Solve : dodgy internet sites?

1.	Solve : dodgy internet sites?
Answer» Hi Posted requests for help under internet about three dodgy websites that keep opening up on my computer when I'm on internet, two of which are sick censored http://213.193.215.174/ssredir/gb.html (porn) http://www.megashoppingportal.com/uk/ http://www.virgins.se/index.php?ccode=UK&cnum=44 (porn) I've followed the advice given on how to clean an infected computer and spent hours doing full virus scans, anti spyware scans and virus scan in safe mode too. I had a Trojan virus on my computer which has now been removed. I rebooted and went on to internet and when I went into my faves to come on to this website it took me straight to the first porn site on the list. Does this mean I still have a virus or some sort of problem with my computer? Any help gratefully received. debsdebbiekayekaroqe......I would be inclined to D/L ....hijackthis ....because it sounds like you have a hijacker ........ http://www.download.com/HijackThis/3000-8022_4-10227353.html Save it to a folder on your desktop........ then run a scan , save the logfile it generates and post the log here ......... If the logfile is too large to post in one post ......post it in 2 posts ..... dl65 part 1.... Logfile of HijackThis v1.99.1 Scan saved at 20:07:08, on 15/10/2005 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running PROCESSES: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MSWHEEL.EXE C:\WINDOWS\SYSTEM\BRMFRSMG.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\DELRINA\WINFAX\WFXSND32.EXE C:\PROGRAM FILES\MSOFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\MSOFFICE\OFFICE\FINDFAST.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.blueyonder.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll part 2.... O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [SSBkgdUpdate] "c:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [IndexSearch] c:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [msqsearc] c:\windows\system\msqsearc.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O4 - Startup: WinFax PRO Fast Start.lnk = C:\Program Files\Delrina\WinFax\wfxsnd32.exe O4 - Startup: Office Startup.lnk = C:\Program Files\MSOffice\Office\OSA.EXE O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\MSOffice\Office\FINDFAST.EXE O4 - Startup: blueyonder INSTANT Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Dell Home - {24CE81C0-B8D3-11D3-9B2D-B0314FC10000} - http://www.dell.com/ (file missing) (HKCU) O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.egreetings.com/cnp/Install/AxCtp.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.tynebridgewebcam.co.uk/camimages/AxisCamControl.ocx O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37320.cab debbiekayekaroqe.....OK ...here's what Iwould mark for removal. ..... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup O4 - HKLM\..\Run: [msqsearc] c:\windows\system\msqsearc.exe /install O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\MSOffice\Office\FINDFAST.EXE O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Dell Home - {24CE81C0-B8D3-11D3-9B2D-B0314FC10000} - http://www.dell.com/ (file missing) (HKCU) Note ....I have suggested removing all google toolbars.....they attract a lot of spyware and other crap.......just use the google search page instead. Press fix marked and see how it looks dl65 Hi dl65 Well I have removed those you suggested... thanks for that. When I really think about it a lot of problems have started SINCE I installed the Google toolbar... I also had a Yahoo and MyFunProducts toolbar and they all seem to get mixed up with one another and for instance I would remove Yahoo via View, Toolbars and it would remove Google instead or vice versa. I think the old saying is best... less is more! I'll see how things go but hopefully that will be it. Thanks for all your advice debsAny toolbar is a bad idea. These outfits don't just distribute these things for our benefit. It's for theirs!Toolbars are a bad idea. If you get a lot of Spyware etc maby you should download Microsoft Anti-Spyware and run that every week. R0SS Quote If you get a lot of Spyware etc maby you should download Microsoft Anti-Spyware and run that every week. Unfortunately , she can't ....... Windows AntiSpyware (Beta) supports Windows 2000, Windows XP, and Windows Server™ 2003. dl65 This could of been prevented if Linus was used instead of Windows.Well put, paduwan.oh ok i didnt read the bit abou the OS Linx boy, Linx still gets viruses and stuff. Linx and Apple you team up "LINPLE" yeh id buy that! R0SS Quote Linx boy, Linx still gets viruses and stuff. What viruses? What stuff? Inquiring minds want to know. Hi dl65....since I sorted out my computer with your assistance at the weekend it has been running great. Did a full spyware check and virus check today and came up with a clean bill of health, one of the spyware checks even gave me a congratulations message!!! I uninstalled and reinstalled my zone alarm firewall and even that is not coming up with very much. Thanks for your help. cheers debs debbiekayekaroqe.....Glad to hear that you have it running well......Just remember that if you run your various scans regularly...the puter will remain reasonably clean and trouble free ........ I don't know if you leave your machine on all the time......but if you do , It might be an idea to schedule your anti virus app to run a full scan everyday . Then I would suggest running Spybot ....several times a week ....... http://www.tucows.com/preview/310138 I would suggest running CCLeaner at least once a day .... http://www.majorgeeks.com/download4191.html This app runs its scans very quickly . You should also run Ad-Aware SE ........ http://www.majorgeeks.com/download506.html Most important that you always check for updates on these apps. dl65

Answer»

Hi

Posted requests for help under internet about three dodgy websites that keep opening up on my computer when I'm on internet, two of which are sick *censored*

http://213.193.215.174/ssredir/gb.html (porn)
http://www.megashoppingportal.com/uk/
http://www.virgins.se/index.php?ccode=UK&cnum=44 (porn)

I've followed the advice given on how to clean an infected computer and spent hours doing full virus scans, anti spyware scans and virus scan in safe mode too.

I had a Trojan virus on my computer which has now been removed. I rebooted and went on to internet and when I went into my faves to come on to this website it took me straight to the first porn site on the list. Does this mean I still have a virus or some sort of problem with my computer?

Any help gratefully received.

debsdebbiekayekaroqe......I would be inclined to D/L ....hijackthis ....because it sounds like you have a hijacker ........ http://www.download.com/HijackThis/3000-8022_4-10227353.html
Save it to a folder on your desktop........ then run a scan , save the logfile it generates and post the log here ......... If the logfile is too large to post in one post ......post it in 2 posts .....

dl65 part 1....

Logfile of HijackThis v1.99.1
Scan saved at 20:07:08, on 15/10/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running PROCESSES:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\DELRINA\WINFAX\WFXSND32.EXE
C:\PROGRAM FILES\MSOFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSOFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
part 2....
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "c:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] c:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [msqsearc] c:\windows\system\msqsearc.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Startup: WinFax PRO Fast Start.lnk = C:\Program Files\Delrina\WinFax\wfxsnd32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\MSOffice\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\MSOffice\Office\FINDFAST.EXE
O4 - Startup: blueyonder INSTANT Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Dell Home - {24CE81C0-B8D3-11D3-9B2D-B0314FC10000} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.egreetings.com/cnp/Install/AxCtp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.tynebridgewebcam.co.uk/camimages/AxisCamControl.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37320.cab

debbiekayekaroqe.....OK ...here's what Iwould mark for removal. .....

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup

O4 - HKLM\..\Run: [msqsearc] c:\windows\system\msqsearc.exe /install

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\MSOffice\Office\FINDFAST.EXE

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmwordtrans.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Dell Home - {24CE81C0-B8D3-11D3-9B2D-B0314FC10000} - http://www.dell.com/ (file missing) (HKCU)

Note ....I have suggested removing all google toolbars.....they attract a lot of spyware and other crap.......just use the google search page instead.

Press fix marked and see how it looks

dl65

Hi dl65

Well I have removed those you suggested... thanks for that.

When I really think about it a lot of problems have started SINCE I installed the Google toolbar... I also had a Yahoo and MyFunProducts toolbar and they all seem to get mixed up with one another and for instance I would remove Yahoo via View, Toolbars and it would remove Google instead or vice versa. I think the old saying is best... less is more!

I'll see how things go but hopefully that will be it.

Thanks for all your advice

debsAny toolbar is a bad idea. These outfits don't just distribute these things for our benefit. It's for theirs!Toolbars are a bad idea.

If you get a lot of Spyware etc maby you should download Microsoft Anti-Spyware and run that every week.

R0SS
Quote

If you get a lot of Spyware etc maby you should download Microsoft Anti-Spyware and run that every week.

Unfortunately , she can't .......

Windows AntiSpyware (Beta) supports Windows 2000, Windows XP, and Windows Server™ 2003.

dl65 This could of been prevented if Linus was used instead of Windows.Well put, paduwan.oh ok i didnt read the bit abou the OS

Linx boy, Linx still gets viruses and stuff.

Linx and Apple you team up "LINPLE" yeh id buy that!

R0SS Quote

Linx boy, Linx still gets viruses and stuff.

What viruses? What stuff? Inquiring minds want to know. Hi dl65....since I sorted out my computer with your assistance at the weekend it has been running great.

Did a full spyware check and virus check today and came up with a clean bill of health, one of the spyware checks even gave me a congratulations message!!! I uninstalled and reinstalled my zone alarm firewall and even that is not coming up with very much. Thanks for your help.

cheers
debs debbiekayekaroqe.....Glad to hear that you have it running well......Just remember that if you run your various scans regularly...the puter will remain reasonably clean and trouble free ........
I don't know if you leave your machine on all the time......but if you do , It might be an idea to schedule your anti virus app to run a full scan everyday .
Then I would suggest running Spybot ....several times a week ....... http://www.tucows.com/preview/310138
I would suggest running CCLeaner at least once a day .... http://www.majorgeeks.com/download4191.html
This app runs its scans very quickly .
You should also run Ad-Aware SE ........
http://www.majorgeeks.com/download506.html

Most important that you always check for updates on these apps.

dl65

Solve : dodgy internet sites?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment