Computer Hope
Software => Computer viruses and spyware => Topic started by: gpcii on September 13, 2004, 10:57:44 AM
-
I am wanting to remove or disable a filter program. We installed it almost a year ago. The only thing I know to do is a system restore, but I don't want to go that far back. We like the program as a whole, but it has gotten out of control. We are blocked from sites that are perfectly safe (e-bay etc.) Any suggestions? I tried going through the registry, but I still can not find it.
-
Uninstall the program or reconfigure it?
-
Thanks for the reply. The program is nowhere to be found on my computer. Also, there are no configuring options. It seems to be controlled by a third party.
-
gpcii.....What operating system are you using ?
Can you not go to your program files and look thru them all and see if you can find it that way ....are there no controls or a icon in your tool tray ...which may give you a clue as to what it is ?
let us know
dl65 ???
-
Windows ME. It is not in my system tray. It might be under a name I don't recognize, but I'm afraid of just going in and deleting files. I think it is a program that starts up when I boot up. I think this because when we initialy downloaded it we had to restart our computer. I followed the directions (on this site) regarding the removal of start-up programs, but without sucess.
-
How can you not find what you installed yourself?
Scan for viruses, trojans and spyware just to be certain..
-
The program did not make a program folder, there is no program on my computer that even looks like it is the same. When we installed it did not ask us the normal questions (ie. where to install). It is as if it hid itself somewhere in our computer and is watching our internet activity and blocking sites that we visit.
I have run spyware S&D, Adware and other registry utilities to no avail.
-
If you know the name of the program you can look it up by using the Windows search tool to search your hard drives?
-
Raptor ... I have done all of this. The program does not seem to exist, yet I am affected by it. I wonder if it saved under another name. I do remember this however, it was advertised to work as follows:
My computer dials into another remote computer which filters the internet content before returning to me. So... maybe the program itself is not on my computer? But, then how would I disable the "re-route"?
Once again, thank you for your time.
-
gpcii.......Here's something you might try .....download hijackthis and have it generate a log , which you can post here......it will show all the running processes and we may be able to find it for you ......
http://www.majorgeeks.com/download3155.html
Can you recall the program that you D/Ld it may also give us a clue.
let us know
dl65 ???
-
My computer dials into another remote computer which filters the internet content before returning to me. So... maybe the program itself is not on my computer? But, then how would I disable the "re-route"?
I think you would have to contact your Internet Service Provider if you wish to obtain different settings.. I donot have much experience with dial-up modems.
-
Thank you for the advise dl65 and Raptor. I will down load Hijack this afternoon. As to dial up, I had dial up when we first installed, but now I have DSL.
-
If you say your content is being filtered from somewhere else, it is most likely your provider? Did you search through their website to see if your problem is in their database.?
-
I think this is the log you were refering to dl65:
Logfile of HijackThis v1.98.2
Scan saved at 8:11:11 PM, on 9/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ONTRACK\POWERDESK\PDEXPLO.EXE
C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.prodigy.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\PROGRAM FILES\HELLO\PICASACAPTURE.DLL
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\ws2dummy.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.prodigy.net/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/123b357caed5aae92b05/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sbcglobal.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.13.28.12,151.164.1.8
-
gpcii....The last entry 017....... with the two ip addresses ....can you check and see if they belong to your server , because when I googled them they dont appear to be valid .......read this.......
http://computercops.biz/HijackThis.html .... look at item 017 .........that may be the culpurit.
Heres some other good reads to help read and understand your log.
http://computercops.biz/CLSID.html
http://computercops.biz/StartupList.html
let us know
dl65 ???
-
gpcii....The last entry 017....... with the two ip addresses ....can you check and see if they belong to your server , because when I googled them they dont appear to be valid ....
Please forgive my ignorance, but how would I go about checking if they belong to my server? I do use SBCGLOBAL.NET, but as to the series of numbers, I have no idea.
Thanks.
-
That is most likely the IP adress your ISP has. No need to worry about that.
However, why not contact your ISP and ask them what you can do about the filter?
-
However, why not contact your ISP and ask them what you can do about the filter?
Will do. Thanks.
-
Those two addresses do, in fact, resolve to sbcglobal.net
-
I've contacted my ISP. They said to check my proxy settings, and that it should not be marked. (It's not)
They said that I could also run a tracert in dos. (I did, but how would I know if what was traced was a problem?)