Sponsor for PC Pals Forum

Author Topic: Pop Up Problem  (Read 3059 times)

Offline Stormy

  • Regular Member
  • **
  • Posts: 58
    • http://plainfolkauctions.com
Pop Up Problem
« on: April 19, 2004, 01:16 »
I don't know what is causing this but I keep getting pop ups from this one particular site; (http://dlookup.biz/poker.htm) the pages change but it's always the same domain.  I have run Pest Patrol, Ad Aware, and even did a scan disk, nothing there.  I ran the domain to a search on my pooter to see if that would come up anywhere in a file but again nothing. I also reinstalled the IE to see if that would help and no go there either. I don't know what's causing these darn pop ups from this particular site and now it's really starting to get annoying.  I don't have to be at any particular page for it to pop up so it's not any individual site causing it, but it only happens while I'm using IE (6).  Any ideas what could be causing this and how to get rid of it?  TIA

amp;quot;Be wise in the use of time. The question in life is not how much time do we have? The question is what shall we do with it.
-Anna Robertson Brown-".

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re:Pop Up Problem
« Reply #1 on: April 19, 2004, 01:28 »
Which popup blocker are you running Stormy, if any ?

Interestingly that site carries an ad for Panicwares popup stopper  ::)

Offline Stormy

  • Regular Member
  • **
  • Posts: 58
    • http://plainfolkauctions.com
Re:Pop Up Problem
« Reply #2 on: April 19, 2004, 01:38 »
I use Panicware but not using it at the moment.  Don't use it very much unless I'm doing a lot of surfing and never had a problem like this before. I also don't use the pop up stopper much because it also stops new windows that I need to access so I don't use it much at all.  This here just doesn't make any sense, I can't even figure out what could be setting it off.  Really strange.   ???
amp;quot;Be wise in the use of time. The question in life is not how much time do we have? The question is what shall we do with it.
-Anna Robertson Brown-".

Offline Dack

  • Established Member
  • ****
  • Posts: 831
Re:Pop Up Problem
« Reply #3 on: April 19, 2004, 01:39 »
The site you get the link to doesn't half look like a coolwebsearch site (The IP address links is a usual clue).

Have you tried running coolwebshredder? (Or checking for the latest variant)?)

hey promised the earth! Then delivered mud.
Technically it did meet the spec.

Offline Dack

  • Established Member
  • ****
  • Posts: 831
Re:Pop Up Problem
« Reply #4 on: April 19, 2004, 01:48 »
It may also be worth you clicking the link at the bottom of the screen that comes up - "Uninstall Adds"
hey promised the earth! Then delivered mud.
Technically it did meet the spec.

Offline Simon

  • Administrator
  • *****
  • Posts: 78349
  • First to score 7/7 in Quiz of The Week's News 2017
Re:Pop Up Problem
« Reply #5 on: April 19, 2004, 07:46 »
It might also be worth running Ad Aware and Spybot in Safe Mode, with System Restore (if you have it) temporarily disabled.  Even though you have very sensibly started to try Mozilla, it would still be worth trying to remove the spyware from your PC.

Other than that, you could run Hijack This and post the results on here.  Someone might be able to spot something.

Ad Aware
Spybot S&D
Spyware Blaster
Hijack This
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Stormy

  • Regular Member
  • **
  • Posts: 58
    • http://plainfolkauctions.com
Re:Pop Up Problem
« Reply #6 on: April 20, 2004, 04:18 »
OK ran adaware and nothing there.  So I did the Hijack This scan and the results are below.  Where did all this "junk" come from???  ???

Logfile of HijackThis v1.97.7
Scan saved at 11:11:28 PM, on 4/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plainfolkauctions.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://plainfolkauctions.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ed7djdgf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgoogle.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ed7djdgf.slt\prefs.js)
O1 - Hosts: auto.search.msn.com
O1 - Hosts: search.netscape.com
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\SYSTEM\CTAP4.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Bug Eliminator] C:\PROGRAM FILES\BUG ELIMINATOR\BUG_ELIM.exe /tray
O4 - Global Startup: ZoneAlarm Plus.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zaplus.exe
O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Add to White List - C:\PROGRAM FILES\ADVANCED SEARCHBAR\addtolist.js
O8 - Extra context menu item: Delete from White List - C:\PROGRAM FILES\ADVANCED SEARCHBAR\delfromlist.js
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar   &2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms   &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms   &[ (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {DBB177CC-6908-4B53-9BEE-F1C697818D65} (QuickBooks Online Edition Utilities Class v4a) - https://accounting.quickbooks.com/v7.155/qboax4a.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37625.3053703704
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {A80D199B-CFDD-4DA4-8C47-2310D5B8DD97} (QuickBooks Online Edition Utilities Class v5) - https://accounting.quickbooks.com/v7.572/qboax5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} (QuickBooks Online Edition Utilities Class v6) - https://accounting.quickbooks.com/v8.122/qboax6.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamload.com/Upload/XUpload.ocx
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -
O16 - DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} (MyCorkboard Class) - http://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
O16 - DPF: Keno by pogo.com - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire46.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/BEL/Bug%20Eliminator.cab

This is scary stuff, I don't even recognize a lot of it.  I sure hope this gets rid of that darn pop up... :-\
amp;quot;Be wise in the use of time. The question in life is not how much time do we have? The question is what shall we do with it.
-Anna Robertson Brown-".

Offline Simon

  • Administrator
  • *****
  • Posts: 78349
  • First to score 7/7 in Quiz of The Week's News 2017
Re:Pop Up Problem
« Reply #7 on: April 20, 2004, 08:16 »
O2 - BHO: (no name) - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\SYSTEM\CTAP4.DLL

I haven't time to look through it properly now, and I'm no expert anyway, but the one above has come up on Google as something which should be removed (it's some sort of worm / trojan than puts a random DLL in your system), so try ticking the box to 'fix' that one, and see if that helps.  I'm sure there's other stuff there as well, as a lot of it doesn't look familiar, but hopefully an expert will look at it for you during the course of the day.

What you could try is running Ad Aware and Spybot in Safe Mode, with System Restore temporarily disabled.  That sometimes helps a lot.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Stormy

  • Regular Member
  • **
  • Posts: 58
    • http://plainfolkauctions.com
Re:Pop Up Problem
« Reply #8 on: April 21, 2004, 02:00 »
I removed that one and a few others I didn't recognize and so far, no more pop ups.  I just hope I didn't just jinx myself! lol   ;D
amp;quot;Be wise in the use of time. The question in life is not how much time do we have? The question is what shall we do with it.
-Anna Robertson Brown-".

Offline Dack

  • Established Member
  • ****
  • Posts: 831
Re:Pop Up Problem
« Reply #9 on: April 21, 2004, 02:07 »
I've spent all night fixing one like this :)

Assuming you meant to install the Yahoo toolbar (so all the red.clientapps remain)

Run HJT agin and tick and fix the following

O1 - Hosts: auto.search.msn.com
O1 - Hosts: search.netscape.com

O2 - BHO: (no name) - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\SYSTEM\CTAP4.DLL


O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -

O16 - DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} (MyCorkboard Class) - http://www.mycorkboard.com/CabFiles/WebsiteHelper.cab

O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/BEL/Bug%20Eliminator.cab

If you didn't install the Yahoo toolbar then you also need to select:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plainfolkauctions.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

I included weatherbug as it installs the mysearch toolbar as a freebie  >:(
hey promised the earth! Then delivered mud.
Technically it did meet the spec.

Offline Stormy

  • Regular Member
  • **
  • Posts: 58
    • http://plainfolkauctions.com
Re:Pop Up Problem
« Reply #10 on: April 21, 2004, 03:12 »
OK removed all the above.  So far everything is running well.  Will let you know if that pesky pop up shows up anymore.  Thank you for all your help!   8)
amp;quot;Be wise in the use of time. The question in life is not how much time do we have? The question is what shall we do with it.
-Anna Robertson Brown-".

Show unread posts since last visit.
Sponsor for PC Pals Forum