AGAIN

[ljc1174]

First of all, I'm not sure if this is even the correct place to post this...If this post should be moved elsewhere, please do so.

But again, the blasted d/lalot opened when I clicked a new window for IE.

I emailed the NIPC(sp) and they replied with an email telling me to contact my ISP. Which doesn't seem like a solution to me.

Would contacting the BBB be a good idea?

If anyone knows of anyone else I can contact to report this annoyance, please let me know.

Or if anyone has any further suggestions to stop them from loading as my homepage (which is still set to about:blank), please by all means help.

IE-Spyad has been installed, this search and d/lalot have been added to my restricted sites and all cookies have been blocked.

I'm going to run TDS auto start up to see if maybe it'll show up in there and I'm also going to run the What's Happenning program. And whatever else I have on here to see if they show up. There has to be a program out there to block these jerks!

Thanks,
Lori http://www.plauder-smilies.de/smash.gif

[ljc1174]

Just a thought, but would unistalling IE6 from my programs then reinstall, would that be helpful or harmful?

[Pieter_Arntz]

I don't see how it could be harmful but you'd have to be very thorough to make sure it helps. What OS are you using?

Regards,

Pieter

[ljc1174]

Windows ME

My restoration cd has IE5, I would have to go through all the updates again, but... if that's my only option... hopefully it isn't though!

~Lori

[Pieter_Arntz]

Lori,

Have a look at this one: http://www.litepc.com/ieradicator.html
Make sure you download the installer for you new version of IE (may I recommend IE 5.5 SP2 ) before you eradicate the old version.
This one is thorough but does not work for win2k SP2 or XP (That's why I asked) ME should be no problem.
I hope it gets rid of your problem as well.

Regards,

Pieter

PS You can ifnd the installer for IE 5.5SP2 here: http://www.microsoft.com/windows/ie/downloads/recommended/ie55sp2/default.asp

[ljc1174]

I had the IE5.5SP2 installed but everyone kept telling me to update to IE6 and that it would fix the problem.

Whatever the problem is it's attached it IE somewhere in my pc. I've searched every folder I could open for anything relating to d/l or searchalot.

So since I am using IE6 would it make sense to d/l IE5.5sp2?

I only mentioned IE5 b4 because that is what's on my restoration cd. Removing IE from my pc would mean I would have to d/l msn explorer and I don't want to do that not even for temp useage. That's why I am looking for any other ways to solve this annoying issue!

I scanned with Ad-Aware, Spybot, TDS (updated it first) and what's happenning. Nothing is found. Or that I can tell anyway. Everything "appears" normal. But I was reading about Optix Lite and just to be on the safe side I'm going to run TDS autostart again. I'm sure I'd have some sort of clue if I had that Optix thing, but, I'd rather db'l check anyhow.

~Lori

[TonyKlein]

At this point I really can't remember what you have or haven't tried, but I don't think reinstalling IE 6.0 or reverting to 5.5 SP2 will change anything.

Pieter's proposal of running IEradicator is drastic but it may stand a chance, as it truly eradicates all IE related files, folders and registry keys.

However, if your uninvited guest is not part of it, it obviousl;y won't be affected one bit.

I forget, but have you tried running BHODemon?

If not, download it, launch the program, and tell us what BHOs it detects.

[ljc1174]

Yes, I have BHO Demon...
It only detects ACROIEHELPER.OCX and YCOMP4,0,2,8.DLL.
Isn't that yahoo and adobe acorbat(sp) reader?

If all else fails, and if I'm going to remove IE from my pc, then yes, I will use the IEradicator. But you said you don't think it will delete the annoyance? If I've searched everything on my pc and can't find anything wouldn't that mean that it is more then likely attached to my IE somewhere or is it just attached somewhere to my hard drive? If that's that case then wiping out my hard drive would be the only solution to getting rid of it, correct?

~Lori

[ljc1174]

In regards to removing IE from my pc... I was curious as to what the opinions were towards the other browser's... I was also curious about the opinion's of others, if I do remove IE, should I reinstall it? Or continue to just use a different browser.

But this is if I don't figure out someway to remove the d/l-searchalot garbage. Which is highly unlikely!

Thanx in advance for thoughts!
~Lori

[TonyKlein]

Quote:

quoting: Lori link=board=21;threadid=3427;start=0#23113 date=1031067128]
Yes, I have BHO Demon...
It only detects ACROIEHELPER.OCX and YCOMP4,0,2,8.DLL.
Isn't that yahoo and adobe acorbat(sp) reader?

Yep. I now seem to remember we did do that one before...

About Ieradicator, as we don't know what exactly this is, or where it 'lives', there's no telling whether removing iE will help.

Did you already do a registry search by keyword searchalot?

Try it. After the first found instance press F3 to go to the next one.

Tell us the exact and complete registry keys they're located in, if they're there at all.

[ljc1174]

A registry search with autostart on the TDS program?
If not, I don't know where to find the registry keys.

(sometimes ignorance isn't bliss)

[TonyKlein]

No, this has nothing to do with TDS-3

Start > Run > Regedit

Edit > Search

[ljc1174]

HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA

this is what i did, clicked start, clicked run, typed Regedit and hit ok. correct?

[TonyKlein]

Yup!

Now do a searchalot keyword search.

In the Search box, make sure 'Keys' AND 'values' are checked.

[Jooske]

Hi again, sorry to see you have that d/l thing back.
You remember whou did the "repair instal" i guess, did you ever visit that d/lalot searchalot with this version of IE or with the former 5.5?
How about trying to put all back to your blank homepage, then do that "back to former version" (still with the restore disabled), you'll have to reboot,
see what happens after reboot. After you might like to go to the Windows update sind grab their latest 6.0 and see what it will be. The security updates for 6 are not so really many yet, so that's better than keeping this frustration.

I must say read a lot of very wonderful advices here; learning new things each day!

I see you posted in the meantime about the registry part, i leave that part to the guys who really know how to guide you there sep by step.

[ljc1174]

Quote:

quoting: TonyKlein link=board=21;threadid=3427;start=0#23137 date=1031073845]
Yup!

Now do a searchalot keyword search.

In the Search box, make sure 'Keys' AND 'values' are checked.

where am i typing in searchalot?
start, run, type in searchalot?

[TonyKlein]

No, read what I posted:

After launching Regedit, go to Edit > then to Find

[ljc1174]

Hi Jooske,

I am running IE6 with all available updates and patches MS has.

I can't put my pc back on disable system restore, it was booting up with the blue screen,
ERROR:OE:0177:BFF7B018

I posted previously about it on the other thread, but I don't think anything was mentioned about it.

Also, I have updated all the updates for my pc including the system restore update/fix.

When I use Window's Update, all it has to offer me are the conversion tools. Which I don't need.

~Lori
BTW:
Yes, I did visit search and d/l alot to find ways to email them. After that, I had the IE-Spyad installed. And my homepage setting hasn't been changed by me, it still reads about:Blank.

[ljc1174]

Soooooooooooooo...

Everything that shows up on this search is only for searchalot and should be deleted?

[TonyKlein]

Well, I'd like to know what it is first.

Everything you delete in the Registry doesn't end up in the recycle bin, but is gone forever.

Maybe first back up your registry: what version of Windows were you running?

[ljc1174]

I have windows ME

does this help? i saved it then opened it with word pad...

REGEDIT4

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0]
"VerStamp"=dword:00000003
"HelpUrl"="http://www.searchalot.com/?IE6"
"BodyBarPath"="http://www.searchalot.com/ie6advert.htm"
"ShowBodyBar"=dword:00000001
"HideFolderBar"=dword:00000001
"Tree"=dword:00000001
"Show Outlook Bar"=dword:00000000
"ShowStatus"=dword:00000001
"Show Contacts"=dword:00000000
"Tip of the Day"=dword:00000000
"ShowToolbarIEAK"=dword:00000001
"Toolbar Text"=dword:00000001
"SpellDontIgnoreDBCS"=dword:00000001
"MSIMN"=dword:00000001
"StoreMigratedV5"=dword:00000001
"ConvertedToDBX"=dword:00000001
"Settings Upgraded"=dword:00000007
"Running"=dword:00000000
"Store Root"="C:\\WINDOWS\\Application Data\\Identities\\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\\Microsoft\\Outlook Express\\"
"PrevToolbarTextStyle"=dword:00000001
"Outlook Bar Settings"=hex:01,00,00,00,00,00,00,00,00,00,00,00,05,00,00,00,00,\
00,00,00,00,00,00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,\
00,00
"Launch Inbox"=dword:00000000
"Migration Done"=dword:00000001
"Saved Toolbar Settings"=hex:11,9e,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,\
07,9d,00,00,c4,9c,00,00
"Saved Toolbar Settings Version"=dword:00000011
"Browser Bands"=hex:11,00,00,00,04,00,00,00,64,00,00,00,80,02,00,00,64,00,00,\
00,66,00,00,00,02,00,00,00,16,00,00,00,65,00,00,00,01,02,00,00,64,00,00,00,\
67,00,00,00,09,00,00,00,64,00,00,00
"Toolbar Icon Size"=dword:00000001
"BodyBarPos"=dword:00000032
"Nav Pane Width"=dword:000000c8
"Nav Pane Split"=dword:00000042
"BrowserPos"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,64,00,00,00,51,00,00,00,bc,02,00,00,e6,01,00,00
"SpoolerDlgPos"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,9c,00,00,00,56,00,00,00,84,02,00,00,ed,00,00,00
"SpoolerTack"=dword:00000000
"Show Deleted Messages"=dword:00000001
"Show Replies To My Messages"=dword:00000000

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
"File0"="Clear Day.htm"
"File1"="Nature.htm"
"File2"="Maize.htm"
"File3"="Sunflower.htm"
"File4"="Citrus Punch.htm"
"File5"="Blank.htm"
"File6"="Leaves.htm"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Mail]
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Default_CodePage"=dword:00006faf

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules]

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Mail]

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter]
"Version"=dword:00050000
"Order"="FFA FFB FFC FFF"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\MRU List]

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA]
"Name"="Show All Messages"
"Enabled"=dword:00000001
"Version"=dword:00000004

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Criteria]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Criteria\000]
"Type"=dword:00000014
"Logic"=dword:00000000
"Flags"=dword:00000000

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Actions]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Actions\000]
"Type"=dword:0000000f
"Flags"=dword:00000000
"ValueType"=dword:00000013
"Value"=dword:00000001

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB]
"Name"="Hide Read Messages"
"Enabled"=dword:00000001
"Version"=dword:00000004

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Criteria]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Criteria\000]
"Type"=dword:0000001c
"Logic"=dword:00000000
"Flags"=dword:00000000

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Actions]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Actions\000]
"Type"=dword:0000000f
"Flags"=dword:00000000
"ValueType"=dword:00000013
"Value"=dword:00000002

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC]
"Name"="Show Downloaded Messages"
"Enabled"=dword:00000001
"Version"=dword:00000004

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Criteria]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Criteria\000]
"Type"=dword:00000019
"Logic"=dword:00000000
"Flags"=dword:00000000

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Actions]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Actions\000]
"Type"=dword:0000000f
"Flags"=dword:00000000
"ValueType"=dword:00000013
"Value"=dword:00000001

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF]
"Name"="Hide Read or Ignored Messages"
"Enabled"=dword:00000001
"Version"=dword:00000004

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Criteria]
"Order"="000 001"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Criteria\000]
"Type"=dword:0000001b
"Logic"=dword:00000001
"Flags"=dword:00000000
"ValueType"=dword:00000013
"Value"=dword:00000002

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Criteria\001]
"Type"=dword:0000001c
"Logic"=dword:00000000
"Flags"=dword:00000000

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Actions]
"Order"="000"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Actions\000]
"Type"=dword:0000000f
"Flags"=dword:00000000
"ValueType"=dword:00000013
"Value"=dword:00000002

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\News]
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"Accounts Checked"=dword:00000001
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"ThreadArticles"=dword:00000001
"Saved Toolbar Settings"=hex:12,9e,00,00,f2,9c,00,00,f0,9c,00,00,f4,9c,00,00,\
ff,ff,ff,ff,b4,9c,00,00,dd,9c,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,07,\
9d,00,00,c4,9c,00,00,79,9d,00,00,06,9d,00,00
"Saved Toolbar Settings Version"=dword:00000011

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Trident]

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Trident\International]

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Trident\Settings]

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Trident\Main]
"Move System Caret"="no"

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0\Columns]
"News Column Info"=hex:10,00,00,00,07,00,00,00,10,00,00,00,09,00,00,00,ff,ff,\
ff,ff,16,00,00,00,09,00,00,00,ff,ff,ff,ff,17,00,00,00,09,00,00,00,ff,ff,ff,\
ff,02,00,00,00,01,00,00,00,ff,ff,ff,ff,01,00,00,00,01,00,00,00,ff,ff,ff,ff,\
04,00,00,00,03,00,00,00,ff,ff,ff,ff,05,00,00,00,01,00,00,00,ff,ff,ff,ff

[ljc1174]

And just for the record, after the last time I had to write zero's through my hard drive, I haven't used outlook express. I used it once and ended up with a virus, which forced me to write out my hard drive and reinstall. I haven't used it since and never plan to again.

[TonyKlein]

Lori,

Copy the bold to Notepad, save as Del.reg, and doubleclick to enter into the registry:

REGEDIT4

[HKEY_CURRENT_USER\Identities\{8E222FBD-1A52-4095-9FB3-436B46EFE989}\Software\Microsoft\Outlook Express\5.0]
"HelpUrl"=-
"BodyBarPath"=-

That will get rid of the two Searchalot entries.

There may however be more.

Start all over again, and show us what else it finds.

Post it here.

Next, type F3 in order to go to a possible next instance.

[ljc1174]

clicking start, run and typing regedit gave me all the info for searchalot again w/o typing in searchalot under find.


So, I typed in downloadalot and got this...

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="DNS01.EXODUS.NET"
"001"="Hostess"
"002"="ie spyad"
"003"="IE-spyad"
"004"="hosts"
"005"=" DNS01.EXODUS.NET"
"006"="www.searchalot.com"
"007"="www.downloadalot.com"
"008"="searchalot"
"009"="Spybot S&D"
"010"="BHODemon"
"011"="Ad-Aware"
"012"="Kazaa"
"013"="shelliconcache"
"014"="tweakui.exe"
"015"="TweekUI(1).exe"
"016"="Tweak"
"017"="ndetect"
"018"="mgi"
"019"="picture works"
"020"="b3d projector"
"021"="DOWNLOADWARE"
"022"="wink.exe"
"023"="Norton"
"024"="downloadalot"

I copied what you had in bold to notepad, db'l clicked it and it asked if I wanted to enter it to the registry. Was that correct?

[ljc1174]

I will be away from my pc for awhile... I should be back on around 4 or 5.

~Lori