cactus jim

Ok chaps, really need your help.

I am computer literate, but this one is killing me.

Windows XP SP2 - Pentium III 800 - 700MB RAM

Internet Explorer 6 etcetc
CA E-trust Antivirus
Windows XP SP2 Firewall
Secretmaker Mail and Internet Spyware Blocker
Lavasoft Ad-Aware Personal Edition
Hijackthis

Problem is that i am getting very persistant pop-ups.
Most images blocked in Internet Explorer (esp on this site)
Shortcuts in windows explorer and on desktop for Casinos appear every day even after they are removed by Ad-aware.

I have run all those packages above, everything comes up clean then an hour later they are all backup again.

i ran hijackthis, cleaned nearly all the items from the list and i am still getting these problems.

Any ideas, at all?? Am i doing/not doing anything really stupid?

MJW

Hmm it could be spyware re-activitating itself by exploiting the system restore facility. To disable system restore, right click the My Computer icon and select properties. Click on the system restore tab and check the box marked 'turn off system restore on all drives'. Then run your anti-spyware software. Ensure Ad-Aware has been recently updated. I also use Spybot Search & Destroy (click here to download) which is good.

[edit] you can switch system restore back on after you've cleaned everything out, using the same method but I usually leave it off.

Suresh

Try using a different (and possibly better) browser

http://www.mozilla.org/products/firefox/

cactus jim

ok, switched off system restore and see how that works.

ran ad-aware. 139 new malware objects. last ran it on sunday. all from LOP.com!! Amazing, how are they getting back onto the computer so quick?

i dont really want to move to mozilla yet as perhaps it wont solve the problems i am having, there is obviously some deep seated ad/malware software running in the registry perhaps??

i will run it again, even though it cleaned all the malware items up.

i dont seem to have ever got a virus, but this problem keeps appearing.

also, any ideas why i am not getting most (but not completely all of them) images blocked in explorer, esp on this site??

for instance if there is an image where people have commented on it, i see nothing. if i reply to the thread, i get a img url. if i cut and paste that into a browser it still doesnt load!! v.strange!!

MJW

Yes, Firefox is definitely better than IE, and much easier to use. I'd do a full virus check with the latest update just as a precaution. If you want a 'second opinion' you can run the online virus checker on the Trend House Call website Also I would recommend you run Spybot after you've run Ad-Aware to see if it missed anything (you need to update that too)
The non-display of some pics in web pages may be due to an anti-ad program that's running in your system tray eg. if you have Ad-Watch along with Ad-Aware. Is it just advert images and forum images that won't display ?

scoobyboy

dont get any probs like that on my mac (sorry not very helpful i know)

cactus jim

haha, thats the best response yet. reasons for using a mac!!!

ok, chaps, thanks for the input. i think i shall sack off IE, just re-run adaware for the third time and its not cured anything even though its found loads of ads.

a toolbar keeps appearing along the bottom of the screen and search200.com keeps taking over my default browser url!!

how do you un-install IE? cant seem to find it in add/remove programs

MJW

I don't think you can easily un-install IE as Microsoft embedded it into the operating system so everyone would use it. I left it installed but just dont use it.
Hijackthis should clear the search2000.com toolbar if its up to date.

cactus jim

ok, gonna use mozilla instead, i have used hijackthis, however its the same regisrty problems returning time and time again.

i have cleared most, these remain, can anyone suggest if any of these are suspect?

would google toolbar cause the problems, i have that installed!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINNT\System32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] G:\Itunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SettingsRealJumpOoze] C:\Documents and Settings\All Users\Application Data\Barb Poll Settings Real\balm meet.exe
O4 - HKLM\..\Run: [QuickTime Task] "g:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [64CoolModeFunk] C:\Documents and Settings\All Users\Application Data\fork data 64 cool\BikeGpl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Store regs] C:\DOCUME~1\JAMESB~1\APPLIC~1\AXISTH~1\One Roam.exe
O4 - Global Startup: SECRETMAKER.lnk = F:\Games and Software\VCDImagerGUI\secretmaker.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097931275160
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

MartinM

Google toolbar should be OK

Then (this worked for me when I had a very persistent set of viruses).....

Boot up without the network/internet connected and spend time getting the machine cleaner than a standalone clean thing.

Check that your hosts file (somewhere down from c:\windows) is clean - should normally just have '127.0.0.1 localhost' in it

Then make sure your firewall and realtime Av stuff is running...

...then shut down, reconnect network/internet and reboot

YMMV

cactus jim

right, breakthrough,

screw microsoft, they can keep IE. i now have Mozilla Firefox in all its glory, no pop-ups and a much faster t'internet connection.

who cares if i have these BHO's!!! they dont seem to affect now.

thanks chaps, proper t'internet again, where is bit torrent!

by the way the images issue was Secretmaker blocking not images but the sites the images were hosted on, now that i have added them to the whitelist, they re-appear.

all happy again.

cheers

jb