# You probably never got a question like this.



## Lori 1 (Jul 25, 2002)

Ok I have got so frustrated with this problem, I came to Tech Guy support. This is a little embarrassing, but here it goes. As everyone knows Hotmail is nutorious for receiving porno. My problem is this. I accidently open one, that I thought was something else. I immediatly deleted it. But it seems to have taken over my computer. I deleted one once and it gave my computer a virus. which I reported. I have deleted my cookies, temporary files, history 3 times, and it still hasn't helped. All of a sudden, out of the blue, my whole screen is covered with this stuff
and you can not get rid of it. Most of these emails go directly to my trash, but unfortunatly, one didn't. Does anyone have any ideas on this one?


----------



## mad-martin (Jul 5, 2002)

do an online virus scan here 
they will find it in no-time 
Please let us know how it worked out.


----------



## steamwiz (Oct 4, 2002)

Hi Lori 1

Post your startup list so that we can see what it is

Please post your startup list by doing the following :-

Please go here and download startuplist 1.51 :-

http://www.lurkhere.com/~nicefiles/

Download to any folder or your desktop 
Unzip the zipfile 
Double click the exe file 
go to Edit - select all - copy - and paste the results in a new post here

steam


----------



## Miz (Jul 2, 2002)

Download, install and run Spybot and/or AdAware (I use them both.) Let them clean up any spyware they find.

If that doesn't solve the problem, download, install and run HiJackThis (scroll down to the download link).


----------



## brendandonhu (Jul 8, 2002)

You can not just get a virus by opening an email.
Hotmail allow HTML, but not Javascript. So pictures can bbe displayed, fonts & images are available etc, but you can NOT be redirected to another page automatically, and it can not download anything to your hard drive. If you got a virus from hotmail, you must have either clicked a link in an email,run an attachment, or there is a vulnerability in hotmail, but if that was the case, someone here would have heard about it by now.

Hotmail emails/attachemnts are also scanned by Mcaffee antivirus.


----------



## ~Candy~ (Jan 27, 2001)

> _Originally posted by brendandonhu:_
> *
> Hotmail emails/attachemnts are also scanned by Mcaffee antivirus. *


Ah, they say that, but when you download into Outlook Express (I have a user that gets a virus daily via hotmail)......


----------



## gotrootdude (Feb 19, 2003)

Boot into safe mode, run regedit. 
HKey local machine>software>microsoft>windows>run check out what's there, export any suspicious keys then delete them, Do the same for run-,runonce,runex,runservices,runservices-,and runservicesOnce. You can also double click on any value and get the location on the drive the program is running from. 

Run sysedit
check the win.ini = boot section
and the system.ini = run section
then reboot and run adaware. and a good antivirus.


----------



## Lori 1 (Jul 25, 2002)

Thank you MIZ, for the programs to download, I couldn't beleive what it found. I am hoping this takes care of the problem. And I want to Thank Candy ,for backing me up ,on getting a virus from opening emails. Which is really true. Thank God for antivirus programs. And I want to thank everyone else, that posted and gave me some infor on what to do. I will post back in a few days, to let you know if this took care of the problem. Because it just happens out of the blue. Like this morning, as soon as I turned my computer on and dialed up. it took over my screen. Strange but true. Thank you all.


----------



## Lori 1 (Jul 25, 2002)

well I came home tonight and turned my computer on, after not being on all day. and the porno thing came up on my screen. After I dialed up and as soon as I got online. Hummm sounds like something in my start up programs.which I have unchecked everything but what I want in my tool bar. Any new ideas on this anyone?


----------



## Beth Ann (Feb 18, 2003)

Hi Lori~

Forgive me for just jumping in out of the blue here-but have you tried a system restore to bring your computer back to an earlier configuration BEFORE you opened that e-mail? Just a thought.


----------



## brendandonhu (Jul 8, 2002)

Please run Hijack This and post the log.
http://lurkhere.com/~nicefiles for the download.


----------



## Lori 1 (Jul 25, 2002)

I keep trying to post and get taken back to login why?


----------



## Lori 1 (Jul 25, 2002)

Miz, I couldn't email you so I have to post it. I have downloaded these programs you sent me and the ones others sent me too, but I am having a major problem. I have no idea how to use them, can you email me or post and tell me how to use these programs so I don't delete something that shouldnt be deleted?
Thanks again for the help all.


----------



## brendandonhu (Jul 8, 2002)

Here are instructions for the program I would like you to run:
Click Here To Download It

When its done downloading, open it, it should open in WinZip or another zipping program if you have one. 
There is only 1 file in it, Hijack This.Exe, run it, and click the "Scan" button. Then click Save Log. Save it to your desktop. Then attach the file to your post, or if you prefer open the file in Notepad, and cut and paste it back to us.


----------



## Lori 1 (Jul 25, 2002)

Logfile of HijackThis v1.92.0
Scan saved at 2:03:14 PM, on 2/28/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://toolbar.i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://toolbar.i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://toolbar.i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www04.pogo.com/index.jsp?sls=3&lkey=3d76a3872f861ec10a66fd3e0000283c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.tds-net.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://searchassistant.iwon.com/srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://toolbar.i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=about:blank
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: iWon Search Assistant BHO - {08E1C8E1-E565-44fc-A766-C9539BB3ABB7} - C:\PROGRAM FILES\IWON\SRCHASTT\2.BIN\I1SRCHAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: ineb Helper - {61D029AC-972B-49FE-A155-962DFA0A37BB} - C:\WINDOWS\SYSTEM\INEB.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: I-Lookup.com Bar - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINDOWS\SYSTEM\INEB.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Copernic (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon.com/ct/pm3/iwonpm_3_1,0,2,5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://images.bonzi.com/freebuddy/wd/bbsetupad1.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.cyberpatrol.com/cponline/isetup.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,54/mcinsctl.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://downloads.iwon.com/images/nocache/bingo/i1initialsetup1.0.0.2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37590.732337963
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?221
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.crazymates.com/ege/download/trial/setup.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://dianesbreasts.free-host.com/frjdklao.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {D35A69A7-7A34-4C67-814A-3F508C0BF371} (Inst Class) - http://toolbar.i-lookup.com/ineb.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab


----------



## jm100dm (May 26, 1999)

For starters I believe you can remove both of these. My opinion is based on the names at http:.

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.crazymates.com/ege/download/trial/setup.exe 
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://dianesbreasts.free-host.com/frjdklao.cab


----------



## The_Egg (Sep 16, 2002)

There's heaps of spyware listed there
All of which need to go.

Remove the following entries with HiJack This

i-Lookup
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://toolbar.i-lookup.com/search.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://toolbar.i-lookup.com/search.html 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://toolbar.i-lookup.com/search.html 
O3 - Toolbar: I-Lookup.com Bar - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINDOWS\SYSTEM\INEB.DLL
O3 - Toolbar: I-Lookup.com Bar - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINDOWS\SYSTEM\INEB.DLL 
O2 - BHO: ineb Helper - {61D029AC-972B-49FE-A155-962DFA0A37BB} - C:\WINDOWS\SYSTEM\INEB.DLL

iWon
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://searchassistant.iwon.com/srchlft.html 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://toolbar.i-lookup.com/search.html 
O2 - BHO: iWon Search Assistant BHO - {08E1C8E1-E565-44fc-A766-C9539BB3ABB7} - C:\PROGRAM FILES\IWON\SRCHASTT\2.BIN\I1SRCHAS.DLL 
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL 
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL 
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon.com/ct/pm3/iwonpm_3_1,0,2,5.cab
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://downloads.iwon.com/images/no...etup1.0.0.2.cab
O16 - DPF: {D35A69A7-7A34-4C67-814A-3F508C0BF371} (Inst Class) - http://toolbar.i-lookup.com/ineb.cab

BonziBuddy
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF} - http://images.bonzi.com/freebuddy/wd/bbsetupad1.exe

Others
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.crazymates.com/ege/download/trial/setup.exe 
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://dianesbreasts.free-host.com/frjdklao.cab

^DianesBreasts^, hehe  

Then download and run Spybot Search & Destroy to get rid of any leftovers

Spybot S&D instructions:

Close all browser windows

Open Spybot S&D for the first time
Select Country & click out of the setup section (Next button)

Click "Online" button, click "check for updates"
(note: you need to be online for this)
Checkmark and download the latest Includes/Updates
(skins/languages aren't important)

"Settings" button, click "File Sets"
Uncheck "Usage Tracking" and "System Internals"

Go back to main "Spybot S&D" button
Click "Check for problems"

Let the scan run

When done, all spyware/adware/etc will be auto checked in the results,
so just click "Fix selected problems"

If you are prompted that some files are in use and can't be deleted,
Click "Yes" to allow Spybot S&D to run on reboot.

Reboot
Spybot S&D will load before the Windows GUI
Run the scan again and let Spybot S&D complete its task.
When you see "congratulations, no spybots found" in the main window,
that's when you know you're clean.

Close Spybot S&D and Windows GUI will load.


----------



## Steppinstone (Aug 18, 2002)

For the Iwon.com entries and the one for bonzi buddy check your add and remove programs to see if you can remove that way. I am not sure how the hijack this program works but when I had the iwon & bonzi spyware/adware I was told to try to remove it first from add/remove programs first. Good luck!


----------



## Lori 1 (Jul 25, 2002)

I am about half way or more done with getting rid of the spy ware. But there is on thing I am worried about, zomealarm, wildfile is my goback program{gateway} zonealarm and programs like that, I am worried about deleting them because I am afraid the program won't work right . Can anyone give me an idea on, if I go ahead and delete all these files, The Egg told me to delete, will my programs still work? And I also want to thank the Egg for spending his time to tell me what programs to delete, You are all so great. 
Lori1


----------



## The_Egg (Sep 16, 2002)

Hi again 

ZoneAlarm doesn't contain any spyware!
What makes you think it does? Or what makes you think any ZoneAlarm components are going to be removed by Spybot S&D? Or what makes you think ZoneAlarm isn't going to work any more?

Spybot S&D shouldn't be showing any ZoneAlarm related entries in the Spybot section of the results list.

As for Gateway's Goback tool, well, I'm not familiar with this at all,
but I'm pretty certain it's not spyware-related . . . so apply the same questions for ZoneAlarm here . . .

You can uninstall iLookup and iWon Search Assistant in Add/Remove Programs Control Panel, and then run Spybot S&D to clear up the junk they leave behind.

If you follow my exact instructions for opening, updating, and running Spybot S&D, then everything will be ok


----------



## Lori 1 (Jul 25, 2002)

These programs were in the ones you told me to delete, Soooo before I got a reply back from you I went ahead and deleted them. Wow what a mistake, it took everything out of my taskbar. 
Oh No!!! thank God for Goback, that comes with gateway, I went back to when I started my computer this morning, now I have them back. when I deleted them all it even took my dial up away. 
But like I said I still have them. I am going to send you a copy and paste of what I have not deleted yet. and see what you think, thanks again Egg. This is what I have left that I haven't deleted. Logfile of HijackThis v1.92.0
Scan saved at 7:16:28 AM, on 3/1/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www04.pogo.com/index.jsp?sls=3&lkey=3d76a3872f861ec10a66fd3e0000283c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.tds-net.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://toolbar.i-lookup.com/search.html
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Basic\Search Extension.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Copernic (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,54/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37590.732337963
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?221
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab


----------



## The_Egg (Sep 16, 2002)

No. I didn't tell you to delete everything.
If you look back at my first post again,
I actually posted all the items which needed removing.

Those were:
i-Lookup
iWon Search Assistant
BonziBuddy
DianesBreasts

Nothing more, nothing less.


Please close HiJackThis and run Spybot Search and Destroy as per my instructions above.
There's still one or two i-Lookup entries there that need to go.


----------



## Lori 1 (Jul 25, 2002)

The Egg, I must have misunderstood what you were saying in your post. but everything is working ok and havent had any problems yet.Thanks again


----------



## The_Egg (Sep 16, 2002)

Phew. You had me worried there for a mo

Glad to hear everything's working ok.
Yay! 

Just to make sure you've got rid of all the nasty spyware,
could you please post your StartUpList here.


----------



## Lori 1 (Jul 25, 2002)

StartupList report, 3/2/03, 11:14:42 AM
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DESKTOP\ICONS\INVISIBLE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE


----------



## Lori 1 (Jul 25, 2002)

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
SystemTray = SysTray.Exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

GoBack Polling Service = C:\Program Files\Wild File\GoBack\GBPoll.exe
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
MiniLog = C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Weather = C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
Invisible! = C:\WINDOWS\DESKTOP\ICONS\INVISIBLE.EXE

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv


----------



## Lori 1 (Jul 25, 2002)

C:\WINDOWS\WININIT.BAK listing:
(Created 28/2/2003, 17:29:26)

[rename]
NUL=C:\PROGRA~1\IWON\INSTALLR\I1SETUP1.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
C:\PROGRA~1\WILDFI~1\GOBACK\GB_PROG.EXE /i C:1464
PROMPT $P$G
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\;C:\CDROM;C:\BRCD\BIN;C:\BRCD\COMMAND;C:\PROGRA~1\GRISOFT\AVG6

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance-Defragment programs.job
Maintenance-Disk cleanup.job
Maintenance-ScanDisk.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/w98/en/actsetup.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://support.gateway.com/support/profiler/PCPitStop.CAB

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PWACTIVEXIMGCTL.DLL
CODEBASE = http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab


----------



## Lori 1 (Jul 25, 2002)

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\MSNCHAT42.OCX
CODEBASE = http://sc.communities.msn.com/controls/chat/msnchat42.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,54/mcinsctl.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37590.732337963

[compid Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GWCID.DLL
CODEBASE = http://support.gateway.com/support/serialharvest/gwCID.CAB

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGH.OCX
CODEBASE = http://h30043.www3.hp.com/dj/qdiagh.cab?221

[InstallShield International Setup Player]
InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUPML.DLL
CODEBASE = http://ftp.hp.com/pub/automatic/player/isetupML.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://sc.communities.msn.com/controls/chat/msnchat45.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 6,291 bytes
Report generated in 1.045 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## jm100dm (May 26, 1999)

Nothing sticks out as bad to me. Congratulations. 

The_Egg reads these better than I and will let you know if there are any other bad ones.


----------



## Lori 1 (Jul 25, 2002)

Thank you and lets cross our fingers,lol


----------



## pvc9 (Jul 7, 2002)

Np in the list...but just a suggestion...go back to msconfig and reselect/recheck the option ScanRegistry. Its always better to have it checked. ScanRegistry takes a backup of your registry each time Windows starts, so incase of an emergency you can use the backup to restore to a working/good registry.

Start->Run->msconfig [enter]

Click the Startup tab, check the option ScanRegistry, click Apply, Ok.


----------



## jjb (Dec 9, 2001)

Lori:
Just a side note for when you get this all straightened out.

A very overlooked and common mistake made by users of email servers like hotmail and yahoo is leaving the default settings in their options. I have had a hotmail account for well over a year and I receive VERY little junk mail.

Number one-when signing up for one of these accounts always look for a tab that asks if you wish to receive offers, mailings, etc..
It is always checked yes by default and if left as is you will be deluged by junk mail immediately. It seems once your addy is out there is no keeping your address safe.

Second-in hotmail go to options tab.
Under your information tab>free newsletters make sure NO boxes are checked.
Do the same under MSN featured offers.
Once again I believe when a person first signs up for a hotmail account some of these are checked by default and need to be removed or the onslaught of junk begins.

Under mail handling tab go down preferances and check accordingly to what you are comfortable with-mine are set as this

Junk mail filter-enhanced-deliver to junk mail filter and delete later(this way you get to review the junk if you want)

Safe list-this allows you to add any addresses which you trust and will not accidently send them as junk if they look suspicious.

Mailing list-kind of same as above

Block sender- put any unwanted mail addies there right away and as you receive them

Filter messages- You can use this feature to block incoming mail with any unwanted text in the subject line-ie:,you could list words like porn,nude,sex and if they are contained in the subject line it will stop these also.

You may be aware of this info,but like I said earlier it is the most common mistake I have seen when people use hotmail,yahoo etc.
The very best medicine is prevention rings true with these email servers-the proper settings at initial sign up will prevent the majority of junk. In other words........................
*IF YOU LEAVE THE DOOR OPEN OR UNLOCKED-THEY ARE GOING TO COME IN!!!!!!*

jjb


----------



## Lori 1 (Jul 25, 2002)

jjb, I thank you for your advice and information. I am still learning about computers, and alot of these things ,I do not know, Einstien I am not .lol but I am learning through this sight. everyone here has been wonderful to me. I will go to my hotmail, and look it over.


----------



## ~Candy~ (Jan 27, 2001)

Weather = C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1 

Do you actually use this?


----------



## Lori 1 (Jul 25, 2002)

Hi Candy,
Yes I use this program daily.


----------



## jjb (Dec 9, 2001)

Your very welcome Lori.
Still learning about computers? Ummmmmm......................me tooooooooooooooooo 
Three years ago at age 40 with fingers that had never come into contact with a keyboard in my life, boxes appeared on my doorstep. Lo and behold,my first computer. I recognized the plugs and what appeared to be on/off switches and everything else was "greek" to me. Big investment and yup,I was scared!!! 
Einstein I am not either,but in a short time I learned very few problems can't be solved when someone takes the time and patience to walk you through. There is strength in numbers and patience and dedication is what you will find at TSG. Along the way I have learned alot both on my own and at this wonderful site and now from time to time I can even answer a question or two.................so once again,glad I could help.

P.S. I still have this uncontrollable urge to give that brendandonhu youngin' a wedgie or noogie at times   
wheeeeeeeeeew if I was that smart at his age I would be richer then Bill Gates or at the very least President by now


----------



## jett_30032 (Jan 23, 2002)

Lori 1 hello looks like you have apretty good bugger on your hands

I had the same problem once when I let my younger nephews on my computer. Out of nowhere this ad would pop up and whala I was was looking at naked woman. well cime t find out there was an .exe file that was well hiden.

my first question is do you have zone alarm set to where it will notify you of any program trying to access the internet if not enable it to do so temporarily. When the .exe file tries to access the internet zonealarm will ask you if you want (xxxx.exe)to access the internet if it is a suspicious program mark it as suspect.

and yes you have lot of spyware on your system. the good thing is there are lots of good links on the forum to help you clean this up some you may have to do manually but it is worth it.

last but not least if you are thinking about running kazaa you may want to switch to kazaalite

happy cleaning


----------



## jm100dm (May 26, 1999)

jett_30032 

Looks like you may have missed page 2 of this thread. All is well now.


----------



## jett_30032 (Jan 23, 2002)

kool


----------



## Lori 1 (Jul 25, 2002)

I havent had any problems like I was having with the porno pic's popping up, but some of my other programs arent working right.
I tried to copy the recovery and paste it in here , to see what I should recover that I deleted. But I can't do it anyone have any ideas on this?


----------



## The_Egg (Sep 16, 2002)

Which programs aren't working?

It's possible that these are the ones which installed the spyware components in the first place. And even more likely that they aren't going to work without the spyware . . .


----------



## jm100dm (May 26, 1999)

Which programs specifically and then the original list can be compared to a current one to see what has to be restored. I too can not figure how to create a list of the backups. You could maximize your backups list and do a screen-shot and paste that here. If you don't have a program that will do that I use two. Print-key2000 and screen-hunter4.0. Both are free and work well.

sample attached


----------



## Lori 1 (Jul 25, 2002)

Where can I download these programs from?


----------



## jm100dm (May 26, 1999)

go here to download printkey2000
http://boyer203.millersv.edu/www/printkey/printkey.htm

Which programs are not working for you?


----------



## brendandonhu (Jul 8, 2002)

the Prnt SCRN key works perfectly well for simple screenshots.


----------



## Lori 1 (Jul 25, 2002)

I downloaded the program and have it on my screen now how do I put it on here? to find out what I should recover.


----------



## jm100dm (May 26, 1999)

Without knowing what you want to recover how can anyone help? 
If you had told us by now someone could have solved this for you. We are here to help. Please help us help you.

To use first you must have the highjackthis list open and showing on the screen. Then as brendandonhu suggests you could just press the print-screen key and then copy and paste into a viewer. Then attach to a post. I'm not sure which program you would save it in.


To use print-key2000 you open the program. An icon will appear in systray. Open it to open the program, select rectangle. Select the area that you want to save. Click save note where you save it to and name it what you like. I usually save to desktop. When you are done with the message that you want to post at the bottom where it says attach file press browse and select your file.


----------



## Lori 1 (Jul 25, 2002)

Jm100dm, looks like you missed something along the way. Back when The Egg told me to delete certain files, I misread it and just started deleting everything on spybot. So I goofed, and think I deleted somethings I wasn't suppose to. and I am trying to figure out which ones to recover. I need step by step, instructions on somethings.


----------



## The_Egg (Sep 16, 2002)

Eeeek! You've made me feel really guilty now, so I suppose it's only right that I do my utmost best to fix this for you.

The best way I can think of is this . . .
and it doesn't involve any screenshots...

Ok, so you checkmarked EVERY entry in the Hijack This results, and removed them all, instead of just the ones that I told you to remove (iLookUp, iWon, BonziBuddy, Diane's Breasts) . . .

We've still got your original Hijack This log on page 1 of this thread,
so why not just post your current log so we can compare the two.
Also tell us exactly which programs aren't working properly, then we can tell you which entries to restore (and how to restore them).


As for Spybot . . .
well, Spybot S&D simply removes all spyware from your system.
So, if you want to put the spyware back, then that's entirely up to you.
Sure, the programs which put the spyware there in the first place probably won't work any more, so I suggest you uninstall them and find some alternatives that don't install any spyware. It's either that, or go back to square one, with all the original problems you were having.

To restore from Spybot:
Spybot S&D tab -> click "recovery"
All items you removed should still be listed here.
You can checkmark any of these and click "recover selected products" to restore them back to how they were. Note: This is NOT recommended.

You can take screenshots of the "recovery" section if you wish.
Just maximize Spybot first, and either use the program you downloaded, or press Alt+PrtScr key (this copies the active window to the clipboard) then paste the image into any image editing app (eg. MS Paint, IrfanView, PaintShopPro, etc) and save it as a JPG. Then attach it here. If the Recovery section takes up more than one page, then scroll down the list for the next page, then repeat the screenshot process as necessary.

Most importantly, we need to know exactly which programs aren't working any more . . . otherwise we can't tell you what files & registry entries need restoring .


----------



## kilowatt1 (Oct 27, 2001)

Hello Egg and Lori1,

I took the liberty to compare the before and after "Hijack This" logs and it appears that nothing was deleted that shouldn't have been except possibly for the following registry entry:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL\,(Default) =about :blank

Even this entry being removed will cause no problems as far as I know.

Unless you are having specific problems or programs that are not working, I don't think you have anything to worry about.

Kilowatt


----------



## jm100dm (May 26, 1999)

Hello Lori

Quote
"Jm100dm, looks like you missed something along the way. Back when The Egg told me to delete certain files, I misread it and just started deleting everything on spybot. So I goofed, and think I deleted somethings I wasn't suppose to. and I am trying to figure out which ones to recover. I need step by step, instructions on somethings."

I hope that all is well again. I believe that you stated you used go-back and that took you back to before the spybot deletions.

There are several willing people here to help you. If you are still having trouble please let us know. And with what program(s).


----------



## Lori 1 (Jul 25, 2002)

Thanks The Egg, that was so nice and thought full of you but I didn't mean to make you feel guilty. sorry I will try a few of these last post, if I can even get on here, and see how it goes and post back if I can, been having problems posting on here. Thanks again everyone , will let ya'll know,


----------



## Lori 1 (Jul 25, 2002)

Logfile of HijackThis v1.92.0
Scan saved at 2:57:44 PM, on 3/9/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www04.pogo.com/index.jsp?sls=3&lkey=3d76a3872f861ec10a66fd3e0000283c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.tds-net.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Invisible!] C:\WINDOWS\DESKTOP\ICONS\INVISIBLE.EXE
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,54/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37590.732337963
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?221
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab


----------



## Lori 1 (Jul 25, 2002)

my post above is what I have now, after I deleted


----------



## Lori 1 (Jul 25, 2002)

Don't laugh, I have been working on my computer, and everytime I delete my cookies, I loose my set up with Tech support. Could someone please tell me what to do and how to get to my profile. lol I am going to write it down.lol so I won't forget it.


----------



## ~Candy~ (Jan 27, 2001)

Up at the top.....user panel.


----------



## Lori 1 (Jul 25, 2002)

Thanks Candy, your the Greatest, lol


----------



## MsPCGenius (Apr 24, 2000)

This happened to me once and I fought with my PC for well over an hour trying to keep it from automatically launching all the porn sites and placing shortcuts on my desktop. Turned out it was simple to resolve. The problem was that one of the sites I had hit had modified my IE home page. When that launched it hit every gosh-darn icky site in the world 

*From the IE desktop icon*, I modified the properties back to my old benign MSN.COM home page. I then cleaned out my history, temp internet files, the shortcuts I didn't want, etc. Rebooted and *viola* no more smut. 

Once I stopped and gave thought to why it was happening (when I first launched IE), I put the kabash on the whole mess


----------



## Lori 1 (Jul 25, 2002)

Last night I ran, Belarc Advisor on my computer, and look what I found, anyone have any ideas on how to fix these problems, with out formatting?
About Belarc

PC Management Products

Your Privacy

Computer Profile Summary 
Computer Name: Computer (in WORKGROUP) 
Profile Date: Thursday, March 13, 2003 06:17:48 
Advisor Version: 5.1n 
Windows Logon: doodles1

Click here for Belarc's PC Management products, for large and small companies.

Operating System System Model 
Windows 98 SE (build 4.10.2222) Gateway " 
System Serial Number: 0018979423
Chassis Serial Number: 0018979423 
Processor a Main Circuit Board b 
500 megahertz Intel Celeron
32 kilobyte primary memory cache
128 kilobyte secondary memory cache Board: Intel Corporation WL810 AAA15006-203
Serial Number: IUW202027290
Bus Clock: 66 megahertz
BIOS: Intel Corp. WL81020A.15A.0004.P03.0004041700 04/04/2000 
Drives Memory Modules c,d 
15.36 Gigabytes Usable Hard Drive Capacity
6.69 Gigabytes Hard Drive Free Space

MITSUMI CD-ROM FX4821T!A
Generic floppy disk drive (3.5")

WDC WD153AA-53BAA0 [Hard drive] (15.39 GB) -- drive 0 64 Megabytes Installed Memory

Slot 'DIMM1' has 63 MB 
Local Drive Volumes

c: (on drive 0) 15.36 GB 6.69 GB free

Logins Network Drives 
No details available

Installed Microsoft Hotfixes Printers 
W98.TELNET (Windows 98 TELNET Update) Reinstall! 
DataAccess 
Q318203 (details...) on 06/01/02 
Q329414-21 (details...) on 11/21/02 
Internet Explorer 
Q313829 (details...) 
Q810847 (details...) 
Q813951 (details...) 
SP1 (SP1) 
SP2 
UPD236934 (details...) 
Win98.SE 
UPD238453 (details...) Reinstall! 
UPD239887 (details...) 
UPD249973 (details...) 
UPD256015 (details...) 
UPD259728 (details...) Reinstall! 
UPD260067 (details...) 
UPD273017 (details...) 
UPD273991 (details...) Reinstall! 
Win98 
UPD245729 (details...) Reinstall! 
UPD314147 (details...) Reinstall! 
UPD323172 (details...) 
UPD323255 (details...) 
UPD329115 (details...) 
UPD811630 (details...) 
Windows Media Player 
WM308567 (details...) 
WM320920.1 (details...)

Click here to see all available security Hotfixes.

Marks a HotFix that verifies correctly 
Marks a HotFix that fails verification 
(Failing hotfixes need to be reinstalled) 
An unmarked HotFix lacks the data to allow verification Capture Mono Fax BVRP on FAX BVRP: 
HP DeskJet 950C Series on LPT1:

Controllers Display 
Standard Floppy Disk Controller
Intel 82801AA Bus Master IDE Controller
Primary IDE controller (dual fifo)
Secondary IDE controller (dual fifo) Intel(R) 82810-DC100 Graphics Controller [Display adapter]
Envision 7E [Monitor] (15.7"vis, September 2002) 
Bus Adapters Multimedia 
Intel 82801AA USB Universal Host Controller Crystal WDM Audio Codec
Gameport Joystick (no joystick connected)
MPU-401 Compatible
Wave Device for Voice Modem 
Communications Other Devices 
56K PCI Voice Modem SF-1156IV R9A
Microsoft Virtual Private Networking Adapter
Network IP Address: 209.43.57.31 PCI Modem Enumerator
Kodak DVC325 Digital Video Camera
Standard 101/102-Key or Microsoft Natural Keyboard
Microsoft PS/2 Port Mouse
USB Root Hub 
Software Licenses

MGI - PhotoPro 2 The Print Shop Photo Pro 
Microsoft - Internet Explorer 55736-580-4674786-04511 
Microsoft - MediaPlayer 53199-400-9090811-04568 
Microsoft - Picture It! Express 2000 16502-OEM-0000007-00000 
Microsoft - Windows 98 SE 30098-OEM-0072397-55731 (Key: WVBCX-H46FM-DC9V4-VBP2B-WR6TJ) 
Microsoft - Word 2000 16502-OEM-0084995-38495 
Microsoft - Works 2000 14502-OEM-0000007-00000 
Microsoft - Works Suite 2000 23099-OEM-0000007-00000

Software Versions 
Absolute Memory * 
Adobe Acrobat Version 3.0.000 * 
Adobe Acrobat Version 4.0.000 * 
Adobe Photoshop Version 5.0 * 
America Online, Inc. - AOL Instant Messenger Version 5.1.3036 * 
America Online, Inc. - Free AOL & Unlimited Internet.lnk * 
AWS, Inc.WeatherBug Version 5, 0, 0, 4 * 
Belarc, Inc. - BelManage Client Version 5.1n * 
Bible Baseball * 
Bible Jigsaw v1.5 * 
Bible Jumbles 1-Names * 
Bible Mem * 
Bible Student * 
Bible Study * 
Bible-Q for Windows * 
BigJig * 
BVRP Software - PhoneTools Version 2.17 * 
Camtech 2000 - XP Icons Version 1.00 * 
Change Folder Icons * 
Check for online updates for your Gateway. Version 1.0.0.0 * 
COClient Application Version 1.0.0.3895 * 
Configure Snowy Scenes * 
CookiePatrol Log Viewer * 
Copernic Agent Basic AGENTBASIC 6.01 ENG * 
Copernic Version 5.02 (5021ENG) * 
DBConvert Application Version 1, 0, 0, 1 * 
EasyTutor Learn Computing * 
Family Health Disc 2.0 * 
Family Health Electronic Registration * 
Fresh Software, Inc - AntiGen Version 1.0 * 
Gateway Resource Assistant Version 1.0.0.0 * 
Gateway.net Version 5.00.000 * 
Gateway.net, Inc. Sinf Application Version 5.00.000 * 
GIC Technology Inc. - IMS Show Version 5.1.000 * 
GIC Technology Inc. - IMSSHELL Version 1, 1, 0, 0 * 
GIC Technology, Inc. (CS) - IMS Enhancer Version 1.5.000 * 
Giovanni La Sala - E-Icons Version 4.00.0006 * 
Gray Design Associates - Jigsaws Galore Version 4.3.0.0 * 
GRISOFT s.r.o. - AVG Anti-Virus System Version 6, 0, 0, 0 * 
GRISOFT(c) SOFTWARE - AVG Anti-Virus System Version 6, 0, 0, 0 * 
GRISOFT(c) SOFTWARE s.r.o. - AVG Anti-Virus System Version 6, 0, 0, 0 * 
GRISOFT, s.r.o - AVG6 Version 6.0.1.374 * 
HealthAgent Application Version 1, 0, 0, 1 * 
Hewlett-Packard - Cartogra Assistant Version 1.0.061 * 
Hewlett-Packard Co. - HP DeskJet A.03.01.03 * 
Hewlett-Packard Company - HP Instant Delivery * 
Hewlett-Packard Internet Print Client Version 4, 0, 0, 1 * 
Home Bible Study-ware * 
Hpi_Prnt Application Version 1.5.0.5 * 
I.C.E. Ltd - Fun Factory Version 1.01.0007 * 
ICQ ICQRun Version 1, 0, 0, 1 * 
ICQ Version 2002a Beta * 
ICQUninstall Application Version 1, 0, 0, 1 * 
JASC, Inc. - Paint Shop Pro Version 3.11 * 
JASC, Inc. - PSP Browser Version 3.11 * 
[email protected] Puzzle * 
Mattel Interactive & MGI Software Corp. - The Print Shop PhotoPro 2 Version 3.0.0.898 * 
Mattel Interactive - Electronic Registration (USA.WIN32) Version 2, 0, 3, 2 * 
MGI Software Corp. - PhotoSuite Starter Edition Version 1.04 * 
Microsoft (r) Windows Script Host Version 5.6.0.6626 * Microsoft Clip Gallery Version 5.1.00.1221 * 
Microsoft Corporation - DirectShow Version 6.4.07.1121 * 
Microsoft Corporation - Internet Explorer Version 6.00.2800.1106 * 
Microsoft Corporation - Windows® NetMeeting® Version 3.0 * 
Microsoft Office 2000 Version 9.0.2609 * 
Microsoft Office 2000 Version 9.0.2617 * 
Microsoft Office 2000 Version 9.0.2717 * 
Microsoft Picture It! Version 4.0.0.2005 * 
Microsoft(R) Plus! for Windows(R) 98 Version 4.80.1998 * 
Microsoft(R) Windows Media Player Version 7.10.00.3068 * 
Microsoft® Works 2000 Version 5.00.2002.0 * 
Mindscape - Mavis Beacon Teaches Typing! Version 10,0 * 
Motive - Gateway HelpSpot! Version 1.01 * 
Netscape Navigator Personal Edition Version 1.2 * 
NewSoft Technology Corporation - Presto! Mr.Photo Version 1, 5, 1, 1 * 
NewSoft Technology Corporation - Presto! Panorama Version 1, 0, 2, 0 * 
NewSoft Technology Corporation - Presto! VideoWorks Version 4, 1, 0, 6 * 
PC Study Bible * 
PepiMK Software - SpyBot-S&D Version 1.1r4 * 
PestPatrol Control Center for Systray * 
PestPatrol Keylogger Protection * 
PestPatrol Version 4.0 * 
PestPatrol Version 4.0.1.3 * 
PestPatrol.com - PPUpdater Version 4.0 * 
PestPatrolCL.exe * 
Preview Systems - Vbox Version 4.6.0.11 * 
Printable Expressions * 
PrintMaster * 
RealNetworks RealOne Arcade Version 1.2.0.292 * 
RealNetworks, Inc. - RealOne Player (32-bit) Version 6.0.11.780 * 
RealNetworks, Inc. - RealOne Player (32-bit) Version 7.0.0.1135 * 
RealNetworks, Inc. - Shell executable of Setup program (32-bit) Service Build (1.2.0.292) Version 1.2.0.292 * 
RegCleaner The same as the FileVersion * 
RegVac * 
Richard Thompson / RT Software - 100% Word Search Version 2.2.0.0 * 
Seagate Software, Inc. - Backup * 
Send and Receive a Fax * 
Serif DrawPlus Version 3.0.1.0 * 
SIGNUP Version 1.2 * 
Slot Machine * 
Streetwise Clipart Gallery Version 4, 0, 0, 1 * 
Streetwise Software Inc. - By Design Home Version 7, 0, 0, 0 * 
SWSHUTTLE Application Version 1, 0, 0, 1 * 
Symantec Corporation - LiveAdvisor Version 1.0.0.812 * 
Symantec Corporation - LiveUpdate Version 1.5.3.12 * 
Symantec Corporation - Norton Integrator Version 5.01.05 * 
Talking Typing Tutor * 
Template Version 1.00 * 
The Learning Company - Event Reminder Version 1.0 * 
The Study Bible * 
The Webshots Corporation - Webshots Tray Application Version 1.3.0.3826 * 
The Webshots Corporation Swebexec Version 1.3.0.3826 * 
Verse-By-Verse Study of Book of Revelation * 
Wild File, Inc. - GoBack Version 2.1d * 
WinZip Version 8.0 (3105) * 
WORDSRCH Version 1.0.001 * 
Yahoo! Messenger Version 5, 5, 0, 1244 * 
zap2.exe * 
Zone Labs Inc. - Internet Access Monitor Version 2.6.362 * 
ZoneAlarm Version 2.6.362 *

--------------------------------------------------------------------------------

* Click to see where software is installed.
a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Intalled Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong. 
Copyright 2000-3, Belarc, Inc. All rights reserved. 
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.

--------------------------------------------------------------------------------


----------



## brendandonhu (Jul 8, 2002)

If anyone knows how to fix which problems?


----------



## Lori 1 (Jul 25, 2002)

close to the top of my post where it says reinstall.


----------



## jm100dm (May 26, 1999)

There does not appear to be any problem there. Belarc just lists all the software and hardware in your computer. Please check your mail. I sent a private message.


----------



## Lori 1 (Jul 25, 2002)

jm100dm, I had my private messages diabled but , changed it back to get private messages, could you please send it again, cause there is nothing there? Thanks


----------



## Lori 1 (Jul 25, 2002)

On my Belarc report I posted could someone tell me what the red X's mean where it also says reinstall?


----------



## gotrootdude (Feb 19, 2003)

Unfortunately, the programs that aren't working right probably lost their registry entries and will have to be reinstalled. But if you reinstall them over the old ones maybe they'll keep your program settings and info.


----------



## jm100dm (May 26, 1999)

The red x's that you are talking about are actually asterisks and you can use them to go directly to any of the listed programs. You do not appear to have any problems that show up on Bel-arc. As for the reinstalls try clicking on one of them and see if that starts the reinstall. Not sure if that will work but worth a try. I will resend message.


----------



## jm100dm (May 26, 1999)

Lori
Are you still having problems with your computer? If so please update us. Your lists appear ok.

At the end of the updates there appears to be a link to check for updates. You may be able to reinstall from there.


copied from you bel-arc list.......
UPD245729 (details...) Reinstall! 
UPD314147 (details...) Reinstall! 
UPD323172 (details...) 
UPD323255 (details...) 
UPD329115 (details...) 
UPD811630 (details...) 
Windows Media Player 
WM308567 (details...) 
WM320920.1 (details...) 


Click here to see all available security Hotfixes. <<<<Check Here


----------



## Lori 1 (Jul 25, 2002)

well I got a few of them fixed, but can't seem to get these three fixed. Andyone have any idea on theses?W98.TELNET (Windows 98 TELNET Update) Reinstall! 
WIN98.SE 
UPD273991 (details...) Reinstall! 
Win98 
UPD245729 (details...) Reinstall!


----------



## jm100dm (May 26, 1999)

Lori,

Here you go. Found them by looking only for the numbers. Let us know how it goes.

http://support.microsoft.com/default.aspx?scid=kb;en-us;245729

http://support.microsoft.com/default.aspx?scid=kb;en-us;273991

Not sure which one you need here.
http://search.microsoft.com/default...&i=03&i=04&i=05&i=06&i=07&i=08&i=09&siteid=us


----------



## Lori 1 (Jul 25, 2002)

I got the first one installed and fixed, but the second one is more complicated and I'm not sure what to do.


----------



## jm100dm (May 26, 1999)

Here you go.

http://www.microsoft.com/windows98/downloads/contents/WURecommended/q273991/Default.asp


----------



## brendandonhu (Jul 8, 2002)

just go to http://windowsupdate.com and it will search for and install the updates you need, including that one because it probably won't be detected as installed.


----------



## Lori 1 (Jul 25, 2002)

Does anyone know about the WIN98.TELNET?
{windows 98 telnet?


----------



## jm100dm (May 26, 1999)

lori,
Did you try brendan's suggestion?

This is most likely the one it refers to.(link below) Having win98se you don't need it from what this says. Probably nothing to be concerned with. If you still are trying to fix it could you provide any more info? A search of your hard-drive using find may bring the file in question up and then by right clicking and choosing properties you may get more info to work with.

http://support.microsoft.com/default.aspx?scid=kb;en-us;286043
This vulnerability exists only when you use the version of the Telnet client that is installed with Services for UNIX 2.0 on computers that are running either Windows NT 4.0 or Windows 2000. The version of the Telnet client in Services for UNIX 2.0 provides an option to create a verbatim transcript of a Telnet session.


----------

