urgent problems about pop up advert

Computing.Net > Forums > Windows XP > urgent problems about pop up advert

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

urgent problems about pop up advert

Name: muimui
Date: January 19, 2004 at 06:05:56 Pacific
OS: xp
CPU/Ram: 1.3

Comment:

Hi,
i have experienced a big problem in my pc. after surfing some website a while then suddenly there's seems like a program installed and after that i found that there's a toolbar above my windows toolbar. there's search toolbar stuff like that. then i used ad-ware and spyfd software but after i used that everytime i restart my pc the toolbar still existed i checked the task manager and found that toolbar program is running and i closed that but they still showed up everytime after i restart my pc. when the time i turn off my pc, there's always a program of wupdate.exe needed to be ended, what's that? then right now my ie browser seems to be freeze every few seconds, then a while later there's pop up advertisement again. i used the adware and spyfd several times and both said that my pc is cleared but how come the situation right now turns even worse?
here's the task manager process that i have at this moment.
iexplore.exe
taskmgr.exe
wuauclt.exe
dpi.exe
pelmiced.exe
navapw32.exe
apropos.exe
jorserv2.exe
hkserv.exe
ico.exe
apoint.exe
navapsvc.exe
explorer.exe
spoolsv.exe
svchost.exe
svchost.exe
fhr5e.exe
kae2.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
pcfmgr.exe
tatss.exe
ctfmon.exe
msmsgs.exe
wupdater.exe
apntex.exe
system
system idle process
sorry that i used all the small letters because my pc because the pc keep freezing every few seconds and i just wanna type out my problems asap.
again i tried the adware and spyfd therefore is there something wrong abt my pc other than that and any solutions coz i don't wanna format my pc.
any help would be appreciated.
thanks!

Sponsored Link

Ads by Google

Response Number 1

Name: Bob (by BigBob)
Date: January 19, 2004 at 06:20:51 Pacific

Reply:

Download and run CW Shredder it should remove your hijacker

Response Number 2

Name: Srathi
Date: January 19, 2004 at 07:28:03 Pacific

Reply:

Please go to
doxdesk.com
and give us the report I would be able to help you better.

Response Number 3

Name: Eric Arnaud
Date: January 19, 2004 at 08:21:48 Pacific

Reply:

I had a lot of success with spybot search & destroy.
Managing over 50 pc and yes there alway a dumbass who visit or download a spyware or trojan.
Eric

Response Number 4

Name: tinner666
Date: January 19, 2004 at 09:40:10 Pacific

Reply:

without hjt, it looks like drpeper trojan, and maybe nother virus.

Response Number 5

Name: muimui
Date: January 19, 2004 at 16:59:48 Pacific

Reply:

Hi,
i tried to run cw shredder and found that there's the same situation. i checked my task manager while the search tool bar existed, the program it's called 'whenusearch' toolbar. i never d/l those program but i couldn't remove that.
Is there something wrong abt my start up because everytime i reboot my pc, there's a program called 'power scan' poped up which i 'never' d/l it before.
moreover i found that everytime i shut down my pc, there's a program called 'wupdater.exe' has to close before the pc shutdown...what's that actually?
i tried to run the hijackthis and save the log file and see if anyone here is able to shed me some light what's going on abt my pc and pls give me the solutions as well.
any help would be appreciated.
thanks!
Logfile of HijackThis v1.97.7
Scan saved at 7:50:01 PM, on 1/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\dp-k13w13.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\system32\pgtools\tatss.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\System32\Kae2.exe
C:\WINDOWS\System32\FonVpeWU.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AproposClient\Apropos.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SONY\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {812EFE55-F65C-45E8-954C-3163A03E6220} - C:\WINDOWS\System32\ukbdblr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-k13w13.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\CipHW.exe
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40

xxxxxx.exe internet problems freezes when opening pop ups Microsoft office 2007 problem no pop-up	what to do about pop up virus alert outlook script problems keeps popping up how do i get rid of pop up adverts
See More

Response Number 6

Name: tinner666
Date: January 19, 2004 at 18:58:06 Pacific

Reply:

Look in add/remove to see if whenusearch is there. if so remove it.
Put hjt in c:\. run it, check these items, close all other windows.
With only hjt running, fix these
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {812EFE55-F65C-45E8-954C-3163A03E6220} - C:\WINDOWS\System32\ukbdblr.dll

O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe

O13 - WWW. Prefix: http://

I would also fix this one,BUT if you need it later, it will be in the HJT backup log.
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
(Manual updates are safer, and this might be bad.)
Do you know this ip? Is it yours? if not delete,fix these also;
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40

disable if you're not using this.
Ctfmon CTFMon.exe
(Microsoft) CTFMon comes with Microsoft Office XP and Windows XP � it activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. As long as the Text Services & Speech are enabled in the Control Panel, this program will force itself back into your list of background programs.
Recommendation :
Disable "Text Services & Speech" in the Control Panel if you are not using them. Then, disable CTFMon using The Ultimate Troubleshooter. (Note that if you use Word, Excel or PowerPoint to write in different languages, eg. English and Arabic, then you will be using "Text Services & Speech" facilities).
If you still have problems, it could actually be peper. Anybody recognize this??
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\CipHW.exe

Response Number 7

Name: muimui
Date: January 19, 2004 at 21:12:09 Pacific

Reply:

Hi,
I did follow your instructions to fix the problems from hijackthis and there're some problems still existing.
when i connected to the internet the IE browser will pop up with advertisment automatically.
Then I opened another browser like 2 seconds after another pop up message shown up again.
Therefore I tried to run hijackthis again and here's the logfile.
Pls help me out again.
Any help would be appreciated.
Thanks!
Logfile of HijackThis v1.97.7
Scan saved at 11:54:06 PM, on 1/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\pgtools\tatss.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\ICQ\ICQ.exe
C:\WINDOWS\System32\Wqj2moDV.exe
C:\WINDOWS\System32\Demc1bU0.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AproposClient\Apropos.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\SONY\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Cjo9g.exe
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40

Response Number 8

Name: tinner666
Date: January 20, 2004 at 06:48:58 Pacific

Reply:

Go here for free trojan scan
http://www.trojanscan.com/trojanscan/
Do it first.
I'm 99% sure you have the peper trojan which needs special attention, if so...
1. Use the uninstall tool - download from: http://home01.wxs.nl/~kleyn080/uninst.exe. Double click on uninst.exe, let it run and terminate.
2. Delete all the associated files with drpeper - download from http://www.mjc1.com/files/mo/drpeper.html. Double click drpepertobackup, it will self extract to C:. With the text in the box highlighted and the 'overwrite' existing files checked, click start.
3. Go to the file C:\drpeper\Find backup and Delete Peper files.vbs and double click.
4. A box will appear, copy and paste: xxxxxx.exe and hit ok.
5. A second box will appear, copy and paste yyyyyy.exe and hit ok.
6. It will find all the files, delete them and will make backups in the same folder. It'll open a text file (Peper.txt) with the list of all files deleted. Make sure it is saved. Then rescan with HJT, post a new HJT log and the contents of the Peper.txt file - the next stage will be to remove the rest of the bad stuff.
In line 4. replace xxxxxx.exe with any unknown running process that does not have an O4 startup.
In line 5. replace yyyyyy.exe with the one from the [14-char], which would be MztYif2.exe in the example above.
Make sure they show the Peper.txt - it should list a bunch of things deleted. And make sure they keep the drpeper folder with the backups.
Once they are all clean and happy they can delete the drpeper folder.

I'm getting into untested ( by me ), ground here. Afterwards, messenger and a couple of other thins need to be disabled.
Frank

Response Number 9

Name: tinner666
Date: January 20, 2004 at 07:51:22 Pacific

Reply:

After you've done all the other things from earlier answer:
You should put HJT in C:\ for back-up.
WITH ALL OTHER WINDOWS CLOSED, HAVE HJT FIX:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -
C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC
Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe

FIX:
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Cjo9g.exe
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/

Turn this off in services.msc
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
DO you recognize these? if so keep, if not fix.
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DA
E}: NameServer = 67.36.13.26 66.73.20.40
O17 -
HKLM\System\CS1\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DA
E}: NameServer = 67.36.13.26 66.73.20.40

REBOOT
Download CWShreddder
http://www.spywareinfo.com/~merijn/cwschronicles.html
and check your system.
Here's what I found on nerocheck. It's up to you to try. Quote is
from answers that work:Nerocheck NeroCheck.exe
(Ahead Software) Background Task installed by Nero�s CD Burning
software. Straight from Ahead software : "The NeroCheck program looks
for known driver conflicts with our Nero software. So that when a
Nero Log file is printed, at the very bottom of the Nero log file you
will find a list of drivers we have found on your system that could be
causing conflicts, if you are running into problems.".
Recommendation :
If Nero is working on your system then you do not need NeroCheck to
run. Disable it with The Ultimate Troubleshooter unless you
experience problems with Nero, in which case re-enable NeroCheck to
see what the log file reports.
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

Response Number 10

Name: Srathi
Date: January 21, 2004 at 05:34:55 Pacific

Reply:

Hey I am still waiting for you to try the doxdesk website and give me the report.

Response Number 11

Name: Lorges
Date: February 20, 2004 at 15:57:01 Pacific

Reply:

I had the same thing happen with the unwanted toolbar and here is how I fixed it.
I went to the windows add/remove menu and found it there listed as a program. Windows removed it just fine. I ran ad-aware which didn't pick it up the first time but the second time I ran ad-aware I did so with an updated list and this time it found it lodged in the registry. Ad aware removed it and I re-booted several times to make sure it wasn't going to reappear and it was gone. I also located two other programs which should have not been there and got rid of them as well. I found the folder for it using Windows Explorer (Folder name was search4u-or similar name). Hope this helps.

Response Number 12

Name: seaside
Date: February 21, 2004 at 12:36:24 Pacific

Reply:

I just had the same problem with the WhenUSearch toolbar. I could not remove it using Add/Remove programs even though it was listed there. I tried Spybot Search & Distroy and AdAware...found and removed a lot of other bad stuff by not this toolbar.
THE SOLUTION: Find the WhenUSearch folder in Program Files. Here you will find the uninstall program. Run it and voila! its gone.

Sponsored Link

Ads by Google

switching to direcway

BlueScreen Help

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: urgent problems about pop up advert

Pop up problems

Summary

www.computing.net/answers/windows-xp/pop-up-problems/66281.html

Ie pop up problems

Summary

www.computing.net/answers/windows-xp/ie-pop-up-problems/39967.html

Pop Up Problem

Summary

www.computing.net/answers/windows-xp/pop-up-problem/2583.html

From the Geek Dictionary
Extensible Markup Language - Extensible Markup Language (XML) is a W3C open standard that is used to des...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Using wireless card

Monitor turnoff

disappearing Spider rummy

Links won't open

cut question

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE