Recently for a bout a week now I have been getting small Microsoft Internet Explorer windows popping up on the top left of my screen whenever I go into websites like ebay, etc.. I close them out because I cannot maximize them or view to see what's actually popping up.
Now not only do I get these tiny pop up windows, that are starting to really annoy me, I'm also not able to open up another window from clicking on something within a website. For example. www.bennigans.com takes me to the main screen, but when I click on the menu icon at the bottom of the screen, IE opens up another window, but I cannot view it.
It only acts as if it its going to open, hangs around forever and never loads. Sometimes I can maximize and refresh the page if it will let me, but I sholdn't have to do this, everytime I want to view web pages.
Anyone know what I can do to resolve this major annoyance!!!
Thanks, Tate!:rolleyes:
Welshjim
March 17th, 2003, 05:11 PM
tate--FWIW--I often get little windows saying something about MS in the title bar. Often they are blank. I think they are windows with ads for sites to which I have barred access (through my HOSTS file and/or Security|Restricted Sites). So the original site I visited can open the window but there is no content because I have barred access by the site that would have sent the content.
Now www.bennigans.com is a different matter. I can access it just fine (it is a site for a sweepstakes entry). It fills the whole screen. There is no button for Close. So to close it I have to right click on the screen's button in the taskbar and then Close. (I suppose Alt+F4 would also have closed it.)
I do not think there is much you can do to avoid either behavior. It is just advertisers, who for some reason think that, if they annoy you, you will buy something (or click the wrong button and cause more problems). I never sold anything that way.
However, it never hurts to run a virus scan (after being sure your virus definitions are up to date) and a spyware scan from Spybot or Ad-Aware (Lavasoft).
http://security.kolla.de/
http://www.lavasoft.de/support/download/
tate
March 17th, 2003, 05:25 PM
I gave the bennigans website as an example. When I go to view websites and try to view other pages from a main frame, I get constant windows that intend to open for actual viewing of the specific page I'm trying to link to, but they never seem to open for me. They just hang on and never open.
As far as the little windows that pop up constantly, it happens all the time, no matter what site I'm trying to view.
This has just started happening to me, with in the last week or so. And I know its not normal. Something is definitely not right, I shouldn't have trouble viewing links to other pages on websites or be getting these tiny windows no matter where I go.
Welshjim
March 17th, 2003, 05:50 PM
tate--I am not sure I have an understanding of the situation.
Are you getting any (error) message?
Have you scanned for viruses, spyware?
Maybe I misunderstood the size of those little windows. Do they have a ribbed area at the bottom right corner? Can you click on it and drag the window diagonally to the bottom right and eventually get a proper sized window? Does it now contain the content from the second site?
Or maybe you need to reassociate your hyperlinks?
http://support.microsoft.com/support/kb/articles/Q177/0/54.asp
http://help.att.net/docs/use/email/msole/prb_xxx_w95-3x_e-mail-links-dnw.htm?customercontent=customer_news&formType=FAQ
Or maybe you should Repair IE? Start|Programs|Accessories|System Tools|System Information|click on Tools|click on Internet Explorer Repair Tool|Wait.
tate
March 17th, 2003, 06:46 PM
Strange thing, when I went to do the system repair It gives me Ms Info32 error message and won't let me to the repair. Why I wonder??
I'm not getting any error messages and my computer is virus free. Just checked it!
The pop up windoes are blank and about 2 inches by 2 inches wide. I can't maximize them, but I can close them either on the taskbar or right from the tiny window. And no they have no ribbed area. The tiny windows are a separate issue from the 2nd problem of not being able to view links with in a website. The tiny windows usually occur if I'm just generally surfing from page to page, like ebay or yahoo, etc.. they just suddenly pop up at random.
Welshjim
March 17th, 2003, 07:02 PM
tate--Have you tried the suggestions in the two links I gave you? Or are you saying you cannot open links?
Can you provide the exact MSINFO32 error message you got when you tried to repair IE? Do I understand you got to the System Information|Tools drop down menu offering the Internet Explorer Repair tool but got the error message when you clicked on the Repair? Or could you not get to the System Information window, itself?
Do you have fixie.inf on your PC? If yes, right click on it and click Install. That might revive the Repair IE tool.
I do not think you have told us what version of Windows or IE you have.
tate
March 17th, 2003, 08:00 PM
I am using windows 98.
Ok, I went to both links and did exactly what was instructed. Still the same problem. So far however, I have not gotten the small window boxes. But that does happen intermittenly. So who knows if that problem is solved.
When I got an email saying virtual dr has a post for me and I click on the link, it opens up a new window and hangs there and will not open. (just like when i go to view another page from a website) Now if I hit stop and refresh it will load properly. Most times I am able to hit stop and refresh the new window I'm trying to view, and it will load, sometimes though I cannot.
When I used your steps to check inside my computer I get the following error:
MSInfo32:
This program has performed an illegial operation and will be shut down. In the details it reads:
Msinfo32 caused an invalid page fault module then goes into all the error numbers with a stack dump at the end.
To sum up:
both links got me where I needed to go, but I had to stop and refresh each page to actually view it. I have no viruses, and I followed both links as you instructed, and still nothing.
AnnMarie
March 18th, 2003, 03:47 AM
Hi tate - sounds like your browser has been hijacked.
Go here (http://www.spywareinfo.com/files/hijackthis.zip) and download and run Hijack This. Dont make any changes, just copy the log and post it back into this thread and we will walk you through what you need to do.
tate
March 18th, 2003, 05:36 PM
Ok, I have downloaded this zip file. Now What??
tate
March 18th, 2003, 06:03 PM
Here is what the log shows.
Now what??
Logfile of HijackThis v1.92.1
Scan saved at 6:19:25 PM, on 3/18/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.commonname.com/english/toolbar/sidebar.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.commonname.com/english/toolbar/sidebar.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Gateway 2000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL=http://proxycfg.marketscore.com/gencfg.asp?id1=ZZZZZZZZ010&id2=5077626CSMM&lp=1&nsv=5.1.1.1
F1 - win.ini: load=C:\ETRENDS\etrend32.exe
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EBAYBAND.DLL
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\HOTBAR.DLL (file missing)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_1.1.66-deleon.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\BABEIE.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinPoET] c:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [babeie] rundll32 "C:\Program Files\CommonName\Toolbar\BabeIE.dll",DllStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [OSSProxy] C:\WINDOWS\SYSTEM\OSSPROXY.EXE
O4 - HKCU\..\Run: [NSCheck] C:\WINDOWS\SYSTEM\NSCHECK.EXE /check
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: eBay Toolbar.LNK = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EBAYTBAR.EXE
O4 - Startup: Update LeaseWizard.lnk = C:\Program Files\LeaseWizard 3.4\WiseUpdt.exe
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O10 - Broken Internet access because of LSP provider 'CSLOA.DLL' missing
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://router.squirrelmonkey.com/activex/AxisCamControl.ocx
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37617.7129398148
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
AnnMarie
March 18th, 2003, 07:41 PM
Aww, your computer is riddled with Spyware and your winsock layers have been corrupted. Welshjim suggested that you download and run Spybot, did you do that yet? If you havent run Spybot, wait and do this first. Download LSPfix.exe (http://www.cexx.org/lspfix.htm) and run it on your PC.
Go to Start > Settings > Control Panel and click on Add/Remove Programs. Look for CommonName, Netsetter (or MarketScore), Hotbar and uninstall each program (if they are there).
Now run Spybot but go online and update it first. Make sure that you are running version 1.2. If you havent downloaded it, download and instructions for use below:
Download Spybot - Search & Destroy from here (http://spybot.eon.net.au/)
After installing, launch Spybot from the Desktop Icon (Easy Mode),click on the Search For Updates button, search for and install all updates.
Now click on the Check for Problems button and the scan will start. Any Red entries indicate spyware problems that should be fixed to avoid security and/or privacy problems. This is the only kind of problem that is preselected to be fixed. If, after running the scan, Spybot displays red entries, click on the Fix Selected Problems button.
Now click on the Immunize button to protect your PC from known pests and exit.
If you have chosen to install an icon in your Quick Launch bar, Spybot will launch in Advanced Mode. I do not recommend this option for first time users of Spybot.
NOTE: SSD will sometimes not be able to remove all active components in the first 'run'. In that case you will get a dialog asking you to run SSD at next start. Click yes and reboot.
SSD will activate before the system puts these components 'in use', and it will then be able to 'fix' the rest.
After you have used Spybot, run Hijack This again and post back a new log.
The problem with opening links is more than likely an unrelated issue. Download mcrepair.exe from here (http://download.microsoft.com/download/msninvestor/Patch/1.0/WIN98/EN-US/mcrepair.EXE). Close IE, run mcrepair.exe and reboot afterwards.
(When you run this executable, it asks you whether you wish to overwrite newer files, make sure to click YES for each file.)
Let us know how you get on.
tate
March 18th, 2003, 08:13 PM
Is this download of spybot supposed to take this long to download?? Its been over 10 minutes and still no estimated time of completion or % complete.
It just keeps saving.
???
AnnMarie
March 18th, 2003, 08:21 PM
Depends on whether you are on cable, DSL or dialup. Its a 3.5MB file so on dialup, prolly about 15 minutes. Everyone is installing the latest version at the moment so the servers may be slow. Try another server, if your download hasnt completed in the next 5 to10 minutes.
tate
March 18th, 2003, 09:25 PM
God what a freakin mess!!!
Here is the new log after using spybot. Looks to be a little bit smaller of a list. I'm going to now download mcrepair next. But How does this log look now??
Logfile of HijackThis v1.92.1
Scan saved at 9:40:37 PM, on 3/18/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Gateway 2000
F1 - win.ini: load=C:\ETRENDS\etrend32.exe
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_1.1.66-deleon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinPoET] c:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Update LeaseWizard.lnk = C:\Program Files\LeaseWizard 3.4\WiseUpdt.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.66-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Broken Internet access because of LSP provider 'CSLOA.DLL' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://router.squirrelmonkey.com/activex/AxisCamControl.ocx
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37617.7129398148
tate
March 18th, 2003, 09:34 PM
downloaded the mcrepair.exe file and ran it. I Still have no solutions to all the original problems. Dosent look like doing anything we tried fixed anything.,
Is this a lost cause... I'm getting very worried now.
AnnMarie
March 18th, 2003, 09:40 PM
Hi tate, its lots better now. :D
Just one entry left to fix and you can use Hijack This to fix it. Run Hijack This again and select the below entry and then click on Fix Selected.
F1 - win.ini: load=C:\ETRENDS\etrend32.exe
Then run a search for etrend32.exe and delete it.
Did you run LSPFix? If not, do so, there are still problems with your winsock layers.
AnnMarie
March 18th, 2003, 09:41 PM
I just saw your last post, have you rebooted tate?
tate
March 18th, 2003, 10:04 PM
Ok, here is the latest log...
I have to say though, I didnt want to get rid of my ebay toolbar, and my etrends.exe program. That company pays me to keep that link up all the time. I've had it up for several years now.
Ebay toolbar I've only had for 8 months. Is it really possible that those particular programs could have caused these problems??
Because I am still having no luck. Everything is still the same.
One strange thing too, once I finished all the things we did, as soon as i signed on my norton came up and found a virus q159920.exe which I quarintined. Strange,,,
Watch, now I'll start having all these problems after all this...
So.... what should we try next???
I really appreciate all of your help!!! I just get very nervous and frusturated, please try to bear with me!!
Logfile of HijackThis v1.92.1
Scan saved at 10:10:04 PM, on 3/18/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Gateway 2000
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_1.1.70-deleon.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinPoET] c:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Update LeaseWizard.lnk = C:\Program Files\LeaseWizard 3.4\WiseUpdt.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://router.squirrelmonkey.com/activex/AxisCamControl.ocx
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37617.7129398148
AnnMarie
March 18th, 2003, 10:21 PM
Hi tate - dont worry, I will stick with the thread until the problem is solved. I have to go out soon though so this will be my last post for a few hours.
OK, are you still getting the popup ads? If so, what ads are they and what site are you on when it happens?
If you are still having problems opening links in IE, try this next:
Close IE and go to Start > Run, and run the following commands one after the other, each line followed by 'enter':
Run each line individually. After each run, you should see a short message stating the command was successful. Now reboot.
tate
March 19th, 2003, 06:30 PM
Ok I did all the runs you requested. The only error I received was
on the actxprxy.dll run
here was the error:
RegSvr32
Load Library ("actprxy.dll") falied to get last error returns Ox00000485.
Ok, so now what??
Thanks,
Tate;)
AnnMarie
March 19th, 2003, 06:59 PM
Hi tate - it looks like we have found the culprit for your links not opening. Check your spelling though first and try to run the command again (for actxprxy.dll only). If you get the same message, the file is either missing or corrupt.
OK, we will try restoring actxprxy.dll from the Win98 cab files on your CD using the System File Checker. Put your Win98 installation CD in your CD ROM drive and follow the instructions below:
1. Go to Start > Run and enter SFC and click OK
2. Check "Extract one File"
3. Enter the file name and click on "Start"
4. In the "Restore from" field enter:: D:\WIN98 (if 'D' is letter of your CD-Rom drive or change accordingly). In the "Save File In" box type C:\Windows\System.
5. When prompted to create a backup of the file, note the location of the Backup folder and click OK.
6. You then see the message "The file has been successfully extracted." Click OK to complete the process and restart your computer when prompted.
Post back and let us know how you get on.
tate
March 19th, 2003, 07:27 PM
Hello again,
Ok, I tried re running the problem .dll
It did work this time.
So I did not try restoring the file.
I also checked my example website that I used in the beginning of this posting inception. Everything seems to be working fine now, no problems viewing pages within pages on websites. No small pop up windows at my top left corner of the screen.
Looks as if I'm doing ok. Do you think I'm out of the clear??
I have a few other questions, if I am...
1. Am I always going to run into this problem sooner or later down the line??
2. Is there something I can do to prevent this from ever happening again??
3. Since I deleted ebays toolbar program and my etrends program, which I use on a daily basis,were these the central roots of the problem??
4. Can I reinstall these programs without running the risk of this happening again??
5. Was there some strange reason why last night when I booted up my computer found that virus all of a sudden?
Funny thing I never did mention that was also an ongoing problem, that seems to have now fixed itself, was I always had a problem printing on webpages sometimes it would print no problem, most times I would get an error message asking me if I wanted to run cgi scripts on the page, no matter whether I hit yes or no, it wouldn't let me print. The page would get stuck in my cue until I restarted the computer. Do you think this was the cause??
One last thing... what do you recommend for a program to rid spam from my email?? One person recommended mailwasher.
So in summary, my computers browser was hijacked??
can we find out exactly who hijacked it and how??
Again, thank you so much for all of your help!! Seems as if my computer is one big mess!!
Tate :rolleyes:
AnnMarie
March 19th, 2003, 07:49 PM
Hi Tate - your computer is just fine now. Your problem was caused by Spyware on your PC but all the junk has now been removed :D
1. Am I always going to run into this problem sooner or later down the line??
Not necessarily. Here is a great freeware program that you can install to prevent spyware being downloaded onto your PC. SpywareBlaster (http://www.wilderssecurity.com/spywareblaster.html). You now have Spybot as well, update it regularly and run it every couple of weeks or so, just to be sure.
2. Is there something I can do to prevent this from ever happening again??
See my previous answer
3. Since I deleted ebays toolbar program and my etrends program, which I use on a daily basis,were these the central roots of the problem??
I dont know tate. You can try reinstalling them if you wish. You now know what to do if the problem reoccurs.
4. Can I reinstall these programs without running the risk of this happening again??
See above
5. Was there some strange reason why last night when I booted up my computer found that virus all of a sudden?
Sorry, I dont know but I suspect that it was a recent arrival on your PC or perhaps it had been there for a while and you just updated your definitions?
You are very welcome for the help. Happy surfing :D
tate
March 19th, 2003, 07:54 PM
Thank you so very very much for saving my computer!!!
:D
AnnMarie
March 20th, 2003, 02:21 AM
One last thing... what do you recommend for a program to rid spam from my email?? One person recommended mailwasher.
Sorry, I just noticed that last question. Yes, absolutely, I think Mailwasher (http://www.mailwasher.net/) is a fantastic program. In fact I like it so much that I donated to the author when the only available version was free.
tate
April 25th, 2003, 09:02 PM
Well I'm back again, just ran the hijacking program my log below is the result.
Any suggestions on what to do when I run this program and a bunch of stuff comes up like this?? I mean really?? This is ridiculous!! :o
Logfile of HijackThis v1.92.1
Scan saved at 8:57:17 PM, on 4/25/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Gateway 2000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL=http://proxycfg.marketscore.com/gencfg.asp?id1=ZZZZZZZZ010&id2=5077626CSMM&lp=1&nsv=5.1.1.1
O2 - BHO: (no name) - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_1.1.70-deleon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinPoET] c:\BANetDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://router.squirrelmonkey.com/activex/AxisCamControl.ocx
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37617.7129398148
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://ibmezprint.com/plugin/axversion/1410/printQuick1410.cab
AnnMarie
April 25th, 2003, 09:30 PM
Hi tate - most of those entries are fine. Have you installed Marketscore or Netsetter? If you have, go to Add/Remove Programs in Control Panel and uninstall it and then reboot.
Run Hijack This again and click on the below entry: