Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New User Needs Help


  • This topic is locked This topic is locked
9 replies to this topic

#1 anaru

anaru

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 21 August 2004 - 07:57 AM

Could an experienced Administrator please read my findings.
I have run Spybot-Search and Destroy 1.3 and Ad-Aware 6 on my computer about 5 days ago and deleted many things. I use Nortons anti-virus and windows XP firewall. I continue to have my homepage hijacked to blank page with pop up ads advising I have a spyware infected computer and to purchase their products. In addition I have unwanted, unnecessary extra tool bars which one has taken the place of my address bar and I can no longer manually type in an internet address.
My phone bill shows that I have had a modem intruder/hacker ringing overseas on my behalf but spybot and Ad-aware may have deleted that - I'm not sure until my next phone bill. Again could an experienced administrator read my finding and advise me accordingly -- Your in appreciation

Logfile of HijackThis v1.98.2
Scan saved at 12:32:22 AM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Anaru\Application Data\ttuh.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\sqn.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anaru\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Anaru\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Anaru\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ykhjshzvrujyjbkmvzno.net/ztJhTQ...4o31cl78yR.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {08896050-4878-A365-E34A-F81163B0DE9B} - C:\PROGRA~1\16COAL~1\EQ FIRST.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58FA2EA9-8013-41AA-B807-D92EB685CE1F} - C:\WINDOWS\madopew.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {688C3426-9766-0FB5-D724-665504DE2E3E} - C:\WINDOWS\System32\fjd.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [FREEMATH] C:\PROGRA~1\GPLBIN~1\link admin pile.exe
O4 - HKLM\..\Run: [Loud Window Close Once] C:\Documents and Settings\All Users\Application Data\mfcd soft loud window\About defy.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Anaru\Application Data\ttuh.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Lezyc] C:\WINDOWS\System32\sqn.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O18 - Filter: text/html - {6795294B-7C64-4BEE-A645-0AAEBDA9781C} - C:\WINDOWS\madopew.dll
O18 - Filter: text/plain - {6795294B-7C64-4BEE-A645-0AAEBDA9781C} - C:\WINDOWS\madopew.dll

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 AM

Posted 21 August 2004 - 01:49 PM

Dialers!! 8O .. I hope your phone company was cooperative..

Also, please create a new restore point before beginning. These instructions are going to be lengthy, and I want you to have a backup in case of an "oops"

First, please put HijackThis in its own folder. It makes backups,
and it is best to keep them all in one place.
  • Click My Computer, then C:\
  • In the menu bar, File->New->Folder.

That will create a folder named New Folder.
  • Right click on the folder and select 'rename'
  • Rename to something like 'HJT' , and put Hijackthis in there.
***********************************************************************

Download and run both of these uninstallers:

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe

***********************************************************************

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of osmim.dll and nothing else . Reboot.


***********************************************************************


You have a CWS infection.

Please download the CWShredder.Don't run it quite yet.

***********************************************************************

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Anaru\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Anaru\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ykhjshzvrujyjbkmvzno.net/ztJhTQ...4o31cl78yR.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {08896050-4878-A365-E34A-F81163B0DE9B} - C:\PROGRA~1\16COAL~1\EQ FIRST.exe
O2 - BHO: (no name) - {58FA2EA9-8013-41AA-B807-D92EB685CE1F} - C:\WINDOWS\madopew.dll
O2 - BHO: (no name) - {688C3426-9766-0FB5-D724-665504DE2E3E} - C:\WINDOWS\System32\fjd.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [FREEMATH] C:\PROGRA~1\GPLBIN~1\link admin pile.exe
O4 - HKLM\..\Run: [Loud Window Close Once] C:\Documents and Settings\All Users\Application Data\mfcd soft loud window\About defy.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [Lezyc] C:\WINDOWS\System32\sqn.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/056f4317b970e9...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
***********************************************************************

Boot into SAFE MODE by tapping the f8 key during boot up.


Run the Shredder.


Delete the following:


C:\WINDOWS\System32\sqn.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

************************************************************************

Reboot and post a new log. :D

#3 anaru

anaru
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 21 August 2004 - 10:27 PM

Thanks Groovicus - a huge difference to my Browser - I'm free..
However, my address bar is missing - I can't find it and i've enabled it when I right click the tool bar
Heres the new posting - if u can still see any problems please let me know.
Once again thank u -- All Hail Groovicus

Logfile of HijackThis v1.98.2
Scan saved at 3:18:09 PM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Anaru\Application Data\ttuh.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Documents and Settings\Anaru\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Anaru\Application Data\ttuh.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 AM

Posted 21 August 2004 - 11:02 PM

Which toolbar are you missing. Is it one I had you remove?

#5 anaru

anaru
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 22 August 2004 - 04:57 AM

I'm not sure of the name of the tool bar that I deleted- but I have no address bar to type in Internet addresses or show the name of the internet address that I'm on.
Previously, the WWW address bar was totally covered by the rogue tool bar but it appears both have been removed. I'm having to get to internet addresses by searching through google which I saved in favourites. Any advice would be appreciated

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 AM

Posted 22 August 2004 - 09:42 AM

Ok, let's see if we can figure this out.

One suggestion would be to download the Google toolbar. You would have the added benifit of a pop-up blocker, and a search bar on top. But htta is not really fixing the problem, is it? :flowers:

The next question is, do you have the menu bar locked?

If you hover your cursor just below the bar that has your buttons on it (back, reload, etc) does the toolbar show up as hidden?

Other than that, I don't know. I'll do some more research and see what I can find. :thumbsup:

#7 anaru

anaru
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 23 August 2004 - 12:12 AM

Its O.K groovicus - the address bar has now reappeared when I logged on this afternoon - a delayed reaction. Many thanks for all your help. One more question - Yahoo have asked to download the latest version of their software as there is a current security risk with the existing programs. I had a lot of adware problems, hijacked favourites and added desktops the the first time I downloaded Yahoo and I am very reluctant to download the updates - apparently its very lengthy. Do you know anything about it or have any advice?

#8 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:15 AM

Posted 23 August 2004 - 12:41 AM

G'day Anaru,

If you're locked into Yahoo as your only available ISP,
then I'd download their updates. Admin/helpers from this site
can always help you clean up any problems.

But, if you've another choice of an ISP, I'd take it, if I were you.

I used to have Yahoo and AOL too, once upon a time.
They were nothing but problems or breeding grounds of problems
for me. I now use a local, very inexpensive ISP.

One must also have all the appropriate protection operating also.

E.g. firewalls, anti-virus software, OS updates, etc.
(See the BleepingComputer tutorials for more about all that.)

Wait on Groovicus before you do anything else.
(I think he may be cat-napping at the moment...)

Welcome and best wishes
-Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#9 anaru

anaru
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 23 August 2004 - 04:40 AM

Yahoo is not my ISP provider
I only use Yahoo for Yahoo messenger - good for speaking to family from around the world - and I play Yahoo euchre from time to time - Its a blast.
I don't want to download any more stuff from Yahoo but at the same time, I dont want my current Yahoo programs to be a security risk for my computer. Any advice? :thumbsup:

#10 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:15 AM

Posted 23 August 2004 - 05:49 AM

Others here on "Bleeping C" may not agree,
but I won't have anything to do with Yahoo (nor AOL).
I've convinced most of my contacts to dump it.
I refuse most e-mail from people who use it,
even though I have one of the tightest systems operating.

For instant connectivity with family and friends I'm using
MSN hot mail & their instant messenger when I must.
Sounds dumb I know.
But the anti-V I use (McAfee + free on line scans) and now
only using FireFox browser too, has kept me virus, hijack,
etc, free for more than a year through the little ISP I use.

Your situation may differ from mine. You've got to figure
out what works the best for you.

I don't play any on-line games. Actually, I don't have time
for such. I've Grandchildren - a game in themselves...

Luck t'ya,
-Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users