice,
You still have some leftovers .......

O1 - Hosts: 216.40.230.4 desktop.kazaa.com

Although I don't see Kazaa running, your HOSTS file *was* edited.

O2 - BHO: (no name) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
- C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)

Leftover entry from Comet spyware ....

Note: Messanger Plus is *highly* questionable .......
You also need to reduce the amount of unneeded apps running at startup.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
<snip>
 
Mike,

Thank you very much for your help - it is appreciated.

GoZilla is version 3.9 and is the paid for version which does not contain
spyware.

I know Kazaa Lite is the cracked version and would prefer not to use it at
all. However try telling that to teenagers.

Clearing the cache made no difference at all. The Hosts file does not appear
to be the problem either. I can type an address in the first time and it
goes there fine. If I type the exact same address in on a 2nd or third
attempt, it will hang. Occasionally it will hang on the 1st attempt too.

I have a new log from Hijack This;
Logfile of HijackThis v1.97.2
Scan saved at 14:27:48, on 14/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\J. Mason\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=cache1-edin.server.ntli.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 192.168.*.*
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://windowsupdate.microsoft.com/
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and
Settings\J. Mason\Application
Data\Mozilla\Profiles\default\fhcldmpt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBW
eb_01.src"); (C:\Documents and Settings\J. Mason\Application
Data\Mozilla\Profiles\default\fhcldmpt.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite
5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common
Files\Nokia\NCLTools\NclTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache
Group\Apache2\bin\ApacheMonitor.exe
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: Yahoo! Dots -
http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakke
n/us/win/QuickTimeInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment
1.4.0_03) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://208.158.118.13/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37586.330902
7778
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment
1.4.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{43B878E1-0899-42B4-8095-8249F994DDDD}:
NameServer = 194.168.4.100,194.168.8.100
O17 -
HKLM\System\CS1\Services\Tcpip\..\{43B878E1-0899-42B4-8095-8249F994DDDD}:
NameServer = 194.168.4.100,194.168.8.100
O17 -
HKLM\System\CS2\Services\Tcpip\..\{43B878E1-0899-42B4-8095-8249F994DDDD}:
NameServer = 194.168.4.100,194.168.8.100

Janice



Mike Burgess said:
Janice,
The HOSTS file entries are actually redirecting you to:
http://216.40.230.4/kazaa/ (then begs for you to send $$ to: hsds.net)

Rename your HOSTS file and see if that resolves the problem.
You can use a simple batch file to rename the HOSTS file "on-the-fly".
Download: RenHosts.bat
http://www.mvps.org/winhelp2002/hosts.htm
--
As for "Kazza Lite"
http://www.spywareinfo.com/articles/p2p/

As for "GoZilla!"
http://www.oit.duke.edu/ats/support/spyware/gozilla.html
It is also listed here:
http://www.spywareinfo.com/bhos/
X {CD4C3CF0-4B15-11D1-ABED-709549C10000}: Goiehlp.dll - Go'Zilla

Finally I would suggest completely clearing your cache:
How To: Delete the Internet Explorer Temporary Internet Files
http://www.mvps.org/winhelp2002/delcache.htm
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

He uses Kazaa Lite and only has it running when he's actually using it -
should I still remove the 01 entry?

We ran Spybot as well and cleaned all entries to do with Browser hijacking
and Comet cursor. Still no luck - problem is still there.

I pointed out the problem of Messenger Plus to him last night as this seemed
to happen when he updated Messenger Plus. However even after uninstalling
the program we still have the problem.

The strange thing is that it works fine when we just type in www etc for the
first time and sometimes even the second time. It will usually hang after
the third time.

Janice


Mike Burgess said:
Janice,
You still have some leftovers .......

O1 - Hosts: 216.40.230.4 desktop.kazaa.com

Although I don't see Kazaa running, your HOSTS file *was* edited.

O2 - BHO: (no name) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
- C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)

Leftover entry from Comet spyware ....

Note: Messanger Plus is *highly* questionable .......
You also need to reduce the amount of unneeded apps running at startup.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
<snip>
 
Janice,
The new HijackThis log look fairly clean .........
GoZilla is version 3.9 and is the paid for version
Ok ....
"However try telling that to teenagers"
Oh well .... said:
"If I type the exact same address in on a 2nd or third attempt, it will
hang"
Please explain in detail what happens = error message, screen freeze,
times-out, etc.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

Thank you very much for your help - it is appreciated.

GoZilla is version 3.9 and is the paid for version which does not contain
spyware.

I know Kazaa Lite is the cracked version and would prefer not to use it at
all. However try telling that to teenagers.

Clearing the cache made no difference at all. The Hosts file does not appear
to be the problem either. I can type an address in the first time and it
goes there fine. If I type the exact same address in on a 2nd or third
attempt, it will hang. Occasionally it will hang on the 1st attempt too.

I have a new log from Hijack This;
Logfile of HijackThis v1.97.2
Scan saved at 14:27:48, on 14/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
<snip>
 
Mike,

This is what happens.

I type an address into the address bar starting with www. I then press
return - nothing. If I try to close IE I get "this program is not
responding". If I click on "Go" the IE icon next to the name of the web site
changes to a plain white with blue title bar icon, the hour glass appears
and nothing else. I can close IE by clicking on the cross and get the same
message as above. I can open a new window of IE and use that whilst the
other window is hanging.

If I first of all prefix my web address with http:// or select an address
from the drop down menu which has the http:// prefix then all is fine.

The error message generated to send to Microsoft reads;

sz/AppName:IEXPLORE.EXE sz?AppVer:6.0.2800.1106
szModName:hungapp szModVer:0.0.0.0
offset: 00000000

Files to be included in the report are

Temp\WER76F.tmp.dir00\IEXPLORE.EXE mdmp
Temp\WER76F.tmp.dir00\appcompat.txt

Janice

Mike Burgess said:
Janice,
The new HijackThis log look fairly clean .........
GoZilla is version 3.9 and is the paid for version
Ok ....
"However try telling that to teenagers"
Oh well .... said:
"If I type the exact same address in on a 2nd or third attempt, it will
hang"
Please explain in detail what happens = error message, screen freeze,
times-out, etc.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

Thank you very much for your help - it is appreciated.

GoZilla is version 3.9 and is the paid for version which does not contain
spyware.

I know Kazaa Lite is the cracked version and would prefer not to use it at
all. However try telling that to teenagers.

Clearing the cache made no difference at all. The Hosts file does not appear
to be the problem either. I can type an address in the first time and it
goes there fine. If I type the exact same address in on a 2nd or third
attempt, it will hang. Occasionally it will hang on the 1st attempt too.

I have a new log from Hijack This;
Logfile of HijackThis v1.97.2
Scan saved at 14:27:48, on 14/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
<snip>
 
Janice,
The symtoms you describe still point to a corrupt "HTTP prefixes"
http://www.mvps.org/winhelp2002/unwanted.htm
From the above, download: RepairDefaultPrefix.reg

Close any open programs including OE and IE
Right-click on "RepairDefaultPrefix.reg", select: Merge, and OK the prompt,
reboot

Run HijackThis again, click the "Config" button
Uncheck: "Ignore non-standard ..."
Click the "Misc Tools" button, click the "Generate Startup List"
Saves as "startuplist.txt"

Go back and run a Scan and save the log file
Send both files attached in an email ....
You'll find my email address on the front page of my site.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

This is what happens.

I type an address into the address bar starting with www. I then press
return - nothing. If I try to close IE I get "this program is not
responding". If I click on "Go" the IE icon next to the name of the web site
changes to a plain white with blue title bar icon, the hour glass appears
and nothing else. I can close IE by clicking on the cross and get the same
message as above. I can open a new window of IE and use that whilst the
other window is hanging.

If I first of all prefix my web address with http:// or select an address
from the drop down menu which has the http:// prefix then all is fine.

The error message generated to send to Microsoft reads;

sz/AppName:IEXPLORE.EXE sz?AppVer:6.0.2800.1106
szModName:hungapp szModVer:0.0.0.0
offset: 00000000

Files to be included in the report are

Temp\WER76F.tmp.dir00\IEXPLORE.EXE mdmp
Temp\WER76F.tmp.dir00\appcompat.txt

Janice

Mike Burgess said:
Janice,
The new HijackThis log look fairly clean .........
GoZilla is version 3.9 and is the paid for version
Ok ....
"However try telling that to teenagers"
Oh well .... said:
"If I type the exact same address in on a 2nd or third attempt, it will
hang"
Please explain in detail what happens = error message, screen freeze,
times-out, etc.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

Thank you very much for your help - it is appreciated.

GoZilla is version 3.9 and is the paid for version which does not contain
spyware.

I know Kazaa Lite is the cracked version and would prefer not to use
it
at
<snip>
 
Mike,

Sent as requested. Unfortunately made no difference.

Janice


Mike Burgess said:
Janice,
The symtoms you describe still point to a corrupt "HTTP prefixes"
http://www.mvps.org/winhelp2002/unwanted.htm
From the above, download: RepairDefaultPrefix.reg

Close any open programs including OE and IE
Right-click on "RepairDefaultPrefix.reg", select: Merge, and OK the prompt,
reboot

Run HijackThis again, click the "Config" button
Uncheck: "Ignore non-standard ..."
Click the "Misc Tools" button, click the "Generate Startup List"
Saves as "startuplist.txt"

Go back and run a Scan and save the log file
Send both files attached in an email ....
You'll find my email address on the front page of my site.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

This is what happens.

I type an address into the address bar starting with www. I then press
return - nothing. If I try to close IE I get "this program is not
responding". If I click on "Go" the IE icon next to the name of the web site
changes to a plain white with blue title bar icon, the hour glass appears
and nothing else. I can close IE by clicking on the cross and get the same
message as above. I can open a new window of IE and use that whilst the
other window is hanging.

If I first of all prefix my web address with http:// or select an address
from the drop down menu which has the http:// prefix then all is fine.

The error message generated to send to Microsoft reads;

sz/AppName:IEXPLORE.EXE sz?AppVer:6.0.2800.1106
szModName:hungapp szModVer:0.0.0.0
offset: 00000000

Files to be included in the report are

Temp\WER76F.tmp.dir00\IEXPLORE.EXE mdmp
Temp\WER76F.tmp.dir00\appcompat.txt

Janice

Mike Burgess said:
Janice,
The new HijackThis log look fairly clean .........
GoZilla is version 3.9 and is the paid for version
Ok ....

"However try telling that to teenagers"
Oh well .... <g> (yes I remember those days ;)

"If I type the exact same address in on a 2nd or third attempt, it will
hang"
Please explain in detail what happens = error message, screen freeze,
times-out, etc.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Mike,

Thank you very much for your help - it is appreciated.

GoZilla is version 3.9 and is the paid for version which does not contain
spyware.

I know Kazaa Lite is the cracked version and would prefer not to use
it
at
all. However try telling that to teenagers.

Clearing the cache made no difference at all. The Hosts file does not
appear
to be the problem either. I can type an address in the first time
and
 
Mike,

Found something interesting. Have e-mailed it to you.

Janice


Janice said:
Mike,

Sent as requested. Unfortunately made no difference.

Janice


Mike Burgess said:
Janice,
The symtoms you describe still point to a corrupt "HTTP prefixes"
http://www.mvps.org/winhelp2002/unwanted.htm
From the above, download: RepairDefaultPrefix.reg

Close any open programs including OE and IE
Right-click on "RepairDefaultPrefix.reg", select: Merge, and OK the prompt,
reboot

Run HijackThis again, click the "Config" button
Uncheck: "Ignore non-standard ..."
Click the "Misc Tools" button, click the "Generate Startup List"
Saves as "startuplist.txt"

Go back and run a Scan and save the log file
Send both files attached in an email ....
You'll find my email address on the front page of my site.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Janice said:
Mike,

This is what happens.

I type an address into the address bar starting with www. I then press
return - nothing. If I try to close IE I get "this program is not
responding". If I click on "Go" the IE icon next to the name of the
web
site
changes to a plain white with blue title bar icon, the hour glass appears
and nothing else. I can close IE by clicking on the cross and get the same
message as above. I can open a new window of IE and use that whilst the
other window is hanging.

If I first of all prefix my web address with http:// or select an address
from the drop down menu which has the http:// prefix then all is fine.

The error message generated to send to Microsoft reads;

sz/AppName:IEXPLORE.EXE sz?AppVer:6.0.2800.1106
szModName:hungapp szModVer:0.0.0.0
offset: 00000000

Files to be included in the report are

Temp\WER76F.tmp.dir00\IEXPLORE.EXE mdmp
Temp\WER76F.tmp.dir00\appcompat.txt

Janice

Janice,
The new HijackThis log look fairly clean .........
GoZilla is version 3.9 and is the paid for version
Ok ....

"However try telling that to teenagers"
Oh well .... <g> (yes I remember those days ;)

"If I type the exact same address in on a 2nd or third attempt, it will
hang"
Please explain in detail what happens = error message, screen freeze,
times-out, etc.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-12-03]
Please post replies to this Newsgroup, email address is invalid
--

Mike,

Thank you very much for your help - it is appreciated.

GoZilla is version 3.9 and is the paid for version which does not
contain
spyware.

I know Kazaa Lite is the cracked version and would prefer not to
use
it
at
all. However try telling that to teenagers.

Clearing the cache made no difference at all. The Hosts file does not
appear
to be the problem either. I can type an address in the first time
and
it
goes there fine. If I type the exact same address in on a 2nd or third
attempt, it will hang. Occasionally it will hang on the 1st
attempt
too.
I have a new log from Hijack This;
Logfile of HijackThis v1.97.2
Scan saved at 14:27:48, on 14/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
<snip>
 
Back
Top