Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I am living in Pop-Up Hell. I had pop-up & hijack problems before but they were solved rather easily with Pop-Up Stopper & CWS. Now, months later I am suddenly inundated with non-stop pop-ups and a mysterious IE browser that runs in the background as soon as I open IE. The background session always comes up with a different name. Even with my Pop-Up Stopper on, the pop-up attempts start instantaneously when I go to IE and they eventually break through the Stopper and will soon open another IE window. And it doesn't stop, it just goes on constantly. I can race around my task manager and attempt to turn off each window as it begins to run but I would just like to go back to the good old times, like last week, when I could just run IE in peace.
I've tried SpyHunter and SpyBot S&D and they show nothing other than a few cookies from the pop-up ads. Norton Anti-Virus & XClean say I'm clean. I ran Hijack This and got the log below. I'm guessing that the BHO's may be the problem but I'm no expert. Can anyone help? Thanks for looking!
Logfile of HijackThis v1.97.3
Scan saved at 8:42:00 AM, on 10/27/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\OPLIMIT\OCRAWARE.exe
C:\OPLIMIT\OCRAWR32.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\WINAMP\WINAMPA.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\PROGRAM FILES\WASHER\WASHER.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.exe
C:\VSTASCAN\VSACCESS.exe
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\PANICWARE\POP-UP SCANNER\POPUPSCN.exe
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abcsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cablevision Optimum Online
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
F1 - win.ini: run=hpfsched
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E4533CC0-0645-11D8-B02A-0080AD7D3282} - C:\WINDOWS\SYSTEM\DHRMV2CLT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Suffice] C:\WINDOWS\SYSTEM\OOBE\suffice.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [33R9DLF5A@ZGA4] C:\WINDOWS\SYSTEM\JqvGme.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [explore] c:\windows\explore.exe
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system\msspi.dll' missing
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .SWF: C:\PROGRAM FILES\VERIZONDSL\NETSCAPE\PROGRAM\PLUGINS\npswf32.dll
O12 - Plugin for .html: C:\PROGRAM FILES\VERIZONDSL\NETSCAPE\PROGRAM\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/2645268373a3a1e59c01/netzip/RdxIE.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
download the google bar! this thing rocks and I definetly hate Browser bars like the yahoo search bar, msn, whatnots..
has built in IE popup blocker mind you FREE
0 
Try BHODemon where you will have the ability to disable the BHOs and or re-enable them.
Bryan
0
Justin_b31, I tried the Google Bar but when I go to install it I get a warning message saying "Your computer currently has Browser Helper Objects disabled. The Google Toolbar will not work unless you disable them."
This goes to the heart of Bryco's suggestion about BHODemon. With the problem I am having, do I want the BHOs enabled or disabled?
Sometimes the answers can be so obvious that I just can't see them. Thanks to you both for the suggestions. I just need to be pointed one more step in the right direction.
Thanks again.
0 0
Spamtrap, thanks for an interesting idea. How does Mozilla Firebird compare to IE in other ways besides pop-ups? How well does it browse and work otherwise?
0
I also enjoy using Netscape 7.1, has pop up blocker also and you have to option to open new windows in a tab vs a new task box.
Since you have browser helper off, I'm curious as to what is loading in the popups..is it all the same one, different ones..etc..try disabling ActiveX through IE options..does this stop the popups?
To enable browser yourself:
1- Close all instances of Internet Explorer, click Start, point to Settings, and then click Control Panel.
2- Double-click Internet Options.
3- Click the Advanced tab.
4 -Under Browsing, click the Enable third-party browser extensions (requires restart) check box.
5- Restart Internet Explorer.
0
Justin_b31, It's basically the same ads (a jewelry company, eBay, American singles, not much porn, just basic ads that seem to tie in somehow with the site I am visiting.
My company's website was laid out in IE and it doesn't come up correctly in Netscape. I wonder if I would have this same problem in Mozilla Firebird?
I used BHODemon and disabled the no-name BHO and everything seems to be working okay except it's a little balky and slow. I tried rebooting and washing and everything but it's still obviously slower. Not crawling, just enough to aggravate.
Now I am wondering if I can somehow just remove that BHO completely. Or should I?
Thanks for all of the suggestions, folks. I need all the help I can get.
0
Hi Derek,
I must admit I only use IE when on other peoples PC's. I find it a frustrating experience as I am used to using tabs. Part of this frustration is probably caused by lack of familiarity. I always have multiple tabs open and find the way that IE handles multiple windows irritating. I also find IE slow by comparison.here are some Mozilla firebird features...
-password manager
-pop up control which allows you to allow pop ups on sites you want to see pop ups on. I turn them off and can safely go to underground sites without being attacked by pr0n popups.
- Java and java script control which allows you to control what actions you allow with java scripts.
- cookie control, with general and per site control
- cookie viewer
- you can stop images loading if they dont come from the originating site.
- Tabbed browsing
- pluggins such as mouse gestures etc.
- configurable search bar.
- custom toolbars.
- open source
- more secure than IE in mine and many others opinions.
- Themes
- Linux and mac versions available
- supports multiple profiles which you can store anywhere.
- Unzip the download to a folder and its installed. You could transfer this folder and you profile folder to another pc and you would be up and running with all your bookmarks and settings intact. I access my same profile from a multiboot system using different MS OS's. mmmm.. I must try and access my profile from Linux and see if that works.
- this page says it better than me..http://www.mozilla.org/products/firebird/why/
And finally, since it is not part of the operating system, you can install it and uninstall it without fear of trashing the OS.Check it out, it's free and only a 6MB download..
http://www.mozilla.org/However, if you use a lot of MS products that intergrate with IE, you may loose these functions, eg an MS keyboard. I dont use a lot of MS so dont miss these things.
Am I biased ? Yes.
And to Justin B31 - Netscape is an AOL version of Mozilla (they both use the same core). Mozilla is more up to date than Netscape and will not have the AOL stuff in it.
0
Okay, Spamtrap, you've got me interested. I think I will try it out once I am fairly sure that I have this other problem completely solved. Then maybe I won't have to bother with IE anymore.
Thanks a lot.
0
oh cool. i was wondering about that AOL crap. Nicely enough I've not had a problem with the AOL interferring with Mozilla..it is a lot easier and more usefull to boot.
0
Derek, Is your CWShredder up to date? The latest version was put out in Sept and deals with more variants. There is also a BETA version available.
Even if you use Mozilla it would be good to cure the other problem too.
I tried Phoenix (Mozilla) but did not like the tabs as I am used to working with browser windows. I am also a big fan of IE6sp1 as I find it to be the fastest browser I have tried.
Who knows, perhaps I will give the Firebird a test flight.
Bryan
0
Ok, I am presently using Firebird. Seems Ok so far. It seems fast enough and I am using "Open in New Window" too.
Bryan
0
If you dont like the tabs, then right click a link and select 'open in new window'.
Tab and window behaviour may be configurable by typing 'about:config' in the browser to bring up the advanced advanced config window. It is not user friendly though but has hundreds of configurable options.
You can also set the browser to run in turbo mode but I dont actually know what that does. It sounds good though.Going for number three.
0
spamtramp, you've got me investigating now too. You may gain another soul today. I currently use IE6, SP1, Q330994, Q818529, Q313829. No problems whatsoever. But Hmmm....
0
I tried Mozilla Firebird 7.0, Spamtramp. It's pretty good. I'm not quite sold on it over IE6 but it's definitely much better than Netscape. It seems just a tad bit slower than IE6 but still a good speed and it has a nice solid look to it. I'll definitely use it more in the future. Maybe I can use it in tandem with IE6 so I don't have to open extra windows in both to do my work. Thanks for the idea.
My PC is working better thanks to all of the suggestions. The only problem I seem to have now is that the system becomes unstable when I run Scandisk on the C Drive. It goes about 80% of the way through and then suddenly the PC turns off. This never happened before. It started before I put in Mozilla earlier this evening, so that's not it. Anybody got a suggestion?
Only other question, any thoughts on whether or not I should completely delete that BHO that I disabled with BHODemon?
Thanks to all.
0
Oh Oh, you didn't use IE6 to post these messages saying you were planning to install Mozilla did you ?
Sounds like IE6 told on you and MS is getting it's revenge.Can you run scandisk from a boot disk ?
Unstable then a power down could be a heat problem.
Your initial report sounded like you had some nasty spyware/addware or a trojan on your system. I am suprised nothing was found. I wouldn't be satisfied until I found the culprit.
Call me stupid but what is a BHO?
Maybe try out filemon, its free. It will show you what files are being used in realtime.
It helped me clean a friends system. I found that even when I was doing nothing, a toolbar of his was always up to something. I stopped the toolbar and his system regained its responsiveness. You will probably need to configure its filters to stop you being swamped by messages though.
0
Spamtrap, a BHO is a browser helper of some kind. I didn't know these things existed before this problem occured and I'm still not sure what it does. I only know that by disabling this one BHO it seems to have quelled that one symptom I was encoountering.
Yeah, I should try scandisk from a boot disk. That's an adventure for tomorrow though. After 3 days of chasing this problem around I am going to bed and taking a rest.
I may use Mozilla now but I won't rest easy until I find the exact culprit that's been causing the problem in IE.
A filemon, hmmmm? Another idea to explore.
Thanks.
0
I should have said 'Filemon' not 'filemon'.
Filemon is the name of the software. It is freeware and you can get it here..
http://www.sysinternals.com/ntw2k/source/filemon.shtmlHere is the blurb...
Filemon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. Filemon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.
Another good simple free utility is 'openlist'. It simply gives a list of all the files that are open on your system. It might help you find a suspicious log file or whatever.
Good luck
0
Well, I am definitely going to have to explore more possible solutions (like Filemon and openlist) because as soon as I turned the PC back on this morning the same problem was there just as infuriating as it had been before. Whatever work I had done to wipe it out was undone at Startup. Back to the drawingboard.
0
I found this file POPUP.OCX as a result of reading this thread. Is it a Microsoft Installed file or is it a High-Jack Invader?
I ran FIND, found it here, C:\WINDOWS\SYSTEM looked in the properties screen and found the following info.
Version Tab says:
Comments=Blue Sky Software Active Popup
Language=English (United States)
Original Filename=POPUP.OCX
Product name=Blue Sky Software Active Popup
Product Version=1.01.201
Special Build Description=RoboHTMLI run Spybot Spyblaster and ZoneAlarm.
Am I paranoid because of this thread?
Thanks in advance.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
