IE Problem - Please Help!!

By yaduks
Feb 2, 2005
  1. Hi,

    it seems ever since i accidently lowered my security settings on IE when i was haveing Java problems on a website something has embedded itself on my PC and i can't find it to remove.

    I like playing poker and casino software online. I have noticed two problems now when i'm on the internet:

    1) When i go to a URL which includes the words "Poker" i automatically get routed to an unwanted URL

    2) The same happens with the word "casino" but i get routed to a different URL.

    Because my laptop is the property of my employer, i approached them to advise on spyware removal and they installed and ran a program which removed various programs but has not solved the problems above.

    Can anyone help me please?


  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. yaduks

    yaduks TS Rookie Topic Starter

    Thanks for the info.

    I think i have another problem now in that when i try to access safer-networking i get directed to adwareremovergold.

    Is this evidence of another infection?

    What i do notice when on my URL line before the adware link comes up is reference to res://C:\WINNT\system32\shdoclc.dll/navcancl.htm

    Could this have something to do with problem? Any suggestions?


  4. Powelly

    Powelly TS Rookie


    Seems to me that your computer is full of spyware. I had this trouble when i connected to microsoft for updates.

    Try Spyware blaster, adaware, spyware sweeper and see if that helps
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Get a friend to download those programs for you and burn them on a CD or copy them on a USB-memorystick.
    Even just following the HJT-advise in my post (and running it) should get you on your way to do the rest.
  6. yaduks

    yaduks TS Rookie Topic Starter

    Ok, so i've done the hijackthis file (attached). I then ran CWshredder, that came up with no problems.

    I read through the instructions for removing common hijackthis rotters but not 100% sure if what i'm doing is correct. Would appreciate someone to look at this file.


  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode
    Try to UNinstall anything to do with this crap:

    C:\Program Files\STOPzilla!\Stopzilla.exe
    C:\Program Files\tioga\client\bin\tgcmd.exe

    Next, press ctrl/alt/del and try to stop these processes:

    Next, run HJT on its own and 'fix' (if still there):
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {19465EEA-66ED-9DD5-4C60-836C3AF45C0D} - C:\WINNT\system32\cfcbvxva.dll
    O2 - BHO: (no name) - {C34ACC26-C638-0FDD-BC9D-A3857A1CFB08} - C:\WINNT\system32\ufzyblth.dll
    O4 - HKLM\..\Run: [Tgaddsrv] "C:\apps\supportcom\bin\tgfix.exe" /fds
    O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\client\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [mgbrvhyi] C:\WINNT\system32\mgbrvhyi.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1029.dll,InstantAccess
    O4 - Global Startup: cp_lawsonprod.bat --->>> you decide <<<---
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O12 - Plugin for .ext: C:\Program Files\Internet Explorer\PLUGINS\npradia.dll
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
    O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) -
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2D6404-F5C0-4950-9D2E-D801E1813733}: NameServer =,
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINNT\system32\msupd5.exe

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
  8. yaduks

    yaduks TS Rookie Topic Starter

    seems to have done the trick. I can now access the correct web pages.

    Many thanks!

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...