Need help with...not sure what

Discussion in 'privacy problems' started by HuskyNan, Sep 20, 2003.

Thread Status:
Not open for further replies.
  1. HuskyNan

    HuskyNan Guest

    Hello, all, I am a newbie to security & privacy software. I also have an unfortunate habit of not learning about my PC's innards until I need to, so please bear with me.

    I had finally become tired of pop-up ads and asked for suggestions on privacy software. I had recommended to me adding Spy-bot, Ad-aware and SpywareGuard.

    I added Spy-bot first (this week on Tuesday) and on Wednesday my browser was hijacked. I added SpywareGuard and Ad-Aware that day and got my browser back. I have since added SpywareBlaster.

    Now, my problem is that I get about a bijillion open files, empty, lined up at the bottom of my computer screen, as if I had opened a program but nothing's there. My brother tells me I probably am getting pop-ups from something that's still on my pc, but the privacy software is keeping the bot from getting access to its web site.

    We went through all my star-up programs together and deleted likely suspects, but I continue to get these empty programs.

    I am running on Windows 98. The empty pop-ups don't show up when I'm on-line, only when the PC isn't in use. If I do a Control-Alt-Delete to see which programs are running, I can identify all of them and they are supposed to be on my system.

    Help! Help! What can I do now?
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi HuskyNan,

    Could you post your HijackThis log
    Download, Unzip and run HijackThis. Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  3. HuskyNan

    HuskyNan Guest

    Here's the log from Hijack This. Last night I deleted something in the program files from New.Net but I still have the problem.


    Logfile of HijackThis v1.97.2
    Scan saved at 4:34:51 PM, on 9/20/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
    C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\CREATIVE\PLAYCENTER2\CTNMRUN.EXE
    C:\WINDOWS\RunDLL.exe
    C:\HP PHOTOSMART\PHOTO FINISHING SOFTWARE\ONLINEREG\REMIND32.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PALM\HOTSYNC.EXE
    C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.rivals.com/forum.asp?sid=1039&fid=1367&style=1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sfvrvj7g.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sfvrvj7g.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [lhsfobc] "C:\WINDOWS\SYSTEM\LHSFOBC.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\CREATIVE\PLAYCENTER2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Microsoft Office.lnk = D:\Publisher\Office10\OSA.EXE
    O4 - Startup: Reminder-hpc40404.lnk = C:\HP PhotoSmart\Photo Finishing Software\OnLineReg\Remind32.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yse/yinstmulti.cab
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi HuskyNan,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [lhsfobc] "C:\WINDOWS\SYSTEM\LHSFOBC.exe"
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net

    Then reboot and delete:
    C:\PROGRAM FILES\NEWDOTNET <= entire folder

    Then pay the Windows Update site a visit and install at least all the critical updates.

    Keep us posted if that helps,

    Pieter
     
  5. HuskyNan

    HuskyNan Guest

    Last night I deletd

    O4 - HKLM\..\Run: [lhsfobc] "C:\WINDOWS\SYSTEM\LHSFOBC.exe"

    then found out my IP software didn't work. When I reloaded it, my IP came up OK. Is there anyway of finding if SBC has this spyware imbedded in it's software or if it's somehow connected? I didn't delete it today.

    I am typing this from my kids' computer because IE is giving me an error message. I'm told that

    "This page cannot be displayed" and that the web site may be experiencing technical difficulties or that my browser may need to be adjusted. I am using IE 6.0. Any suggestions?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hmm. Could you send me a copy of C:\WINDOWS\SYSTEM\LHSFOBC.exe
    to the email address in my profile?

    I'll have a look and will let you know.
    Restore it if that bring back your connection.
    If it doesn't download LSPFix from http://www.cexx.org/lspfix.htm and use that to remove unwanted entries from your LSP stack.

    Regards,

    Pieter
     
  7. HuskyNan

    HuskyNan Guest

    I apologize for not explaining my problem well.

    I didn't delete the LHSFOBC.exe file when I deleted the others because it did cause problems last night. I deleted the other 5 that you suggested I delete. They were:

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net

    Now, whenever I try to go into IE or Netscape, I am unable to access the internet. Both browsers tell me that they are unable to access the page I am requesting.

    I checked the internet connection and it said it was operating normally. I simply am not able to get on-line because the browsers give me error messages.

    Unfortunately, SBC Yahoo forces me to use their mail system, so I am unable to e-mail you the LHSFOBC.exe information. I am also unable to download any fixes.

    Everything else on our PC is working fine and we no longer have the pop-ups that were the reason I came here in the first place :)
     
  8. HuskyNan

    HuskyNan Guest

    I am back on-line. I ran Spybot and AdAware then tried to come back on-line again and here I am. It makes no sense, but it works.

    How can I send you a copy of the

    C:\WINDOWS\SYSTEM\LHSFOBC.exe

    I find it listed under C:\Windows\System and also under C:\Windows\Temp. I will be glad to send you a copy but am not sure how to do what you need.
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
  10. HuskyNan

    HuskyNan Guest

    OK< thank you very much.

    By the way, I can now access the internet, but the empty pop-ups are back.
     
  11. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Try the following:

    Copy the bold lines to Notepad, and save as Taskbar.reg (save as 'all file types' ).

    Doubleclick Taskbar.reg, and answer 'yes' to the prompt to add its contenbts to the registry.

    Now restart your computer, and tell us whether that has helped.


    REGEDIT4

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]




    Good luck,
     
  12. HuskyNan

    HuskyNan Guest

    The file we had been discussing appears to be a big problem. I am referring to

    C:\Windows\System\LHSFOBC.exe

    I tried to send a copy to Pieter, but Yahoo told me it was a virus so I didn't send it.

    I updated McAfee and ran a virus scan, and it showed up as a virus but McAfee was unable to clean it. Do I just delete it from my system?
     
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    If both McAfee and Yahoo tell you the file is viral in nature, it's unlikely to be a brand new baddie.

    However, do feel free to send Pieter a copy, if Yahoo will allow you to.
    He'll be prepared for that eventuality.

    After sending him a copy, feel free to delete the file.
     
  14. HuskyNan

    HuskyNan Guest

    I'm sorry to sound so clueless but please bear with me.

    1. Where do you want me to open notepad?

    2. The file C:\Windows\SYstem\LHSFOBC.exe refuses to be deleted. My PC tells me it's running. So, how do I get rid of it?

    Thank you, Tony and Pieter, for all your help and your patience.
     
  15. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Just go to Start > Run, type Notepad and hit 'enter'.

    Notepad will launch. Now copy those three bold lines and paste them into that new text document.

    Save anywhere you like as Taskbar.reg (make sure you save the file as 'all file types' ).

    Doubleclick your newly created Taskbar.reg file, and answer 'yes' when prompted to add its contents to the registry.


    As for the file being in use, do a Ctrl-Alt-Delete in order to bring up Task Manager.
    Highlight the LHSFOBC process, and choose 'end task'..
    Subsequently you'll be able to delete it.
    Alternatively start your computer in Safe Mode, and delete it there.


    Good luck,
     
  16. HuskyNan

    HuskyNan Guest

    Well, I've deleted the C:\Windows\System\LHSFOBC.exe program and added the lines to the REGEDIT as was suggested and I'm still getting the empty pop-ups. Here's the Hijack This log that I just copied. I'd really love to get rid of the pop-ups.


    Logfile of HijackThis v1.97.2
    Scan saved at 2:37:37 PM, on 9/21/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
    C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\CREATIVE\PLAYCENTER2\CTNMRUN.EXE
    C:\WINDOWS\RunDLL.exe
    C:\HP PHOTOSMART\PHOTO FINISHING SOFTWARE\ONLINEREG\REMIND32.EXE
    C:\PALM\HOTSYNC.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.rivals.com/forum.asp?sid=1039&fid=1367&style=1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sfvrvj7g.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\sfvrvj7g.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\CREATIVE\PLAYCENTER2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Microsoft Office.lnk = D:\Publisher\Office10\OSA.EXE
    O4 - Startup: Reminder-hpc40404.lnk = C:\HP PhotoSmart\Photo Finishing Software\OnLineReg\Remind32.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yse/yinstmulti.cab
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi HuskyNan,

    This still needs fixing:
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup

    Could you check the properties of one of these mystery pop-ups and tell us what they say?

    Regards,

    Pieter
     
  18. HuskyNan

    HuskyNan Guest

    When I check for properties, I usually use my right mouse button, click then choose Properties from the menu, so I assume that's what you wanted me to do? Anyway, nothing happens if I right click on the empty program. If I click and hold the right mouse button a couple of the empty programs "named" themselves (Sorry I don't know the right term)

    One of the empty programs said "favorites" and the other said "CiceroUIWndFrame".

    I have deleted the

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup

    I deleted it yesterday too, so it has come back somehow. Isn't SpywareBlaster supposed to prevent that?
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi HuskyNan,

    Do you have Office XP?

    NewDotNet is not running, so SpywareBlaster is doing it's job allright.

    Regards,

    Pieter
     
  20. HuskyNan

    HuskyNan Guest

    We have Windows 98 on our PC.

    I think I may have solved my problem, although I'm not sure how it started. I decided to simply watch my PC to see how long it took for the empty programs to start. As it turns out, they showed up when our screen saver would normally start up. So, I simply changed the type of screen saver and the time it takes to come up and we've had no more empty programs since then.

    I don't understand why this started happening right after we started using the privacy software. I thought the privacy software and the empty programs must be related, but perhaps not?
     
Thread Status:
Not open for further replies.