(Solved) browser popup

[rickmarlow20]

Iam hoping that someone can help me. I've some how got this pop-up thing constantly popping up and its driving me crazy. its a browser plugin? So you can dial-up porn. its some how attached its self to my hard drive. I cant get rid of it. its driving me nuts.

 

[Davey7549]

Rick
Welcome to TSG!
There are several items you will have to do. Go to http://www.lurkhere.com/~nicefiles/ and download Spybot and Startuplist. After download locate the Spybot exe program and start it by double click. When Spybot main screen appears click the online tab and select search for updates. After updates appear make sure check marks are made for all updates and click the install updates tab. After updates are installed click the Settings tab and then the file sets tab. Make sure System internals and the Tracks items are unchecked. After they are unchecked the click the Spybot S&D tab and then select to run it. After spybot runs all items in red are eligible for anf should be removed so let Spybot do that.

After spybot removes all the junk from your system the unzip the startuplist program and run that one. Post the results of then list back here for review.

Dave

 

[rickmarlow20]

hi dave
thanks for the info but iam kind of stuck on the start-up part. I unzipped the startup, how do i get spybot to do its thing?

 

[Davey7549]

Rick
If you double click the Spybot exe ssd14.exe program it will start the installer. I directed it to install into a separate folder within a a folder I call utilities but you can have it install to its normal place which would be C:\Program files. After install locate the Spybot Icon and there is where you will start the process.

Startuplist after unzip also will have have a startuplist.exe program. This one however does not install since it is freestanding. Double clicking it will create the report.

Dave

 

[rickmarlow20]

this is what i got from my startup file

 

[steamwiz]

Hi rickmarlow20

Go to Tools\internet options and "delete files"

Then do as Dave said - this is explained alittle different :-

Please Download and install SpyBot,

http://www.lurkhere.com/~nicefiles/spybot14.exe

click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

you may have to run spybot more than once to clear everything

-------------------------
Then post your startup again like this :-

Please post your startup list by doing the following :-

Please go here and download startuplist 1.51 :-

http://www.lurkhere.com/~nicefiles/startuplist151.zip

Download to any folder or your desktop
Unzip the zipfile
Double click the exe file
go to Edit - select all - copy - and paste the results in a new post here


steam

 

[rickmarlow20]

StartupList report, 16/01/2003, 1:42:48 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
C:\PROGRAM FILES\ICQ\ICQ.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
VoodooBanshee = rundll32.exe 3dfxVBps.dll,BansheeLoadSettings
LoadQM = loadqm.exe
HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
Mirabilis ICQ = C:\Program Files\ICQ\NDetect.exe
CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe
NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

MxRunner = C:\PROGRAM FILES\ONTRACK\EASYUNINSTALL\MxRunner.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 15/1/2003, 20:59:40)

[Rename]
NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.INF
NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.DLL
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 14/1/2003, 18:7:46)

[Rename]
NUL=
NUL=C:\WINDOWS\downlo~1\ymsgrins.exe

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\Twain_32\Scanwiz;C:\WINDOWS\Twain\Scanwiz
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------
End of report, 6,294 bytes
Report generated in 0.070 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[steamwiz]

Hi rickmarlow20

Did you "delete files"

Did you run Spybot and "fix all problems"

steam

 

[Davey7549]

Rick
Seems you have quite a bit of racey stuff in there. As Steam asked did you run spybot already and have it uninstall all in red found? If so the we have much other work to do.

Dave

 

[rickmarlow20]

yes it is kinda racey eh. i did everything except i deleted the files just now does that make a difference or should i go through the whole process again?

 

[Davey7549]

Rick
Yes if you just now let Spybot delete what it found rerun Startuplist and paste the results back here again.

Dave

 

[rickmarlow20]

I did everything and in order and this is what i got.StartupList report, 16/01/2003, 2:57:34 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\ICQ\ICQ.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
VoodooBanshee = rundll32.exe 3dfxVBps.dll,BansheeLoadSettings
LoadQM = loadqm.exe
HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
Mirabilis ICQ = C:\Program Files\ICQ\NDetect.exe
CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe
NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 15/1/2003, 20:59:40)

[Rename]
NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.INF
NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.DLL
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\Twain_32\Scanwiz;C:\WINDOWS\Twain\Scanwiz
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------
End of report, 5,173 bytes
Report generated in 0.400 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[Davey7549]

Rick
Sorry about the delay but it is my turn to cook supper for the Family.

Anyway lets remove this item here in your startups and then I would like you to do an online virus scan.

Go to start\run and type in MSconfig then enter. Click startup tab up top and scroll to locate the line with this in it: "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE and then remove check in front of it.

Make sure there are not two! Then click apply then OK.
Do not restart system yet!!!!!!!

Now go to http://housecall.antivirus.com/housecall/start_corp.asp and run a free online scan. Let it remove anything found but let us know what it was if anything.

Come back and report after scan.

Dave

 

[Davey7549]

Rick
Not sure what happened to you but the last steps are to restart system to deactivate the program running from Temp Inet files and then go to Windows Explorer and navigate to C:\Windows\Temp Internet files\Content IE5 folder and locate the OP2Z41U7 folder and delete it.

Dave

 

[rickmarlow20]

Hi dave did a virus scan and none were detected. Now do I reboot the computer to make the changes. My Fingers are crossed