1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Popups

Discussion in 'Web & Email' started by Susanne32570, Feb 17, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Susanne32570

    Susanne32570 Thread Starter

    Joined:
    Aug 30, 2002
    Messages:
    41
    I have been reading other's accounts of having problems with pop ups and hope that you can help me as well. I have been having problems with these for some time every time I open Internet Explorer and they constantly come up while I open new web pages. I am assuming that they are also the cause of my IE to constantly crash, because at times as soon as one will pop up, my computer will freeze and I will have to close the browser window. Then, I get the Windows box that asks if I want to report the error or not. I have downloaded Ad Aware and it has cleaned up my computer of the spyware, but I am still getting pop ups. I have also deleted Wild Tangent.
    I have attached the information that you needed about the start up. Can you help me?

    StartupList report, 2/17/2003, 11:38:11 AM
    StartupList version: 1.51
    Started from : C:\Documents and Settings\Cindy\Local Settings\Temp\Temporary Directory 1 for startuplist151.zip\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ISS\BlackICE\blackd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\Visioneer\PaperPort\pptd40nt.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\ebkrdr\mediaman.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\ISS\BlackICE\blackice.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Cindy\Local Settings\Temp\Temporary Directory 1 for startuplist151.zip\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    BlackICE Utility.lnk = ?
    Quicken Scheduled Updates.lnk = C:\Program Files\Quicken 2003\bagent.exe
    Quicken Startup.lnk = C:\Program Files\Quicken 2003\QWDLLS.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
    AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    Dell|Alert = C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    PaperPort = C:\Program Files\Visioneer\PaperPort\runppdrv.exe
    PaperPort PTD = C:\Program Files\Visioneer\PaperPort\pptd40nt.exe
    IndexSearch = C:\Program Files\Visioneer\PaperPort\IndexSearch.exe
    Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    LVCOMS = C:\WINDOWS\System32\LVComS.exe
    New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    winnet = C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
    Omnipage = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    AIM = C:\Program Files\AIM95\aim.exe -cnetwait.odl
    media_manager = C:\Program Files\ebkrdr\mediaman.exe

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    BabeIE - C:\Program Files\CommonName\Toolbar\CNBabe.dll - {00000000-0000-0000-0000-000000000000}
    (no name) - C:\WINDOWS\System32\F1.dll - {00000EF1-34E3-4633-87C6-1AA7A44296DA}
    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\NewDotNet\newdotnet4_50.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
    (no name) - (no file) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F}
    (no name) - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll - {A6250FB8-2206-499E-A7AA-E1EC437E71C0}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\WINDOWS\System32\msiein.dll - {D6E66235-7AA6-44ED-A06C-6F2033B1D993}
    (no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Symantec NetDetect.job
    WebReg 20030216182355.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [CoDetectDigitalRiver Class]
    InProcServer32 = C:\WINDOWS\System32\DETECT~1.OCX
    CODEBASE = http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe

    [ShowCase.ImageBag]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SHOWCASE.OCX
    CODEBASE = http://209.101.212.101/Main/Controls/ShowCase.CAB

    [{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
    CODEBASE = http://207.188.7.150/171dbc1481a254b0ac05/netzip/RdxIE2.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\System32\opuc.dll
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [GigexCtrl ActiveX]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gigexagent.dll
    CODEBASE = http://www.gigex.com/tv/igor/gigexagent.dll

    [Downloader Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ida.dl_
    CODEBASE = http://www.shop.intuit.com/store/executables/ie/IDA.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37559.4422106482

    [Download Class]
    InProcServer32 = C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PretzlDn.dll
    CODEBASE = http://expressit.broderbund.com/plugin/Download.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [Live Collaboration]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\RntX.dll
    CODEBASE = http://livesc02.rightnowtech.com/sonystyle/sonystyle/rnt/rnl/java/RntX.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\Program Files\NewDotNet\newdotnet4_50.dll
    Protocol #1: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
    Protocol #2: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
    Protocol #18: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
    Protocol #19: C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL

    --------------------------------------------------
    End of report, 8,334 bytes
    Report generated in 0.235 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    I was going to buy Ad Aware's upgraded software which keeps watch all the time for pop ups. Is that the only way to keep this from happening in the future?

    Thanks in advance for any help that you can give.
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thanks! :)

    You certainly have some spyware.

    First, go to Start > Run, type Msconfig, and uncheck the following on the Startup tab:

    New.net Startup
    winnet
    media_manager

    Click OK, close Msconfig, but do not reboot at this point.

    Go to Control Panel > Add/Remove Programs, and uninstall New.Net (domains). Reboot after doing that.

    Now download Spybot - Search & Destroy

    After installing, press Online, and search for, put a check mark at, and install all updates.

    Next, go to Settings > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

    Good luck,
     
  3. Susanne32570

    Susanne32570 Thread Starter

    Joined:
    Aug 30, 2002
    Messages:
    41
    Hey Tony! Thanks for your quick reply. I have unchecked two of the three, but there was not one called new.net startup. Would it be one called newdot~1 then rundll32 in windows folder?
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Yes. You can uncheck the item in Msconfig/Startup, but please do not remove the dll in the Windows folder manually.

    Just find New.Net (domains) in Add/Remove Programs, and uninstall the program the correct way.
     
  5. Susanne32570

    Susanne32570 Thread Starter

    Joined:
    Aug 30, 2002
    Messages:
    41
    I am going to follow your directions completely. Should I uncheck the box next to the newdot~1 in the startup box in the misconfig window or leave it and continue with the remaining steps in your first directions?
     
  6. Susanne32570

    Susanne32570 Thread Starter

    Joined:
    Aug 30, 2002
    Messages:
    41
    Sorry, I didn't read the box - I am awake now.
     
  7. Susanne32570

    Susanne32570 Thread Starter

    Joined:
    Aug 30, 2002
    Messages:
    41
    Thanks so much, Tony! I am happy to report that after reading your directions, more carefully, I must say, I have downloaded Spybot and it found so many more problems that were hidden than even Ad aware had found. I installed it and brought up my browser and haven't had any pop ups so far. One question, though, I wasn't sure whether to have Spybot fix the questionable items that were brought up that were unchecked. These included files called usage tracks.

    Thanks so much for your help. I can always count on you guys.
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Glad to hear that got rid of your popups! :)

    The Usage Tracks are another story. It's just an added feature of SpyBot.

    These "green" items are just recently viewed files, the history of visited sites, and the like.

    You can have SB remove them or leave them alone; your choice.

    Removing them cannot possibly cause a problem. And besides, SpyBot backs them up as well, so there's no risk at all.

    It's just a question of how tidy and/or privacy conscious you are.
    It's also a matter of personal taste: For example, I prefer to keep on to the logfiles, as I find them informative.

    In such a case, you go to Excludes > Products > Tracks, and check 'Log'. That way they will be excluded from future searches, and they will never come up again.

    You can also rightclick such an item in the results window, and choose "exclude from further searches".

    SpyBot is very configurable.
     
  9. Susanne32570

    Susanne32570 Thread Starter

    Joined:
    Aug 30, 2002
    Messages:
    41
    Again, you guys are the best! Thanks!
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No prob! :)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/119323

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice