Over 1 million tech questions and answers.

HijackThis log - lots of popups

Q: HijackThis log - lots of popups

I have run spybot and cwshredder in safe mode. This is my hijack this log after I rebooted into normal mode. Not sure how to get rid of everything here. Thanks for any help.
Logfile of HijackThis v1.97.7
Scan saved at 9:15:52 AM, on 08/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINACS\ACSTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\wdskctl.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Free Downloads Accelerator\fdaagent.exe
C:\Documents and Settings\pwalker\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ACSTray] C:\WINACS\ACSTRAY.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2603963ee82825b4f806/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37813.2873726852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eagle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{503E59AC-18AD-4A72-9149-6F9897F8DA3C}: NameServer = 206.246.194.10,206.246.194.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eagle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eagle.com

RELEVANCY SCORE 200
Preferred Solution: HijackThis log - lots of popups

I recommend downloading and running DRP. It's a recovery tool that has been proven to recover files that most other programs have no luck with. I've even recovered files from freshly formatted or partitioned drives.

You can download it direct from this link http://goo.gl/v51TwD. (This link will automatically start a download of DRP that you can save to your computer.)

A: HijackThis log - lots of popups

Lets begin by rescanning once again with hijack and putting a check next to each of the following then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll

O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2603963ee82825b4f806/netzip/RdxIE601.cab
then reboot into safe mode http://dotcomsecurity.org/forums/index.php?showtopic=55
Open windows explorer, find then delete:
C:\WINNT\wdskctl.exe

Reboot
Download Adaware Se from http://www.lavasoftusa.com/support/download/
In Ad-aware click the Gear to go to the Settings area.
The following items should be on a green check, not on a red X.
Under the Scanning button:Scan within archives
Under Memory & Registry, Check EVERYTHING
In Check Drives & Folders, make sure all of your hard drives are selected
Under the Advanced button, Check
Move deleted files to recycle bin
Include additional object information
Include negligible object information
Include environment information
Under the defaults button Set the homepage you wish to have set as default.
Under the tweak button
Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

In Scanning Engine:Unload recognized processes during scanning
Include info about ignored objects in logfile, if detected in scan
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Include used command line parameters in logfile
In Cleaning Engine: XP/2000: Allow unloading explorer to unload shell extensions prior to deletion
Let Windows remove files in use at next reboot
UNCHECK: Automatically try to unregister objects prior to deletion
Click Proceed to save these settings. When you would like to perform a "Full Scan," switch the scan mode from SmartScan to Custom
Then post a fresh hijack log.

Read other 3 answers
RELEVANCY SCORE 68

Here's my log...I have AVG Free and AntiMalware Bytes but they aren't really picking up anything...any advice would help!!! Thanks.


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:10:26 PM, on 2/28/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C... Read more

A:Lots of popups...here's my hijackthis log!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 67.2

Hello people.
I could sure use your advise.
My computer has alot of popups, and I'm sure other problems.
Could you please review this log file, and give me some advise and instructions to clean this mess up?
Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:52 PM, on 5/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\iTouch... Read more

A:HiJackThis Log File -Lots of PopUps.

Read other 7 answers
RELEVANCY SCORE 66.4

Deckard's System Scanner v20071014.68Run by Larry Johnston on 2008-05-25 15:27:56Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --6: 2008-05-25 22:28:08 UTC - RP491 - Deckard's System Scanner Restore Point5: 2008-05-25 18:55:21 UTC - RP490 - Restore Operation4: 2008-05-25 04:12:04 UTC - RP489 - System Checkpoint3: 2008-05-24 03:12:05 UTC - RP488 - System Checkpoint2: 2008-05-23 02:26:17 UTC - RP487 - System Checkpoint-- First Restore Point -- 1: 2008-05-23 01:56:55 UTC - RP486 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 77% (more than 75%).-- HijackThis (run as Larry Johnston.exe) -------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:34:38 PM, on 5/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\spoolsv.exeF:\WINDOWS\system32\cisvc.exeF:\WINDOWS\System... Read more

A:Infected Computer / Lots Of Popups / Hijackthis Log / Need Help!

Topic title was: 20+ Vundo Trojans, Yeaah.. I need help ~ OBWell my computer has been acting very weirdly ever since i tried to download some mp3's and such.. typical teenager that I am. Ever since then, i have been getting spam popups, and my Spybot Tea Timer has been going crazy from all these registry changes. So i decided to download MalwareBytes and scan my computer. Hours later, i find I have 67 infected files, 20+ are Trojans. I restarted and saved the log after the scan was done, and here it is:04/26/2007 17:03:03 NoClear flag is specified.04/26/2007 17:03:03 COM initialized with S_OK success code.04/26/2007 17:03:03 Branding Internet Explorer...04/26/2007 17:03:03 Command line is "/mode:isp /peruser".04/26/2007 17:03:03 Global branding settings are:04/26/2007 17:03:03 Context is (0x01C00008) "Internet Content Providers, running from per-user stub";04/26/2007 17:03:03 Settings file is "F:\Program Files\Internet Explorer\Signup\install.ins";04/26/2007 17:03:03 Target folder path is "F:\Program Files\Internet Explorer\Signup".04/26/2007 17:03:03 Done.04/26/2007 17:03:03 About to clear previous branding...04/26/2007 17:03:03 Done.04/26/2007 17:03:03 Processing migration of old settings...04/26/2007 17:03:03 Done.04/26/2007 17:03:03 Processing wininet setup...04/26/2007 17:03:03 There are no connection settings to process!04/26/2007 17:03:03 Done.04/26/... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

I have ran several scans and has not helped. I keep trying to run Adaware 2007 but it keeps getting hung up after an hour of running. I have used Spybot, Malwarebytes, Super Antispyware . I am posting my hijackthis file and hoping someone can guide me. I am running Win XP Pro
It seems the pop ups are search-daily.com linked....


Logfile of HijackThis v1.99.1
Scan saved at 1:38:16 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Link\AIRPLUS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Hewlett-Packard\newprinter\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\atievxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Picasa2\Picasa2.exe
C:\WINDOWS\sys... Read more

A:Please review my hijackthis file - lots of popups!!!

I have also ran Combofix --
here is the log from it:
ComboFix 08-03-01.3 - bohlmann 2008-03-02 8:26:43.1 - NTFSx86
Running from: C:\Documents and Settings\bohlmann\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\cryptdlgr.dll
C:\WINDOWS\system32\drivers\bdyqpgud.dat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fdeploye.dll
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\Tasks.\At1.job

----- BITS: Possible infected sites -----

hxxp://toolbar.google.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RZMCMSVC
-------\LEGACY_WJBVOABZ
-------\NPF
-------\rzmcmsvc
-------\wjbvoabz


((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-01 22:01 . 2008-03-01 22:01 <DIR> d-------- C:\VundoFix Backups
2008-03-01 14:09 . 2008-03-01 14:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 14:09 . 2008-03-01 14:09 <DIR> d-------- C:\Documents and Set... Read more

Read other 2 answers
RELEVANCY SCORE 65.2

Computer also inst shutting down properly, ive been getting the blue screen of death since i got the virusLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:55:53 PM, on 3/16/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\helppane.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\WerCon.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstartR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Sof... Read more

A:Hijackthis log, haveing lots of popups in IE and Mcafee cant get rid of ntroskrnl-hook

Hello erik86,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log, from Normal mode if possible.

Read other 2 answers
RELEVANCY SCORE 59.2

Im getting a rediculous amount of popups!Logfile of HijackThis v1.99.1Scan saved at 12:05:58 AM, on 20/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\COMMON~... Read more

A:Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 4 answers
RELEVANCY SCORE 58

PLEASE HELP ME! my computer is sooo SLOW and i dont know what is wrong with it. So please tell me Wich files i can Delete..
THNK YOU VERY VERY MUCH!
Logfile of HijackThis v1.97.3
Scan saved at 19:54:12, on 14/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe
C:\Archivos de programa\Winamp\Winampa.exe
C:\ARCHIV~1\NORTON~1\navapw32.exe
C:\Archivos de programa\rb32\rb32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Orbit\update.exe
C:\Archivos de programa\Orbit\view.exe
C:\WINDOWS\webassist.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\rundll16.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Docume... Read more

A:Help PLEASE my computer is slow and i get lots and lots of popups

Read other 13 answers
RELEVANCY SCORE 56

I'm getting lots and lots of pop ups from IE not Mozilla.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:32 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\Program Fi... Read more

A:Lots and Lots of Popups I think I have a virus

Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the remo... Read more

Read other 3 answers
RELEVANCY SCORE 50

I have used Norton AV to remove viruses and have run Ad-Aware SE Personal 1.06, which cleaned out a lot of things, but am still getting popups in a major way. I did a HijackThis log just before I started with the Norton and Ad-Aware, but have not had access since to obtain another log. I will have a limited time access later today to the PC in question. Can someone go through this log and post a fix for me for the popups by 3:00 pm CST today? That would really be helpful. I will repost a new HijackThis log as soon as I get access to the PC today.Thanks. Here is the log contents.Logfile of HijackThis v1.99.1Scan saved at 8:27:46 AM, on 1/19/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Network Monitor\netmon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS&... Read more

A:Getting Lots Of Popups

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall New.Net.Click here to download ewido anti-malware - it is a trial version of the program.Install ewido.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screen.You will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Then:Click on scannerClick on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido.Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.

Read other 2 answers
RELEVANCY SCORE 50

Hi there,
A few days ago I mistakenly installed an .exe file that was supposed to be a vide downloaded from a torrent site. I immediately realised my mistake but it was too late. Since I have had a nightmare trying to remove the virus or trojan or whatever has infected my computer. It installed something called "safesurf" I think and now popups come up when I am using any of the three browsers, mozilla, chrome and explorer. I have tried numerous malware removal tools to no success. I even purchase spyhunter and although it has removed some stuff the annoying popups still appear. I have also noticed that a tool bar has been created in chrome, at the top of the page, and whenever I type anything in the main google window it gets written in that toolbar instead and then when I hit enter, it redirects briefly to play-bar.net and then to bing for the search.
I dont know what else to try.
 
THis is the FRST log. THanks very much in advance for your help
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Alfons (administrator) on VINENTS (04-08-2016 02:52:17)
Running from C:\Users\Alfons\Downloads
Loaded Profiles: Alfons (Available Profiles: Alfons)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recover... Read more

A:Lots of popups, I've tried everything!

Hello dfons and welcome to BleepingComputer!     
 
My name is Sirawit and I'm here to help you.
 
If I don't reply after 3 days, feel free to PM me.    
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Do not attach logs or use code boxes, just copy and paste the text.
Periodically update me on the co... Read more

Read other 1 answers
RELEVANCY SCORE 50

My computer has become almost unusable due to the amount of popups I am continually getting. I have tried using Ad-Aware with the latest updates as well as AVG Free Edition with the latest updates and it has not really helped.I am getting normal popups in IE (new windows) and in FireFox it is giving me multiple tabs and auto resizing my Firefox window as needed. It is also poping up graphical browserless popups. Actually they look pretty cool, but they are annoying to say the least.I am using Windows XP Professional, service Pack 1 with recent updates from windowsupdate.com.I don't know what to do next, but here is my Hijackthis log. Hopefully my problems are easily identifiable and fixable.Thanks in advance.Lorenzo_CALog follows:Logfile of HijackThis v1.99.1Scan saved at 1:24:59 AM, on 2/7/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\RegSrvc.exeC:\Program Files\Spyware Doctor\... Read more

A:Lots Of Popups

Hi There! I am currently working on your log and am checking it with a teacher.I will get back to you as soon as possible.David

Read other 10 answers
RELEVANCY SCORE 50

Hi there i am getting loads of popups that arent coming from the websites in IE, all sorts of scanning popups etc. I have followed the please read thread and still get them.

Please can you have a look at my HJT log thanks,

Chris

A:Lots of POPUPS

Please post the contents of your HJT log here. Do not attach the log as a file to your post. One of our analysts will be happy to help you .

Read other 19 answers
RELEVANCY SCORE 50

Hi,

I'm having a lot of popups on my computer.

I have popup blocker enabled on IE, but there is still a problem.

Should I post a hijackthis log? If so, what steps do I need to take, I forgot the process...?

Thanks a lot!

A:Lots Of Popups

Hi,before we go to the HJT,if we have to let's run this. Are you running XP?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal proc... Read more

Read other 1 answers
RELEVANCY SCORE 50

Logfile of HijackThis v1.99.1
Scan saved at 11:53:49 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Odyssey Client for Linksys\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Micros... Read more

A:Lots of popups

Hello mwabaseballkid,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)
When SpySweeper starts, please accept any prompts to update definitions. Exit the program after you have updated.

---------------------------

Go to My Computer->[B]Tools[B]->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Viewpoint
SurfAccuracy
WinFixer_2005

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make s... Read more

Read other 3 answers
RELEVANCY SCORE 50

hi my gf click on some wintouch program? need help fixing it. thank you. ive been trying to read earlier posts on how to dispose but not quite sure exactly.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:51 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\... Read more

A:Lots of popups and ads..help please

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found a... Read more

Read other 1 answers
RELEVANCY SCORE 50

Hi, this is my first time using this website and I thought i'td try it out. I am running Windows XP Professional. All of a sudden when I turned my computer on, all these popups started coming and my icons on my desktop were messed up. I've tried using adaware, spybot, and cleanup. I've deleted like at least 200-300 infected files with adaware and spybot. I've also tried to clear all temporary internet files, history, etc. The popups are still here and I think I may have been infected with something. Can someone please look over my HJT log file and tell me whats wrong? thanks for taking time to look over this post. Here is my file:

Logfile of HijackThis v1.99.1
Scan saved at 4:32:44 PM, on 10/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lo... Read more

A:Lots of Popups every second! need help please!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 50

Logfile of HijackThis v1.99.1
Scan saved at 17:26, on 2007-08-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Rtvscan.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\... Read more

A:Lots of popups

Read other 7 answers
RELEVANCY SCORE 50

Here's my hijack this log. Can someone please tell me what I've got to do to get rid of all the popups.

Thanks muchly
Logfile of HijackThis v1.97.2
Scan saved at 9:36:24 PM, on 9/30/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\PNLT32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\TOTEM SHARED\UNINSTALL0001\UPD.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\WINSERVS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\KAP.GMT\KAPLAN HIGHER SCORE GMAT.EXE
C:\WINDOWS\S... Read more

A:Lots Of Popups

Read other 6 answers
RELEVANCY SCORE 50

I have already ran the CWShredder and it removed CWS.AFF.TOOLBAND, but still have popups..

Logfile of HijackThis v1.99.1
Scan saved at 3:32:30 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PSupport\psupport.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\program files\altnet\points manager\points manager.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\DropSpam\oesrv.exe
C:\windows\system32\nldsregs.exe
C:\WINDOWS\system32\lwinmodv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\program files\zango\zango.exe
C:\Program Files\Dell Support\DSAgnt.exe
... Read more

A:Lots of popups

Read other 16 answers
RELEVANCY SCORE 50

Hello. I'm trying to help a friend get rid of a bunch of popups. I've run a number of different virus and spyware scans in Safe Mode and otherwise with no luck. I uninstalled everything that looked suspicious.

I've never had to post a HijackThis log before. Hope I did it right.

I appreciate any help you can give me.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:46:01 AM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Do... Read more

A:Lots of popups

I have to have this machine functional by MOnday, so I'm trying more self-diagnosis. If I don't get it clear by a reasonable time on Sunday, I'll wipe the machine and reinstall Windows, which I'm tempted to do anyway. This isn't meant to rush anyone... I know you guys are busy and greatly appreciate that you're doing this service for free. I'm simply explaining why I can't be more patient.

In any case, I've seen Combofix suggested for cases similar to mine, so I ran it. Here is the log:

ComboFix 08-01-04.1 - Barbara 2008-01-05 12:50:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.671 [GMT -8:00]
Running from: C:\Documents and Settings\Barbara\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Barbara\Favorites\Error Cleaner.url
C:\Documents and Settings\Barbara\Favorites\Privacy Protector.url
C:\Documents and Settings\Barbara\Favorites\Spyware&Malware Protection.url
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\00700137.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html
C:\... Read more

Read other 2 answers
RELEVANCY SCORE 50

My uncle's been getting a ridiculous amount of popups on his PC. He asked me to help. I ran a spyware cleaner and a trend micro virus scan but it didn't help. Since I'm useless, I'll post his hijackthis log here.

Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:32:45 AM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\syst... Read more

A:Lots of popups. Please help.

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 50

Hi
My computer has been having serious popup issues and internet explorer doesn't work most of the time. I have enclosed a hijack this log.
Thanks for the help,
Jon

Logfile of HijackThis v1.99.1
Scan saved at 7:22:03 PM, on 2/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\advpack8.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110088~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0... Read more

A:Lots of Popups

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

You have the Peper infection. Download PeperUninstall. Ma... Read more

Read other 6 answers
RELEVANCY SCORE 50

hii have suddenly started getting popups on my computer and my system has become slow too.i don't know with what the system is infected...i have tried doing all the steps mentioned but none work.i cleaned the temporary files and temp files.i downloaded adaware and spybot but both failed to run on the system.i scanned the system with mcafee and it did not detect any virus.i scanned with housecall antivirus thrice but every time the window disappears all by itself.i ran the mcafee stinger but it said it was an outdated version and didnot detect anything.my computer doesnot shut down or logoffeverytime i pulloff the plug and start it i have a msg saying some files required for system stability have been replaced by unrecognised versions and that it needs xp cd 2...which i donot have.i am at wits end beause my exam is soon and i have all the material in the system and my only way of communication with my family abroad is through the net somebody please help me what to do....the ads i get are powered by websell or something...thats what i keep getting on the popupsthis is the logfile......any help please...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:45:16 AM, on 1/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\ls... Read more

A:Lots Of Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jyoshuMy name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Download RenV.exe to your desktop,double click to run it:http://download.bleepingcomputer.com/sUBs/Beta/RenV.exeWhen its finished it will produce a Log.Please post the contents of that Log into your next reply.... Read more

Read other 20 answers
RELEVANCY SCORE 50

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:51:26 PM, on 05/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\seekmo\seekmo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\mstsc.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class ... Read more

A:Lots of popups. Help!

Hi and welcome to TSF.

My handle is TexRanger, and I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread by clicking Thread Tools then subscribe to this thread so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 5 answers
RELEVANCY SCORE 50

Hi There,

Can someone please help, I'm having problems with loads of popups on my computer.

My Highjack This Analyser log is as follows:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/23/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 14:52:35, on 15/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Altiris\AClient\AClient.exe
c:\centenn.ial\audit\CAgent32.exe
c:\centenn.ial\audit\xferwan.exe ... Read more

A:help - lots of popups!

Dave tell you about us, did he?

=============

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Downl... Read more

Read other 6 answers
RELEVANCY SCORE 50

So I stupidly fell for a new scam. DivoCodec was supposed to be a codec but in turn was probably the virus that started the whole thing. It put 16 way.exe on my computer. I got rid of that and did a system restore. Here is my current hijack this log. Thanks in advance for the help.Logfile of HijackThis v1.99.1Scan saved at 10:12:06 AM, on 8/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Visioneer OneTouch\OneTouchMon.exeC:\Program Files\Adobe\Reader 8.0\Reader�... Read more

A:Hjt Log, Need Help - Lots Of Popups

Hello jasonmlit,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 50

Logfile of HijackThis v1.99.1
Scan saved at 12:07:10 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\WEBTIM~1\RTServer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {537... Read more

A:Help.. Lots of Popups

Download L2MFix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening. After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!

Read other 5 answers
RELEVANCY SCORE 50

Heres my log, can anyone help?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:20 PM, on 4/10/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Lots Of Popups, Not Even When In Ie

Hello Lhall9184 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

Read other 1 answers
RELEVANCY SCORE 50

First of all, thanks a million to anyone who can help with this.
I've recently gotten badly infected with popups, especially to www.loadingwebsite.com which starts up IE, even if it isn't running, or if something else is running (happened even while I was playing FarCry). But popups also happen for other websites, a lot of which just go to a raw IP address. Also, something has happened to my recycle bin, it doesn't show any files when I put something in it.
Finally, every now and then, two icons (shortcuts) get installed on my desktop, one for some game with a pack man logo, and another for "Celeb Pics" with a girl logo.

Here's my HJT log, which was produced with the Hyjack log analyser as described in the sticky post at the top of this forum.

Thanks for your time, hope someone can help.

Cheers.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot... Read more

A:Lots of Popups here's my log

You've got a nasty one there. We'll get you cleaned up, but stay on the path.

=========

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on... Read more

Read other 8 answers
RELEVANCY SCORE 50

Logfile of HijackThis v1.97.7
Scan saved at 2:41:03 PM, on 6/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rogers\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http:/... Read more

Read other answers
RELEVANCY SCORE 50

Hello. I've been having a problem since July 31st, I think it was. I was on the internet, when all of a sudden, from what I can remember, I got lots of popups, and under ctrl-alt-del, there were some running programs listed like program1 or something. There were also new icons on the desktop and I think some other problems. Sorry, I don't really exactly remember. Anyways, I rebooted, and managed to fix some of the problems by running ad-aware and spybot, and manually deleting some stuff. But theres still some remaining problems.

So here are the current issues.. Whenever the internet is connected, mostly when internet explorer is opened, every few minutes I get popups like Amaena, ad.yieldmanager, adfarm, drivecleaner, ilead.itrack and mpmediaholdings, which show up on the toolbar and I can close right away. Also, there are popunders which I don't see until minimizing any running programs and that don't come up on the toolbar. Some of these are cheappress, dofact, greatbulletin, gojournalists, realrealities, img.mediaplex and yourtruths. Also, sometimes when I turn on the computer, a program called WebHancer is listed under Add/Remove programs and in the program files folder. Whenever I run Ad-Aware, things like Look2Me and Webhancer are found, which I delete, but it always says that some files could not be deleted. Anyways, thats all that I can think of. Should I get hijackthis, I think it's called? Any help would be really appreciated!!

A:Lots Of Popups

Hi simgirl678I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.Please read, and follow, all directions carefully!!!Read Preparation Guide for use before posting a HijackThis Log.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet. A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner. Stelios

Read other 3 answers
RELEVANCY SCORE 49.6

ive gotten most of it off but i still get lots of popups here and there

heres my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 9:48:14 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system... Read more

A:please help I've been attacked...lots of popups

Read other 6 answers
RELEVANCY SCORE 49.6

I have tried all that I know to do. I have run adaware and spybot and both in safemode. I have tried to track down what a could and delete it. Now my system is running at a complete slow crawl and I can't stop the same popups over and over!!! I have tried reading other postings and now it is beyond what I can figure out. Here is my HJT log if you could help that would be great!!!

Thanks in advance!!

Logfile of HijackThis v1.99.1
Scan saved at 12:59:31 PM, on 2/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\ezSP_... Read more

A:?IBIS gone? Now Lots of Popups HJT log

Read other 6 answers
RELEVANCY SCORE 49.6

Today I fell for the update the media player scam and have been infected with tons and tons of extra tabs opening in Firefox.  I appreciate your help!!
 
DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280
Run by Sulphur Springs at 15:40:59 on 2014-10-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2038.1166 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PCTRunner\MyOSProtect.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30... Read more

A:tlvmedia.com - LOTS of popups!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 14 answers
RELEVANCY SCORE 49.6

Windows Xp.

Popups everytime I use the internet. Since the pop-ups began, everything about the computer has been slow. Sometimes the desktop won't load on restart.

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 2:45:35 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Ass... Read more

Read other answers
RELEVANCY SCORE 49.6

ran spybot and cleaned what it found but still have lots of spyware popups and messages
hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:21, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:... Read more

A:lots of spyware and popups

====================================================

Hello! You are infected!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

====================================================

Read other 5 answers
RELEVANCY SCORE 49.6

i think i have a virus. i havn't installed anything new, and i keep getting little flashing icons saying i need malware protection and i keep getting loads of popups.
one more very annoying thing is my ie homepage was changed to some spyware page, and i cant change it back.
so now im getting:
annoying blinking icons
loads of popups
unable to change my ie homepage

please help me this is very annoying and its keeping me from getting any work done.
im not sure what it could be!
 

A:PLEASE HELP ME i think i have a VIRUS (lots of popups)

Read other 11 answers
RELEVANCY SCORE 49.6

first off i would like to thank you before hand, you guys have always been of GREAT help to me and my close friends.

with that said. here is my problem, my friend brought me his computer to try and help him fix it. i couldnt so i here iam, again lol.
i ran hijack this on his computer before he left home and took it with him. here are the results.
Logfile of HijackThis v1.99.1
Scan saved at 8:15:49 PM, on 4/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program F... Read more

A:lots of popups when trying to email, etc.

Read other 9 answers
RELEVANCY SCORE 49.6

Recently i have been getting lots of gambling pop ups and a sign what pops up next to my clock saying there is a virus threat. This directs me to this site hxxp://malwarewiped.com/?aid=237Anyone help?Heres my hijack this logcheers!Logfile of HijackThis v1.99.1Scan saved at 17:14:44, on 2/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Security\pmsnrr.exeC:\Program Files\Internet Security\pmmnt.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Java\jre1.5.0_03\bin\jucheck.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\Program Fil... Read more

A:Lots Of Gambling Popups

Hello,* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against next entry:O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the ... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

If i du a vundofix program it just comes back after a whileand nothing seems to be catching what is going on with my system, I run ad aware and spybot and the windows Onecare scan and it fixes a few things but they all just come back up. Anyone see anythin that culd be the probem?Logfile of HijackThis v1.99.1Scan saved at 6:28:20 AM, on 7/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINNT\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\DBSRV8.EXEc:\client803\client\sysmonsvc.exeC:\WINNT\system32\nvsvc32.exeC:\Program Files\Dantz\Client\Remotsvc.exeC:\WINNT\system32\skeys.exeC:\Program Files\Dantz\Client\retroclient.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Progra... Read more

A:Lots Of Popups And Freezing

Hello and welcome aboard Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YES.Once you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply along with the others requested..Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.=====Please download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply, aswell as the VundoFix log and a fresh HijackThis log. Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 2 answers
RELEVANCY SCORE 49.6

Hello everyone, im brand new to the site to please bare with me......I've tried everything that your forum tells me to do before posting on this site but none of it seems to work,ive used used spybot, avg, window washer, adaware SE and still the popups keep appearing. So, now it comes to this. I NEED HELP! I get popups (they open in IE when im running firefox) about every thirty seconds when i have an internet page open.the main problem started with cpvfeed.com, i think, then more pop ups just kept appearing. I'm really confused by the entire thing. My computer is only ever used by me so noone else in my family could have used it.. I have a hijackthis log as well, but I can't find anything on there that is relative (hopefully you guys will). I have some computer experience, but I have never come across anything this confusing to me. Any help would be greatly appreciated.In addition, Stinger (which I just dl'ed) says the comp is clean, as does all of the other various spyware, adware and virus detectors that I have.below is my hijackthis log. hope you can help me with this problem. look foward to your reply soon.thanks in advance for your helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:31:35, on 02/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.e... Read more

A:Help With .cpvfeed.com, Popups And Lots Of Them....

Hello and welcome aboard One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards.---------If you do want to clean this up,Please download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stal... Read more

Read other 7 answers
RELEVANCY SCORE 49.6

my brother had a malware that kept hijacking his wallpaper and a weird antivirus program that told him to download it kept popping up. After running a couple of spyware programs i was able to remove these annoying messages. But after that i started to get some 16 bit virtual console notice about a file that didnt exist. So i used atf cleaner and now that is gone also.

I;ve tried malwarebytes, superantispywares, trendmicro online, spybot.

I;m not sure if he has any trace of the malware left. How can i be certain that his computer is clean now?

The only thing i can't seem to finish scanning is the kaspersky online scanner. I can't get past 50 percent because the computer will restart.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:00 AM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.e... Read more

A:malware help with lots of popups

i also noticed that sometimes when the computer restarts he gets his error message

16-bit Windows Subsystem:

C:\Program Files\Alwil Software\Avast4\aswMonVd.dll.

An installable Virtual Device Driver failed Dll Initialization.

Choose 'Close' to terminate the application

I;m pretty sure he never installed avast since we use avg.
 

Read other 1 answers
RELEVANCY SCORE 49.6

When I use google I am constantly re-directed. Also, when I am connected to the internet I keep getting pop-ups, even when not using google. The pop-ups are often search related. Also, my computer runs very slow and seems to be constantly thinking even when there are not any programs running. I have 1GB of ram. It is the Toshiba Satellite A75-S213.
I scan with AVG and Trend Micro Office Scan. They are not showing any problems in the scans. My operating system is Windows XP Professional.
Hopefully this is enough information to get started. My hijackthis log is below.

Thank you for your help.
Jessica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:35 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardia... Read more

A:Getting redirected and lots of popups

Read other 16 answers
RELEVANCY SCORE 49.6

i constantly get many, many popups, any help would be appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:26:54 PM, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Documents and Settings\Emma\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\explorer.... Read more

A:Lots of spyware/popups, please help

Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.
Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot"

On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

Read other 10 answers
RELEVANCY SCORE 49.6

My computer has slowed down, even worse I get popups in the cornner and the homepage is not what I want.

A:Slow PC with lots of popups

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 8 answers