Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have been having trouble getting an internet connection with internet explorer on my dsl. My computer has been freezing and acting weird like getting pop ups that have the microsoft sybol in the corner. I ran my AVG, spybot, spyblaster, adaware, cws shredder and had my McAfee firewall all up to date. When I went into msconfig I had weird things in there so I unchecked them, some took a few times. When I hit ctrl,alt,delete I have Iexplore, sometimes I can get rid of it and sometimes I get 2 of them show up. Any help would be appreciated.
Lisa
try this On-line Spyware Scan
and remove all that it findsHopefully my advice will help you...Please post back with your results....thanks
0 
When waiting for a reply I ran x-cleaner it found over pro and bonzi and I deleted it. I turned off system restore and ran in safe mode spybot,cws,spyware blaster,adaware. I tried running trend micro spyware and it kept freezing on c:\restore\temp. I turned on system restore and froze so bad that scan disc didn't run. I reset the bios and got back on. I did hijack this and analized it and came up with alot of unknown on pogo.com. I play those games all the time. Then it showed aol toolbar, motmon and BHO as threats. It also showed no firewall but I have McAfee running. I'm lost.
Lisa
0
I'm not sure about win ME, but in 98se I know you can do a scanreg /restore, is that option available with ME? If so, try it and you should get back on track.
Hopefully my advice will help you...Please post back with your results....thanks
0
Yes, I have restore but I purged my restore and created another restore point after trying to get rid of what ever I have. Things are running alittle better no more Iexplore, but I know I still have something on there. According to HJT I think I need to delete 3 things but I am not experienced on this. BHO no name I think is one of them. I really don't know what else to do. I kkep reading posts.
Lisa
0
I'm not sure you understood my post. scanreg /restore is done by booting into safe mode and selecting command prompt. Then typing it in.
Hopefully my advice will help you...Please post back with your results....thanks
0
I guess I didn't understand. Never did that before. I can try it but I really don't know when I got this bug. I'm thinking it was a long time ago. When I had to switch dsl providers It took me 10 times to get connected, since I got rid of Iexplore I get on right away. Thinking maybe I had the problem for weeks. I ran all protective programs today. So my system is as clean as I can get it. How do I do scanreg/restore? Will it change anything I have done on the computer?
Lisa
0
If scanreg /restore will work on your PC, all your programs will stay in tact, it will just restore the registry. If tou try it and it says wrong command, it won't work for you. Notice the space between scanreg and /
That is important.Hopefully my advice will help you...Please post back with your results....thanks
0
When I go into safe mode and type it in, it states Running a ms dos program in safe mode could cause video problems or other problems.
Lisa
0
Then I would pass on it
Hopefully my advice will help you...Please post back with your results....thanks
0
I did Spyblaster, spybot, adaware, cws shredder, spyware guard, spyware guide, avast, checked my McAfee firewall everything was running fine. Then all of a sudden this pop up that has a window icon on the left said media click( I think, I closed right away) came up and locked up my system. I got back on and went into msconfig and the same 2 entries that messed me up before was in there.
Stop inside registry(per-user run)c:\windows\profiles\gloryb~1\applic~1\intere~1\dupe army five.exe andItch bias mp3 burn registry (machine run)
c:\windows\all users\application data\test style itch bias\bait32.exeAnd in ctrl, alt, delete the Iexplore was back twice.
Now I know my husband burns things with a program. I don't know if this is related to the mp3 burn one. When trying to get on this site an explore page went in my toolbar and it said hollwood.com and it was hard to get rid of. Something still must be lurking on my computer and when that windows pop up comes up I get the Iexplore back.
Lisa
0
After 10 pop ups and freezing, trying to get on this site and trying to do research I deleted those 2 files, and I'm still getting the pop ups, now it was zedo.I don't know what to do anymore. Thinking maybe just to redo my hard drive. None of these programs picked any of this up.
Lisa
0
Hi Lisa, do you have messenger plus
installed?It looks like you have lop spyware sponsor, it uses the goofy file names.
0
I will post this anyway, because info is
power against crapware.
http://inetexplorer.mvps.org/answers/43.html
0
After my last post I did alot of reading and think I do have adware lop. I did remove a couple things from the sites posted but affraid to do to much. Also when I deleted the folders they did come back. I went into regedit and noticed I have 2 runs, one with a line next to it and it has these corrupt files. I was affraid to delete without help.
Here is my log.Logfile of HijackThis v1.99.1
Scan saved at 10:00:29 PM, on 9/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\HPSYSDRV.exe
C:\PROGRAM FILES\MOTIVE\MOTMON.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.exe
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.exe
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.exe
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.exe
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.exe
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.exe
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.exe
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\RUNDLL32.exe
C:\HJT\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {BDD63755-1ED3-E2B6-2EA8-BAF3C9BB74D1} - C:\WINDOWS\PROFILES\GLORYBIRDS\APPLICATION DATA\SUPPORT PLUS\MODEBURN.exe (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.exe
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.1.4.29/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.3.39/wordjong/wordjong-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.28/worldclass/worldclass-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlslots/mlslots-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.42/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-6.1.1.21/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pinochle/pinochle-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/poppit/poppit-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.2.4.23/euchre/euchre-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game3.pogo.com/applet-6.1.2.25/checkers2/checkers-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.28/spider/spider-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.5.28/greenback/greenback-ob-assets.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb05.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.3.21/spades/spades-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.5.28/freecell/freecell-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.1.3.21/domino/domino-ob-assets.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool2/pool-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.3.28/popfu/popfu-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lottso/lottso-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0.46/blackjack/blackjack-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/poppit2/poppit2-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.29/mahjong/mahjong-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.5.28/flinger/flinger-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.2.51/squelchies/squelchies-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.21/chess2/chess2-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.1.27/omaha/omaha-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.28/jumbee/jumbee-ob-assets.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.30/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.2.0.30/slots/showbiz2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.1.27/gin/gin-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.0.46/peaks/peaks-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paigow/paigow-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.3.0.46/aces/aces-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.0.53/backgammon/backgammon-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.2.3.36/cribbage/cribbage-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.2.3.36/turbo21/turbo21-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.0.53/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.netLisa
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
