1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

(Solved) browser popup

Discussion in 'Web & Email' started by rickmarlow20, Jan 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    Iam hoping that someone can help me. I've some how got this pop-up thing constantly popping up and its driving me crazy. its a browser plugin? So you can dial-up porn. its some how attached its self to my hard drive. I cant get rid of it. its driving me nuts.
     
  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Rick
    Welcome to TSG!
    There are several items you will have to do. Go to http://www.lurkhere.com/~nicefiles/ and download Spybot and Startuplist. After download locate the Spybot exe program and start it by double click. When Spybot main screen appears click the online tab and select search for updates. After updates appear make sure check marks are made for all updates and click the install updates tab. After updates are installed click the Settings tab and then the file sets tab. Make sure System internals and the Tracks items are unchecked. After they are unchecked the click the Spybot S&D tab and then select to run it. After spybot runs all items in red are eligible for anf should be removed so let Spybot do that.

    After spybot removes all the junk from your system the unzip the startuplist program and run that one. Post the results of then list back here for review.

    Dave
     
  3. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    hi dave
    thanks for the info but iam kind of stuck on the start-up part. I unzipped the startup, how do i get spybot to do its thing?
     
  4. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Rick
    If you double click the Spybot exe ssd14.exe program it will start the installer. I directed it to install into a separate folder within a a folder I call utilities but you can have it install to its normal place which would be C:\Program files. After install locate the Spybot Icon and there is where you will start the process.

    Startuplist after unzip also will have have a startuplist.exe program. This one however does not install since it is freestanding. Double clicking it will create the report.

    Dave
     
  5. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    this is what i got from my startup file
     

    Attached Files:

  6. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi rickmarlow20

    Go to Tools\internet options and "delete files"

    Then do as Dave said - this is explained alittle different :-

    Please Download and install SpyBot,

    http://www.lurkhere.com/~nicefiles/spybot14.exe

    click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

    Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

    you may have to run spybot more than once to clear everything

    -------------------------
    Then post your startup again like this :-

    Please post your startup list by doing the following :-

    Please go here and download startuplist 1.51 :-

    http://www.lurkhere.com/~nicefiles/startuplist151.zip

    Download to any folder or your desktop
    Unzip the zipfile
    Double click the exe file
    go to Edit - select all - copy - and paste the results in a new post here


    steam
     
  7. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    StartupList report, 16/01/2003, 1:42:48 PM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
    C:\PROGRAM FILES\ICQ\ICQ.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1YBOLER\NICE-GIRLS[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    VoodooBanshee = rundll32.exe 3dfxVBps.dll,BansheeLoadSettings
    LoadQM = loadqm.exe
    HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
    Mirabilis ICQ = C:\Program Files\ICQ\NDetect.exe
    CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
    PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    MxRunner = C:\PROGRAM FILES\ONTRACK\EASYUNINSTALL\MxRunner.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:
    (Created 15/1/2003, 20:59:40)

    [Rename]
    NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.INF
    NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.DLL
    NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 14/1/2003, 18:7:46)

    [Rename]
    NUL=
    NUL=C:\WINDOWS\downlo~1\ymsgrins.exe

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\Twain_32\Scanwiz;C:\WINDOWS\Twain\Scanwiz
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------
    End of report, 6,294 bytes
    Report generated in 0.070 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  8. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi rickmarlow20

    Did you "delete files"

    Did you run Spybot and "fix all problems"

    steam
     
  9. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Rick
    Seems you have quite a bit of racey stuff in there. As Steam asked did you run spybot already and have it uninstall all in red found? If so the we have much other work to do.

    Dave
     
  10. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    yes it is kinda racey eh. i did everything except i deleted the files just now does that make a difference or should i go through the whole process again?
     
  11. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Rick
    Yes if you just now let Spybot delete what it found rerun Startuplist and paste the results back here again.

    Dave
     
  12. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    I did everything and in order and this is what i got.StartupList report, 16/01/2003, 2:57:34 PM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\ICQ\ICQ.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    VoodooBanshee = rundll32.exe 3dfxVBps.dll,BansheeLoadSettings
    LoadQM = loadqm.exe
    HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
    Mirabilis ICQ = C:\Program Files\ICQ\NDetect.exe
    CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    PestPatrol Control Center = C:\Program Files\PestPatrol\PPControl.exe
    PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    CONNECT-RAPER[1] = C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 15/1/2003, 20:59:40)

    [Rename]
    NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.INF
    NUL=C:\WINDOWS\DOWNLO~1\YMMAPI.DLL
    NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\Twain_32\Scanwiz;C:\WINDOWS\Twain\Scanwiz
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job

    --------------------------------------------------
    End of report, 5,173 bytes
    Report generated in 0.400 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  13. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Rick
    Sorry about the delay but it is my turn to cook supper for the Family.

    Anyway lets remove this item here in your startups and then I would like you to do an online virus scan.

    Go to start\run and type in MSconfig then enter. Click startup tab up top and scroll to locate the line with this in it: "C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OP2Z41U7\CONNECT-RAPER[1].EXE and then remove check in front of it.

    Make sure there are not two! Then click apply then OK.
    Do not restart system yet!!!!!!!

    Now go to http://housecall.antivirus.com/housecall/start_corp.asp and run a free online scan. Let it remove anything found but let us know what it was if anything.

    Come back and report after scan.

    Dave
     
  14. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Rick
    Not sure what happened to you but the last steps are to restart system to deactivate the program running from Temp Inet files and then go to Windows Explorer and navigate to C:\Windows\Temp Internet files\Content IE5 folder and locate the OP2Z41U7 folder and delete it.

    Dave
     
  15. rickmarlow20

    rickmarlow20 Thread Starter

    Joined:
    Jan 16, 2003
    Messages:
    10
    Hi dave did a virus scan and none were detected. Now do I reboot the computer to make the changes. My Fingers are crossed
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/113597

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice