Skip to main content

Texruss

3.4K Posts

May 31st, 2004 00:00

>Hi I have dsl and when I click a link it freezes have to cont alt delete,but when I go thru the internet explorer it does not do this. Any suggestions?

What do you mean by DSL? The browser provided with your DSL service? Perhaps it needs reinstalling (or even better removal of all the sorry DSL-provider bloatware and have somebody who knows what they are doing to get you a clean DSL connection). *;-) 

Texruss

mercedes1953

3 Posts

June 2nd, 2004 11:00

Yes, I will do that Thank You. Actually my problems started when I got SBC DSL  of Michigan.

Thank You Again.

mercedes1953

Fiona80

6 Posts

February 5th, 2005 05:00

Hi, I have the same problem as you since last two months. I also used sbc dsl, so i'm not sure is this the main problem. I want to know do you already fix the problem and how?

Midnight Star

4.8K Posts

February 5th, 2005 23:00

Fiona,

Can you describe in as much detail, the problem your experiencing and what you might've tried to resolve it?

Mike.

mercedes1953

3 Posts

February 6th, 2005 00:00

Yes Hi Thank You for asking. I solved the problem by calling SBC Yahoo and they sent me a new cd. I reinstalled the new cd. It took care of the problem.  I hope this helps.
Myriam1953.

Midnight Star

4.8K Posts

February 9th, 2005 23:00

Fiona,
 
Are you able to download anything from  that system?
 
Mike.
 

Fiona80

6 Posts

February 9th, 2005 23:00

Hi, thank you for your sharing. I haven't solve my problem yet. I used sbc dsl, and use sbc yahoo browser. Once I opened my internet explorer, my computer goes to freeze. I called sbc, and they said it is internet explorer had problems. It might be had too much pop-ups. So, what should I do.

Fiona80

6 Posts

February 9th, 2005 23:00

yes, I am able to download or to do anything with sbc yahoo browser. Sometimes, the internet explorer is working, like for right now......after I turn off the computer, and restart. when I open internet explorer, the pc will be freeze.

Midnight Star

4.8K Posts

February 10th, 2005 00:00

Fiona,

Good - let's start with this...


Go to www.trendmicro.com, and then:

1.  Click " Free Online Scan".
2.  Click " Scan now, it's free".
 
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
 
1.  Select all available drives.
2.  Check(tick) " Auto Clean".
3.  Click " Scan".
 
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
 

Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.0. Now, let's do the following: 
   
 1.  Click " Scan
 2.  Click " Save log
   
 Notepad will pop-up with a copy of your system long, then: 
   
 1.  " Edit | Select all
 2.  " Edit | Copy
   
 Next, let's " Reply" back to this post, then: 
   
 1.  Right-click on the message body. 
 2.  Select " Paste
   
 Then just " Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
 
 
Mike.
 

Fiona80

6 Posts

February 10th, 2005 01:00

Thank you for helping.  I did the first part, and there is one file that can't be delected. So, I didn't do anything with that, is that OK? For the second part, I couldn't finish it. It shows "Hijace this has encountered a problem and needs to close." So, I didn't do anything for the second part.

Midnight Star

4.8K Posts

February 13th, 2005 15:00

Fiona,

Let's try using this verson, and see if it will work out better...

http://www.bleepingcomputer.com/files/Merijn/HijackThis1982.zip

Just download the previous version and follow the instructions above to post back a log for analysis.

-

Mike.

 

Fiona80

6 Posts

February 17th, 2005 23:00

Hi, I tried to use the hijack this, and got these things. Again, thank you for helping, I'm very appreciated.
 
Logfile of HijackThis v1.98.2
Scan saved at 5:20:29 PM, on 02/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\convoert.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\documents and settings\ying zhao\local settings\temp\1lwmRt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\ying zhao\local settings\temp\aSu4WH6.exe
C:\documents and settings\ying zhao\local settings\temp\PYX.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Ying Zhao\Application Data\eetu.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\KINGSOFT\XDICT\xdict32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\HijackThis1982\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qgxgiqxiglacmjojbaot.com/tfQHXjtFzc4ema1U31WYxb9tw9CtC1aT6aCk_X78MwUBOLd1BjIuHtRVwZLPCYLG.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 64.12.152.18 search.netscape.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINDOWS\Downlo~1\ddtinit.dll
O2 - BHO: (no name) - {6189ABE0-3103-3BDD-7C76-3BB6091FF3E6} - C:\WINDOWS\System32\wgbom.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Ying Zhao\Local Settings\Temp\cLZsl3.dll
O2 - BHO: (no name) - {FBE9BEA2-495A-7ABD-CBD2-F3C431F3682A} - C:\DOCUME~1\YINGZH~1\APPLIC~1\fourdent\WEB ADMIN.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ÐÂÀ˵ãµãͨ - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\Downlo~1\DDTONG~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [convoert.exe] C:\WINDOWS\System32\convoert.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [1lwmRt] C:\documents and settings\ying zhao\local settings\temp\1lwmRt.exe
O4 - HKLM\..\Run: [aSu4WH6] C:\documents and settings\ying zhao\local settings\temp\aSu4WH6.exe
O4 - HKLM\..\Run: [PYX] C:\documents and settings\ying zhao\local settings\temp\PYX.exe
O4 - HKLM\..\Run: [moreamencompblue] C:\Documents and Settings\All Users\Application Data\Bolt Copy More Amen\burnthird.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [convoert.exe] C:\WINDOWS\System32\convoert.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Drive style] C:\DOCUME~1\YINGZH~1\APPLIC~1\OPTION~1\The close.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Ying Zhao\Application Data\eetu.exe
O4 - HKCU\..\Run: [Ddbdaavk] C:\WINDOWS\System32\r?gedit.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - Global Startup: CIBA2000.lnk = C:\Program Files\KINGSOFT\XDICT\xdict32.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {00000000-0000-0001-0001-596BAEDD1289} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/OPTI0500/optimize.cab?id=9205467
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
 

Midnight Star

4.8K Posts

February 22nd, 2005 19:00

Fiona80,

Your more than welcome!

-

Now, let's see what we can do...


If you haven't ran HouseCall lately, let's go back to www.trendmicro.com, download the latest definitions, and run it.


Download, unzip to your desktop CWShredder and run it, then:

1.  Click "Check For Update"
 
   (If an update isn't available, skip to step #4.)

2.  Click "Click here to Download the upate".
3.  When the new version has been downloaded, click "Save".

4.  Click "Fix ->"


Go to Add/Remove programs and remove(uninstall) the following, if present:

   EBates MoeMoney
    EZula Toptext
    Web Offer
    Web Related
    WildTangent
    WinTools

   TBPS

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.


If you don't already have it, let's go to Lavasoft's VX2 Cleaner web-page, and follow the instructions to download and install the utility.

-

Next, run AdAware SE Personal, then:

1.  Click "Add-Ons".
2.  Double-click "VX2 Cleaner"
3.  Click "Ok", to "Execute this tool".
4.  If nothing is found, click "Ok", then exit the program.

   (or)

4.  If VX2 has been found on your system, click "Clean System"
5.  Then when it's complelely done, reboot your computer.
6.  Repeat steps 1-4 again.

Be sure to follow any instructions it might give while using it.

                    
Download LSPFix and unzip to your desktop, then run it. Now, we need to:                    
                                  
 1.  check(tick) " I know what i'm doing".                    
 2.  click on (highlight) each occurance of the following, one at a time:
                   
      inetadpt.dll
                    
 3.  then click " >>", moving each one, individually, to the 'Remove' pane.                   
 4.  (double-check, and make sure that only the above files are in the 'Remove'pane.)
  5.  click " Finish >>

       


Let's download the Symantec VirtuMundo removal tool, and run it.


Next, we need to remove(uninstall) the 'lop' infection by going to here, then downloading and running the uninstaller(s) that relate to the application(s) your wanting to remove. The following selections are available: " Start page", " Search engine", " Accessories Toolbar".

After uninstalling any (or all) of the above, let's see if we have anything in "Scheduled Tasks":

Download, unzip and run ScheduledTasks.bat (courtesy of ddeerrff), and when notepad comes up, post the contents back to this thread.


Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution ( if provided in this post). This version has features that might help in 'cleaning' up your system.


Run HiJackThis then:

1.  Click "Config..."
2.  Click "Misc Tools"
3.  Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

   C:\PROGRA~1\Toolbar\TBPSSvc.exe
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\Common Files\WinTools\WToolsA.exe
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\WINDOWS\System32\convoert.exe
    C:\PROGRA~1\Toolbar\TBPS.exe
    C:\documents and settings\ying zhao\local settings\temp\1lwmRt.exe
    C:\documents and settings\ying zhao\local settings\temp\aSu4WH6.exe
    C:\documents and settings\ying zhao\local settings\temp\PYX.exe
    C:\Documents and Settings\Ying Zhao\Application Data\eetu.exe
    C:\WINDOWS\System32\r?gedit.exe
    C:\PROGRA~1\Toolbar\PIB.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.


Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32  /u  ddtinit.dll
regsvr32  /u  wgbom.dll
regsvr32  /u  WToolsB.dll
regsvr32  /u  toolbar.dll
regsvr32  /u  cLZsl3.dll
regsvr32  /u  DDTONG~1.DLL

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.



Run HiJackThis and click " Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qgxgiqxiglacmjojbaot.com/tfQHXjtFzc4ema1U31WYxb9tw9CtC1aT6aCk_X78MwUBOLd1BjIuHtRVwZLPCYLG.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O1 - Hosts: 207.68.176.250 auto.search.msn.com
O1 - Hosts: 64.12.152.18 search.netscape.com

O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINDOWS\Downlo~1\ddtinit.dll
O2 - BHO: (no name) - {6189ABE0-3103-3BDD-7C76-3BB6091FF3E6} - C:\WINDOWS\System32\wgbom.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Ying Zhao\Local Settings\Temp\cLZsl3.dll
O2 - BHO: (no name) - {FBE9BEA2-495A-7ABD-CBD2-F3C431F3682A} - C:\DOCUME~1\YINGZH~1\APPLIC~1\fourdent\WEB ADMIN.exe

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: ÐÂÀ˵ãµãͨ - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINDOWS\Downlo~1\DDTONG~1.DLL

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [convoert.exe] C:\WINDOWS\System32\convoert.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [1lwmRt] C:\documents and settings\ying zhao\local settings\temp\1lwmRt.exe
O4 - HKLM\..\Run: [aSu4WH6] C:\documents and settings\ying zhao\local settings\temp\aSu4WH6.exe
O4 - HKLM\..\Run: [PYX] C:\documents and settings\ying zhao\local settings\temp\PYX.exe
O4 - HKLM\..\Run: [moreamencompblue] C:\Documents and Settings\All Users\Application Data\Bolt Copy More Amen\burnthird.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [convoert.exe] C:\WINDOWS\System32\convoert.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Drive style] C:\DOCUME~1\YINGZH~1\APPLIC~1\OPTION~1\The close.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Ying Zhao\Application Data\eetu.exe
O4 - HKCU\..\Run: [Ddbdaavk] C:\WINDOWS\System32\r?gedit.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: (no name) - {00000000-0000-0001-0001-596BAEDD1289} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)

O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/OPTI0500/optimize.cab?id=9205467

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll


Now, with all windows closed except HiJackThis, click "Fix checked".


Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

   C:\PROGRA~1\Toolbar
    C:\Program Files\Common Files\WinTools
    C:\PROGRA~1\COMMON~1\WinTools
    C:\Program Files\WildTangent
    C:\PROGRA~1\ezula
    C:\PROGRA~1\Web Offer

files...

   C:\WINDOWS\System32\convoert.exe
    C:\documents and settings\ying zhao\local settings\temp\1lwmRt.exe
    C:\documents and settings\ying zhao\local settings\temp\aSu4WH6.exe
    C:\documents and settings\ying zhao\local settings\temp\PYX.exe
    C:\Documents and Settings\Ying Zhao\Application Data\eetu.exe
    C:\WINDOWS\Downlo~1\ddtinit.dll
    C:\WINDOWS\System32\wgbom.dll
    C:\Documents and Settings\Ying Zhao\Local Settings\Temp\cLZsl3.dll
    C:\DOCUME~1\YINGZH~1\APPLIC~1\fourdent\WEB ADMIN.exe
    C:\WINDOWS\Downlo~1\DDTONG~1.DLL
    C:\Documents and Settings\All Users\Application Data\Bolt Copy More Amen\burnthird.exe
    C:\DOCUME~1\YINGZH~1\APPLIC~1\OPTION~1\The close.exe
    c:\windows\system32\inetadpt.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".


Post back a new log, and let me know how everything goes.

-

Mike.

 

Fiona80

6 Posts

February 25th, 2005 08:00

I have too much pop-ups, how can I stop it!

Midnight Star

4.8K Posts

February 25th, 2005 17:00

Fiona,

If your not able to begin working the problem, then we can try it this way:

1) Reboot into "Safe Mode", and try the solution I posted from there (for HiJackThis only).

...then do another log, reboot back into "Normal" mode, and post up the log for me to see how much we were able to accomplish. You may also need to download the programs you'll be using from another computer and install them on the infected pc.

-

Mike.

Message Edited by Midnight Star on 02-25-2005 01:38 PM

Was this post helpful?

View All

No Events found!

Top