IE Browser Gone Crazy

[Shani S.]

Hi all, I am having a problem with IE6. I suspect it may
be a worm or parasite but have exhausted my conventional
knowledge knowledge. I've run Adaware, Spybot, CW
Shredder, Norton Anti-Virus and now HijackThis (but don't
know what to do wih it...LOL).

My browswer seems to be "hijacked" by something. It keeps
opening up by itself and "LOADING" pages and pop-ups. As a
matter of fact, it is doing it now as I'm typing this
message and it is driving me NUTS!!!

I think this problem MAY have something to do
with "Rundll32," which was/is loading everytime
I "Start/Boot my computer but I could be wrong.

By the way, my OS is Millenium ME. I ran HiJackThis and
here are the results:

Logfile of HijackThis v1.97.7
Scan saved at 8:14:17 AM, on 5/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-
4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1
\BHO\INCFIN~1.DLL (file missing)
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program
Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &2 Customize Menu -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &5 Fill from Identity -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillIdent.html
O8 - Extra context menu item: &6 Fill from Passcard -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillPass.html
O8 - Extra context menu item: &7 Fill Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComShowToolbar.html
O9 - Extra button: RF toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
O9 - Extra button: Save Forms (HKLM)
O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: &3 Edit Identities (HKLM)
O9 - Extra button: Passcards (HKLM)
O9 - Extra 'Tools' menuitem: &4 Edit Passcards (HKLM)
O9 - Extra button: Fill Id (HKLM)
O9 - Extra 'Tools' menuitem: &5 Fill from Identity (HKLM)
O9 - Extra button: Fill Pass (HKLM)
O9 - Extra 'Tools' menuitem: &6 Fill from Passcard (HKLM)
O9 - Extra button: Go Fill (HKLM)
O9 - Extra 'Tools' menuitem: &Go && Fill from Passcard
(HKLM)
O9 - Extra button: Login (HKLM)
O9 - Extra 'Tools' menuitem: &Login (Go, Fill, Submit)
(HKLM)
O9 - Extra button: Options (HKLM)
O9 - Extra 'Tools' menuitem: &Options (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37869.4390856481
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.c
ab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {1000026A-8230-4DD4-BE4F-6889D1E74166} -
http://www.compete.com/panel/01/MSView.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/MPB38106/
button.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info
..apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc/opu
c.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant
ivirus.com/housecall/xscan53.cab

This problem is really driving me crazy. Please help me
get rid of it ASAP. Any and ALL help would be most
apppreicated.

Sincerely,
Shani Schulman

 

[Will]

Post your Hijackthis log here for help
http://www.spywareinfo.com/forums/
Hope this helps

Hi all, I am having a problem with IE6. I suspect it may
be a worm or parasite but have exhausted my conventional
knowledge knowledge. I've run Adaware, Spybot, CW
Shredder, Norton Anti-Virus and now HijackThis (but don't
know what to do wih it...LOL).

My browswer seems to be "hijacked" by something. It keeps
opening up by itself and "LOADING" pages and pop-ups. As a
matter of fact, it is doing it now as I'm typing this
message and it is driving me NUTS!!!

I think this problem MAY have something to do
with "Rundll32," which was/is loading everytime
I "Start/Boot my computer but I could be wrong.

By the way, my OS is Millenium ME. I ran HiJackThis and
here are the results:

Logfile of HijackThis v1.97.7
Scan saved at 8:14:17 AM, on 5/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-
4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1
\BHO\INCFIN~1.DLL (file missing)
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program
Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &2 Customize Menu -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &5 Fill from Identity -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillIdent.html
O8 - Extra context menu item: &6 Fill from Passcard -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillPass.html
O8 - Extra context menu item: &7 Fill Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComShowToolbar.html
O9 - Extra button: RF toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
O9 - Extra button: Save Forms (HKLM)
O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: &3 Edit Identities (HKLM)
O9 - Extra button: Passcards (HKLM)
O9 - Extra 'Tools' menuitem: &4 Edit Passcards (HKLM)
O9 - Extra button: Fill Id (HKLM)
O9 - Extra 'Tools' menuitem: &5 Fill from Identity (HKLM)
O9 - Extra button: Fill Pass (HKLM)
O9 - Extra 'Tools' menuitem: &6 Fill from Passcard (HKLM)
O9 - Extra button: Go Fill (HKLM)
O9 - Extra 'Tools' menuitem: &Go && Fill from Passcard
(HKLM)
O9 - Extra button: Login (HKLM)
O9 - Extra 'Tools' menuitem: &Login (Go, Fill, Submit)
(HKLM)
O9 - Extra button: Options (HKLM)
O9 - Extra 'Tools' menuitem: &Options (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37869.4390856481
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.c
ab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {1000026A-8230-4DD4-BE4F-6889D1E74166} -
http://www.compete.com/panel/01/MSView.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/MPB38106/
button.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info
.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc/opu
c.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant
ivirus.com/housecall/xscan53.cab

This problem is really driving me crazy. Please help me
get rid of it ASAP. Any and ALL help would be most
apppreicated.

Sincerely,
Shani Schulman

 

[H Leboeuf]

Try this: Tools > Internet Options > Advanced > Browsing
Uncheck the Enable 3rd party browser extensions

This clears your some of your problems then find out who the culprit(s)
is/are with these tools.

Let AD-Aware Scan your system for advertising Spyware
http://www.lavasoftusa.com

and:

SpyBot-S&D
http://security.kolla.de/

p.s Reset the 3rd party browser setting.

More: This may be caused by a third-party program (adware, spyware,
parasite).
Get AdAware and SpyBot and run them both. Keep them up to date.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

Hi all, I am having a problem with IE6. I suspect it may
be a worm or parasite but have exhausted my conventional
knowledge knowledge. I've run Adaware, Spybot, CW
Shredder, Norton Anti-Virus and now HijackThis (but don't
know what to do wih it...LOL).

My browswer seems to be "hijacked" by something. It keeps
opening up by itself and "LOADING" pages and pop-ups. As a
matter of fact, it is doing it now as I'm typing this
message and it is driving me NUTS!!!

I think this problem MAY have something to do
with "Rundll32," which was/is loading everytime
I "Start/Boot my computer but I could be wrong.

By the way, my OS is Millenium ME. I ran HiJackThis and
here are the results:

Logfile of HijackThis v1.97.7
Scan saved at 8:14:17 AM, on 5/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-
4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1
\BHO\INCFIN~1.DLL (file missing)
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program
Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &2 Customize Menu -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &5 Fill from Identity -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillIdent.html
O8 - Extra context menu item: &6 Fill from Passcard -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillPass.html
O8 - Extra context menu item: &7 Fill Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComShowToolbar.html
O9 - Extra button: RF toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
O9 - Extra button: Save Forms (HKLM)
O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: &3 Edit Identities (HKLM)
O9 - Extra button: Passcards (HKLM)
O9 - Extra 'Tools' menuitem: &4 Edit Passcards (HKLM)
O9 - Extra button: Fill Id (HKLM)
O9 - Extra 'Tools' menuitem: &5 Fill from Identity (HKLM)
O9 - Extra button: Fill Pass (HKLM)
O9 - Extra 'Tools' menuitem: &6 Fill from Passcard (HKLM)
O9 - Extra button: Go Fill (HKLM)
O9 - Extra 'Tools' menuitem: &Go && Fill from Passcard
(HKLM)
O9 - Extra button: Login (HKLM)
O9 - Extra 'Tools' menuitem: &Login (Go, Fill, Submit)
(HKLM)
O9 - Extra button: Options (HKLM)
O9 - Extra 'Tools' menuitem: &Options (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37869.4390856481
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.c
ab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {1000026A-8230-4DD4-BE4F-6889D1E74166} -
http://www.compete.com/panel/01/MSView.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/MPB38106/
button.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info
.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc/opu
c.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant
ivirus.com/housecall/xscan53.cab

This problem is really driving me crazy. Please help me
get rid of it ASAP. Any and ALL help would be most
apppreicated.

Sincerely,
Shani Schulman

 

[Shani Schulman]

Okay, I did what was suggested and it did not work. I know
what's happening but don't know how to fix it. I notice
every time my browser opens by itself, it say's "loading,"
while other browser pages attempt to open up.

If I hit Ctrl, Alt, Dlt, I see "Rundll32" in my "running
programs" when it's NOT AUPPOSED TO BE THERE. This happens
every time IE attempts to OPEN by itself. How do I Stop
this from happening???

Here is a copy of my latest HijackThis scan run:

Logfile of HijackThis v1.97.7
Scan saved at 3:57:12 PM, on 5/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program
Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &2 Customize Menu -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &5 Fill from Identity -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillIdent.html
O8 - Extra context menu item: &6 Fill from Passcard -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillPass.html
O8 - Extra context menu item: &7 Fill Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComShowToolbar.html
O9 - Extra button: RF toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
O9 - Extra button: Save Forms (HKLM)
O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: &3 Edit Identities (HKLM)
O9 - Extra button: Passcards (HKLM)
O9 - Extra 'Tools' menuitem: &4 Edit Passcards (HKLM)
O9 - Extra button: Fill Id (HKLM)
O9 - Extra 'Tools' menuitem: &5 Fill from Identity (HKLM)
O9 - Extra button: Fill Pass (HKLM)
O9 - Extra 'Tools' menuitem: &6 Fill from Passcard (HKLM)
O9 - Extra button: Go Fill (HKLM)
O9 - Extra 'Tools' menuitem: &Go && Fill from Passcard
(HKLM)
O9 - Extra button: Login (HKLM)
O9 - Extra 'Tools' menuitem: &Login (Go, Fill, Submit)
(HKLM)
O9 - Extra button: Options (HKLM)
O9 - Extra 'Tools' menuitem: &Options (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37869.4390856481
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.c
ab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {1000026A-8230-4DD4-BE4F-6889D1E74166} -
http://www.compete.com/panel/01/MSView.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/MPB38106/
button.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info
..apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc/opu
c.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant
ivirus.com/housecall/xscan53.cab

-----Original Message-----


Try this: Tools > Internet Options > Advanced > Browsing
Uncheck the Enable 3rd party browser extensions

This clears your some of your problems then find out who the culprit(s)
is/are with these tools.

Let AD-Aware Scan your system for advertising Spyware
http://www.lavasoftusa.com

and:

SpyBot-S&D
http://security.kolla.de/

p.s Reset the 3rd party browser setting.

More: This may be caused by a third-party program (adware, spyware,
parasite).
Get AdAware and SpyBot and run them both. Keep them up to date.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

Hi all, I am having a problem with IE6. I suspect it may
be a worm or parasite but have exhausted my conventional
knowledge knowledge. I've run Adaware, Spybot, CW
Shredder, Norton Anti-Virus and now HijackThis (but don't
know what to do wih it...LOL).

My browswer seems to be "hijacked" by something. It keeps
opening up by itself and "LOADING" pages and pop-ups. As a
matter of fact, it is doing it now as I'm typing this
message and it is driving me NUTS!!!

I think this problem MAY have something to do
with "Rundll32," which was/is loading everytime
I "Start/Boot my computer but I could be wrong.

By the way, my OS is Millenium ME. I ran HiJackThis and
here are the results:

Logfile of HijackThis v1.97.7
Scan saved at 8:14:17 AM, on 5/6/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.optonline.net/Home
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48- 95BE-
4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1
\BHO\INCFIN~1.DLL (file missing)
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-
00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238- 8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program
Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &2 Customize Menu -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &5 Fill from Identity -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillIdent.html
O8 - Extra context menu item: &6 Fill from Passcard -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillPass.html
O8 - Extra context menu item: &7 Fill Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &9 Robo Toolbar -
res://C:\Program Files\Siber Systems\AI
RoboForm\RoboForm.dll/ComShowToolbar.html
O9 - Extra button: RF toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: &7 Fill Forms (HKLM)
O9 - Extra button: Save Forms (HKLM)
O9 - Extra 'Tools' menuitem: &8 Save Forms (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: &3 Edit Identities (HKLM)
O9 - Extra button: Passcards (HKLM)
O9 - Extra 'Tools' menuitem: &4 Edit Passcards (HKLM)
O9 - Extra button: Fill Id (HKLM)
O9 - Extra 'Tools' menuitem: &5 Fill from Identity (HKLM)
O9 - Extra button: Fill Pass (HKLM)
O9 - Extra 'Tools' menuitem: &6 Fill from Passcard (HKLM)
O9 - Extra button: Go Fill (HKLM)
O9 - Extra 'Tools' menuitem: &Go && Fill from Passcard
(HKLM)
O9 - Extra button: Login (HKLM)
O9 - Extra 'Tools' menuitem: &Login (Go, Fill, Submit)
(HKLM)
O9 - Extra button: Options (HKLM)
O9 - Extra 'Tools' menuitem: &Options (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system\inetadpt.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37869.4390856481
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
Class) -
http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.c
ab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {1000026A-8230-4DD4-BE4F-6889D1E74166} -
http://www.compete.com/panel/01/MSView.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
http://download.abetterinternet.com/download/cabs/MPB38106/
button.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info
.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc/opu
c.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin
/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvS
niff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.ant
ivirus.com/housecall/xscan53.cab

This problem is really driving me crazy. Please help me
get rid of it ASAP. Any and ALL help would be most
apppreicated.

Sincerely,
Shani Schulman

.

 

[Frank Saunders, MS-MVP]

Okay, I did what was suggested and it did not work. I know
what's happening but don't know how to fix it. I notice
every time my browser opens by itself, it say's "loading,"
while other browser pages attempt to open up.

If I hit Ctrl, Alt, Dlt, I see "Rundll32" in my "running
programs" when it's NOT AUPPOSED TO BE THERE. This happens
every time IE attempts to OPEN by itself. How do I Stop
this from happening???

Here is a copy of my latest HijackThis scan run:

SNIP

**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/