|
#1
October 15th, 2003, 12:40 AM
|
|||
|
|||
IE 6.0 / pop-ups / search bar
Hi all,
since installing IE6 I have never seen so many pop-ups... really annoying... is there any way of stopping it without having to install some freeware package to do it for me ? Also.. i have tried to remove the new `search` bar from the top taskbar.. everytime I re-launch IE6 it reappears...no matter how many times I unclick the tick... any ideas on how to get rid alltogether ? Thanks in advance madal 
|
|
#2
October 15th, 2003, 01:25 AM
|
||||
|
||||
|
The only way I know of without using some sort of pop-up program, start your IE browser, click on tools, click on Internet Options, click on Security tab, under Internet change the level to high instead of medium. Be warned you may not be able to visit many sites you are better off using a pop-up eliminator, there are many out there that are free.
__________________
 Childrens Hospital Of Pittsburgh Help Support Cyber Tech Help with a subscription. 
|
|
#3
October 15th, 2003, 01:55 AM
|
||||
|
||||
|
Hi madal101 - you may have a hijacker on board. Go here and download and run a scan with Hijack This. Most of the files listed will be harmless and/or required so do not make any changes, just click on Save Log, copy it and post it back in this thread.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#4
October 15th, 2003, 12:33 PM
|
||||
|
||||
|
Quote:
As far as the popups and not wanting to install freeware package, You can purchase popupstopper professional or Nortons Utilities, both will stop popups and neither are freeware. You can also download Opera or Mozilla browsers and they will stop popups. If you maximize security in MSIE, making sure all scripts are turned off, then you will not get popups but you will not be able to visit alot of sites. Finally the only way to completely avoid popups without some sort of help is to never turn on your computer - which I really don't think is an option. Unfortunately Popups are the fact of life. If you want to be able to enjoy your visits to the many different websites, play online games, chat, online shopping, or whatever, you really need some sort of popup stopper. Most are good. I use one and it has never caused me a problem.
__________________
Dan Registered Linux User #382181 - Don't be irreplaceable; if you can't be replaced, you can't be promoted. posting tips - cth tos - how to post hijackthis log
|
|
#5
October 15th, 2003, 06:03 PM
|
|||
|
|||
|
hi-jack results
as requested, hi-jack results below...
p.s// tried the untick and lock toolbar for removal of `search bar`.. didn`t work either ? Logfile of HijackThis v1.97.3 Scan saved at 17:01:50, on 15/10/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\Program Files\Exif Launcher\QuickDCF.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\Installation Zips\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=SUN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/ O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\ipinsigt.dll O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSView.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file) O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\Exif Launcher\QuickDCF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM) O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...864.4954166667 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab thanks in advance again.. madal
|
|
#6
October 15th, 2003, 11:00 PM
|
||||
|
||||
|
Hi again madal - you do have a hijacker on board and spyware too. It would be a good idea to run Spybot before we make any changes with Hijack This.
Download Spybot - Search & Destroy from here. If you already have Spybot on your PC, make sure that it is the latest version and go online and make sure that you have installed the latest updates. After installing, launch Spybot from the Desktop Icon (Easy Mode),click on the Search For Updates button, search for and install all updates. Now click on the Check for Problems button and the scan will start. Any Red entries indicate spyware problems that should be fixed to avoid security and/or privacy problems. This is the only kind of problem that is preselected to be fixed. If, after running the scan, Spybot displays red entries, click on the Fix Selected Problems button. Now click on the Immunize button to protect your PC from known pests and exit. If you have chosen to install an icon in your Quick Launch bar, Spybot will launch in Advanced Mode. I do not recommend this option for first time users of Spybot. NOTE: SSD will sometimes not be able to remove all active components in the first 'run'. In that case you will get a dialog asking you to run SSD at next start. Click yes and reboot. SSD will activate before the system puts these components 'in use', and it will then be able to 'fix' the rest. When you have rebooted, run Hijack This again and post back a new log. We can use it to tidy up and leftover problems.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#7
October 16th, 2003, 06:43 PM
|
|||
|
|||
|
What kind of popups... Are they normal internet browser popups, or gray window popups? The gray window ones can be stopped by turning off & disabling the messenger service... control panel -> administrative tools -> services -> messenger.
|
|
#8
October 17th, 2003, 12:37 AM
|
|||
|
|||
|
As requested... thanks for the help so far...
Logfile of HijackThis v1.97.3 Scan saved at 23:37:43, on 16/10/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe D:\Program Files\Exif Launcher\QuickDCF.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\Installation Zips\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file) O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\Exif Launcher\QuickDCF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM) O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...864.4954166667 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab ======================== Thanks once again
|
|
#9
October 17th, 2003, 01:41 AM
|
||||
|
||||
|
Hi again madal101 - run Hijack This again but this time, select the below entries and click on "Fix Selected"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about_:blank O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file) O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot When you have rebooted, run a search for bs3.dll and if you find it, delete it. Also run a search for realsched.exe and rename it to realsched.old. Post back a new Hijack This log.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 12:48 AM.
[
RSS ]
