Over 1 million tech questions and answers.

Msn Virus: Toolbars & Pop-ups Galore

Q: Msn Virus: Toolbars & Pop-ups Galore

Hello,
I'm a computer beginner and this forum because this site seems very promising and I need some serious help...

Issue: I have something affecting my computer and it turns off my firewall (Norton and Windows). I also get pop-ups and error messages.

Cause: I clicked on a link sent by a contact of mine on MSN

Symptoms:
- My MSN automatically sends messages to other people on my contact list, sending a link
- Mysterious search tool bar beside my task bar (Icon is a Blue circle with a magnefying lens inside)
- Pop-up ads (in IE regardless of if its open/closed. Firefox when firefox running)
- a RunDll error when i restart my computer
- can't turn on my Virus protection
- I am currently using Firefox, but my IE has a toolbar888

Steps taken so far:
- I deleted MSN messenger from my computer (under properties, the last modification date of the one file (.exe of actual MSN messenger) was the date my computer got affected... ive yet to reinstall MSN)
- ran Norton Anti-Virus. It found two files, but it couldnt remedy them
- ran SPybot Search and destroy and Adaware, but both gave internal error messages

Please Advise.

Thank You in Advance,
A.G.

RELEVANCY SCORE 200
Preferred Solution: Msn Virus: Toolbars & Pop-ups Galore

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Msn Virus: Toolbars & Pop-ups Galore

Read other 14 answers
RELEVANCY SCORE 67.2

I have run Spybot and Ad-aware SE but I still have tool bars, top and bottom of internet explorer. There are loads of BHO's on my hi-jackthis log and my PC, although very new, is as slow as a slow thing on a slow day..

Can anyone help me fix this? Here is my log.

Logfile of HijackThis v1.98.2
Scan saved at 21:50:33, on 06/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Multimedia... Read more

A:[Solved] Toolbars galore - please help

Read other 9 answers
RELEVANCY SCORE 64.8

Over the past few weeks I have noticed a drastic decrease in my computer's performance. It becomes almost non responsive to keystrokes as well as a slow dragging mouse icon. Whenever I open Firefox it pops up with several toolbars and many popup ads about my computer being infected. I have malwarebyte and whenever I run it I am told that there is nothing on here What should I do?
 
thank you in advance
 
 

A:Slow performance, tons of toolbars i didnt add, and pop ups galore

Boot your computer in safe-mode, meander through windows Add/Remove Programs and locate what you never put there, if there is anything that seems out of place. While still in safe-mode, then run your Malwarebytes, but make sure to choose "Custom Scan" and include Rootkit detection. That's the standard. Someone else will probably walk you through a more complete rundown though.

Read other 10 answers
RELEVANCY SCORE 48.4

See the pic. Tried doing sfc /scannow in elevated Cmd and nothing untoward found.

Have no restore points to use either.

;-(

A:Desktop Toolbars: Right-Click on Taskbar > Toolbars Greyed Out

Hello Peter,

Strange. You might check to see if taskbar Toolbars got disabled using the same method in the tutorial below somehow.

Taskbar Toolbars - Enable or Disable - Vista Forums

Read other 10 answers
RELEVANCY SCORE 48

I have just run pc-cillin only to discover 445 infected files. They all seem to be of the type pe_parite.A. There are a few of type pe_parite.B. Is this really bad and what can I do it claims they are uncleanable files. Most are contained within system volume information. What does this all mean. I've only recently connected to the internet. Before which I was a home network. The host computer had anti-virus software but I didn't. Is it a complicated matter removing all these viruses?

Cheers Col.

A:Virus's galore!

Thats a whole lot of viruses!

Read other 11 answers
RELEVANCY SCORE 47.6

I hope I am doing this right. I tried to put all in once post but it wouldn't go through, sorry. I haven't been on TSG in forever...thanks a heap in advance for any help.

Problem:
My homepage changed on explorer and firefox from Google to Delta Search.

I have noticed random ads popping up when on ads like Craigslist.

I ran Spybot, Avast, Malwarebytes..that's all I know to do. Everyone found things it couldn't fix...the last stuff left was:

Babylontoolbar
Couponbar
Freecause.shoppingBHO
Funwebproducts
ilivid toolbar
jackpotrewards.shoptowin
myway.mywebsearch
mywebsearch
w3i.iQ5.fraud
Yontoo.pagerpage
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:50:10 PM, on 4/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\Christine Jones\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Fil... Read more

A:Virus/Toolbars....???

Read other 16 answers
RELEVANCY SCORE 47.6

Ok, so the company we get our cable internet through, has shut us off twice now, because they say we have mass amounts of spam stemming from our port here. We use a Lynksys wireless router that maybe someone is tapping into, but also I notice I do have something in my Add Remove Programs list called "Command" which I understand is a virus. Could that be what's causing the spam? Here is my new HiJackthis log file. Also if you know how to turn off the wireless part of the router that could be helpfull as well.

Logfile of HijackThis v1.99.1
Scan saved at 9:26:26 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settin... Read more

A:New and improved Virus's galore

Read other 7 answers
RELEVANCY SCORE 47.6

Hello!

I returned from my last semester in college to find that my sister, who had just discovered torrents, had accidentally downloaded a virus pack and crippled her computer. I have succeeded in removing most of it, but her google links are still being redirected and her process list looks suspicious. I am, unfortunately, not confident enough to use HijackThis myself, but I recall a similar problem being solved on a friend's computer by posting a HJT log on this site. Here goes!

Scan saved at 12:22:27 PM, on 7/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileD... Read more

A:Web Hijacks + Virus Galore!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 47.6

Hi all. Lately I have been having huge headaches because there are virus's/Trojans on my system that none of my spyware systems can seem to delete. And even when I try and do it manually it doesnt work. Here is a list of what I know I have.I think I got a few of the lesser ones gone, but this is the gist of it.

EBates Money Maker
Twain-Tech
Vx2(Transponder)
SaveNow,WhenU
Bargain Buddy
Internet Optimizer
NavExcel
FashTrack
Blazefind
Windows SyncroAd
WinSync

I know I've been hijacked because when I try and play a game. While its loading suddenly it starts consuming 80-100% of the CPU's resources. As such I cant play the game. The load screen just stays up forever(the game is the Sims 2) not doing anything.

I'm pretty sure its either the TwainTech/mxtarget or Vx2(Transponder) thats interfearing. As the problem with the game using all the CPU's resources started yesterday. Though I've had the EBates for a few days with no luck getting rid of it. I've tried delting any files I've recently downloaded but that hasnt helped. I've also tried going into the registry to delete EBates and mxtarget to no avail. Anyways here is my hijack this log.

Logfile of HijackThis v1.98.2
Scan saved at 12:05:31 PM, on 10/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WIN... Read more

A:Help! Virus's and Trojans Galore

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this site to get the plug-in for fixing VX2 variants. Also make sure to customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds. Then, go back to the main screen and click on "add ins". That will bring you to a screen where you can click on the vx2 finder tool, then click on "run tool".

Then...

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Then please post a new log.

Read other 11 answers
RELEVANCY SCORE 47.2

Somehow my pc is loaded with junk again. I have spysweeper with anti virus and a free version of superantispyware but It still became infected espcially with this internet speed monitor, I don't know where this came from?!! I ran superantispyware and it pulled up a lot of viruses adware mundo etc, I quarentined them and deleted. But when I tried to reboot to my desktop, an error during startup occured. I finally had to go with the configuration that worked. Any help would be greatly appreciated.
 

A:Solved: infected with virus galore!

Read other 16 answers
RELEVANCY SCORE 47.2

Downloaded utorrent and since then have had constant pop up and virus problems Have removed programed and tried a restore with no resolution here is my log HELP!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:07 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\DOCUME~1\AA... Read more

A:pop ups galore and constant virus infection

Hello redwing1 and welcome to TSG. Let's see what we can find. Please follow the steps below in order.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - BotChe... Read more

Read other 1 answers
RELEVANCY SCORE 47.2

Hello,

I recently got my computer fixed and everything was working fine and then my wife installed something on my computer that caused a major virus. I was copying a file and I got an error saying my hard drive was full even though it wasn't. I have 43 GB available. Please help. I have the required attachments on this file.

Andrew


DDS (Version 1.1.0) - NTFSx86
Run by Main at 10:11:30.90 on 23/12/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1283 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\S... Read more

A:Virus Problem: Frustration Galore

Hello again, afclark82.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

ComboFix is an extremely powerful tool and is not recommended for unsupervised use.

Doing so could leave your computer unbootable and your data irretrievable.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 47.2

Hello !I am hoping that you may be able to help me !? My sister has given me her laptop to fix as her virus scanner (AVG) had picked up that she had the Trojan Backdoor.Generic12.CFJL (she said it came from Facebook) on her machine. I have taken the steps I would usually do to remove a virus (delete cookies, temp files, run virus scan in safe mode several times, run spy bot S & D on startup etc) but seemed that this was one persistent Trojan ! It continued to pop up in different file locations on each new virus scan that I did. Additional to this, my sister also neglected to tell me that she also had 3 other Trojan infections (Pakes.GRX, Backdoor.Generic18.BDXB & Backdoor.Generic18.BDDP) and something AVG identified as a virus (not sure if it is though) called Java/Downloader.Z on the computer. I have asked her on earth she has been doing online, but she says she hasn't downloaded anything dodgy or visited any porn websites etc. Despite the last virus check I did coming up clean, it still seems that when I use Firefox to Google something, the results still get hijacked to some other website ! The situation has now gone beyond my skills to fix, so any help will be truly and gratefully appreciated ! Please find the results from DSS below (It won't allow me to attach the GMER file as it is over the attachment size limit - so I have had to zip the file - hope this is okay ? )____________________________________________________________________... Read more

A:Virus Party - Trojans Galore

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 21 answers
RELEVANCY SCORE 46.4

Thanks in advance for any & all the help!
 
The wife clicked on a "Flash Player Update" and BOOM. Meltdown!
 
Here is a pic of the things that were installed. I tried to use add/remove to remove the unwanted programs. Quickly realized that is not going to work. I can't even use the internet on the computer.
 
Attached Image: Capture.png
Link: https://www.dropbox.com/s/24zp1autajgsct8/Capture.PNG?dl=0
 
Here is the FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015 01
Ran by With (administrator) on WITH-PC on 13-05-2015 20:43:02
Running from C:\Users\With\Desktop
Loaded Profiles: With (Available profiles: With)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.ex... Read more

A:Flash Player Update - Virus Galore

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
Please download and install Revo Uninstaller Freenote: there is no need to click ... Read more

Read other 25 answers
RELEVANCY SCORE 46.4

All was working properly when I turned off. In morning, I turned on and saw a HP screen, like when you first fire up a new computer. All programs were gone and files. It looked like a "new computer" and you had to install programs, etc.

The Explorer opening screen was filled with Amazon, Google, Outlook and tools I did not recognize.

I was able to use Restore and it was resolved. I am curious why this happened. All CPU checks seem to be Okay. Nothing out of the ordinary. I am concerned this might happen again.

Would like your input
New Member.....
Thanks
pick ><>

A:All Files, Programs, Favorites, Toolbars Gone- Not a Virus

Sounds like a factory reset was invoked.

Try performing a clean install instead of the default HP factory installation. Use this guide:
Clean Reinstall - Factory OEM Windows 7

Read other 3 answers
RELEVANCY SCORE 46.4

I have run AVG, and Malware & spy removal programs. Deleted all programs that looked like toolbars and Chrome which i was having problems with.

My PC seems to be back to normal but want to double check. Please see the logs. Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:50:26 PM, on 1/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Walter Hoffmann\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick Vi... Read more

A:System slow / FBI Virus / Multiple toolbars

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Walter Hoffmann at 16:55:12 on 2013-01-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3984.2206 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32... Read more

Read other 2 answers
RELEVANCY SCORE 46

I have this comp that im trying to get working. Its running wondows 98 and is loaded with viruses/ adware. At this point the computer wont even bootup all the way. It starts to boot and gets about halfway down the first screen then freezes and wont continue the bootup. The last few lines it displays are:

Award Plug and Play BIOS Extension v1.0A
Copyright (C) 1998, Award Software, Inc.
Found CDROM : ATAPI CD-ROM DRIVE 40X MAXIMUM

It will not boot any further. If anybody can walk me through this I would appreciate it. Its just a little project I'm doing to get more experience. Thanks
 

A:Windows 98 Virus/ Adware Galore / Bootup problems

OK so I got it to boot up but now it freezes up every few minutes and I have to restart it. Help!!!
 

Read other 1 answers
RELEVANCY SCORE 46

hello, hi, good morning, afternoon, evening what ever time you see this
 
not really sure where to go here and get the correct help i ran a hijack this log, and they are in the process of creating an update and don't have enough time to help everyone because of it, so they have redirected most to your site for help.
 
please help
david c welch

A:please help i have malware or virus, lots of redirects and popups galore

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/23/2014
Scan Time: 5:43:37 AM
Logfile: scan.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: David
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369341
Time Elapsed: 4 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 9
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36], 
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36], 
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36], 
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36], 
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36], 
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.27\zoomifyL32.dll, Delete-on-Reboot, [50e0b788d2aa8bab6d1f57ddb84bca36]... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

When I open my browser, I get all these popups for virus programs and buying sites. I can't get any search toolbar to work because it dumps all this shopping and virus junk onto my desktop. I"m pretty savvy, so if you could help walk me thru getting rid of this. I'm a graphic designer and need to get to work asap but I can't with this dilemma. thanks so much.
alison

Logfile of HijackThis v1.99.1
Scan saved at 8:49:11 AM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Fi... Read more

Read other answers
RELEVANCY SCORE 45.6

Hi ....

McAfee out of commission for a few days when reinstalled scan reported my windows XP system had .. generic qloqzones.a, w32/sdobt.worm.gen.cc ... vindo ... (foreign language to me!)

Can't surf from one page to the next without pop-ups and hard to get out of (fake) system error messages popping up.

Extremely slow access to internet.

Please Help!

Julia
 

A:Solved: Virus infestation - pop-ups galore - system error mssgs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:37 PM, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

I have limited experience with computers.I need someones help that has patience! lol My problem.I continue to have pop-ups on internet explorer=winantiviruspro2007,amaena.com,ad.91s.com,Nester.com,systemdoctor.ETC. I checked my pop up blocker is on.The virus continuously changes my internet option settings to ALLOW ALL popups.My google search engine has been removed.I tried to set a new restore point,but it says RESTORE POINT NOT SUCESSFUL.I have purchased spywaredoctor about 8 months ago,and have had good results with finding bad things and removing them from my computer.Now it finds low level cookies,and removes them,but these aggrevating popups will not allow us to use our only computer.Very frustrating.I had seen multiple things to download in your forums,but i don't know if this applies to my specific problem.I don't want to screw my computer up more than what it is now.I don't know what to do.If you can help me fix this problem,i would rather donate to this site,than to pay high dollar to a computer shop.Thanks for your time.please help when possible.Mod Edit: Personal email address removed to protect member privacy.

A:Pop Ups Galore,and Anti Virus Program Says Computer Scan Clean.

Hello burlhead7Follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".If you continue to have problems, then follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".I would also recommend that you download and scan with SUPERAntiSpyware Free for Home Users in "SAFE MODE".

Read other 4 answers
RELEVANCY SCORE 42.8

My wife's computer (which the kids use) is in bad shape. Due to all the viruses that I can not get rid of, all the annoying popups, corrupt files, etc. I am just about ready to wipe everything out and start over with putting Windows XP Pro on my machine after re-initializing. I want to run all this by you prior to doing this due to all the addition software I have on this computer.

After looking through your advice on other threads, I have done the following and will give it to you piece by piece:

See the original HiJackThis log prior to doing anything:

I then did a Combofix Log. See the attached Combofix Log.

I next did the Superantispyware. See the attached file.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2007 at 04:52 PM

Application Version : 3.9.1008

I next let it clean up what it found and here the log after it cleaned it up:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2007 at 06:34 PM

What I would like to know is what else do I need to do to clean this computer up? For a long time, we NEVER go pop-ups or had any problems. Then all of a sudden, this computer got infected and it has been a painful experience - like I said earlier - to the point that I am ready to wipe everything out and start over.

Please advise as to what else you recommend that I do to clean this puppy up.

thank you!

John
 

A:Virus's & virus galore

Read other 15 answers
RELEVANCY SCORE 34.4

i have recently being getting pop ups all the time and cant seem to stop them. i've done the usual checks with spybot and counterspy and removed any programs i didn't need. still a beginner so please help . thanks !!
hijack log as follows :-

Logfile of HijackThis v1.99.1
Scan saved at 12:27:16, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\mousepad2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti... Read more

A:pop ups galore! please help.

Duplicate post. Please do not create more than one thread for the same issue. Your issue is being handled here:

http://www.techsupportforum.com//sec...lp-please.html

Read other 1 answers
RELEVANCY SCORE 34.4

I am getting more and more pop-ups these days for some reason. I can't figure out why they are coming though. I have ran ad-aware several billion times and also Spy-bot. It seems like they are not getting to the source of where the pop-ups are coming from. I have run ad-aware twice one and several days in a row. It seems like I am getting more spyware added to my computer or something because not one day have I recieved no spyware on my computer. Can anyone help me?!!??! I am lost at words to see all the junk/spyware on my computer. I do not go to sites that usually send a lot of spyware. It is like there is a program running in the background or something that is sending me all of this stuff. I also have a program that I spotted the other day in my Program Files called TVmedia and I cannot delete the file. It says it is running and cannot be deleted. What should I do? How do I delete this file and what should I do about all these pop-ups and all of this spyware that adware keeps on detecting? The pop-ups are driving me crazy!!!!!!!
Raistlin
 

A:Pop-ups galore. Need help!

Read other 11 answers
RELEVANCY SCORE 34.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:00:12 PM, on 12/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\PROGRA~1&... Read more

A:Pop Ups Galore!

Hello nkitchen, Let's run ComboFix. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.Disable ThreatFire as it will stop ComboFix from working. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday. Disconnect from the Internet while running ComboFix. Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to yo... Read more

Read other 2 answers
RELEVANCY SCORE 34.4

ok so i am getting these odd pop-ups on my computer every page i go to. as well as my computer giving me an error for window explorer.

here is the hijack this file:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 425 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
... Read more

A:pop-ups galore

please can anyone help me out here

Read other 17 answers
RELEVANCY SCORE 34.4

Hi. I'm feeling very because Sunday night I must've accidentally clicked on something that brought on about a hundred pop ups. I tried to visit Symantec, BC and McAfee sites to see what virus I could've possibly had but the sites were all blocked!! It kept redirecting me to some bank loan site. *frustrated* So then I downloaded SuperAntiSpyware and then ran it like 5 times in safe mode deleting loads of stuff. Finally the sites aren't redirecting me anymore but the pop ups galore is still occuring! And then I'm getting pop ups from a slew of different things, from shopping, to cheap airline tickets!! I even get Windows Messages telling me that my "porn viewing" is being tracked and that I should download something to keep my privacy!! : And other times it'll tell me that I need to install something else or other to update and keep my privacy on the internet. I've been closing them all of course because I don't trust anything anymore. I also went in an uninstalled a bunch of programs that I don't use anymore as well, trying to clean things up. I think I just made it worse. This all started when I uninstalled my Verizon toolbar. Then out of no where I get an uninvited toolbar. It was a green color logo and started with an "M". Anyways, I tried to unistall it but then it said I needed to download the "uninstaller" which I stupidly did and now here I am.On the verge of tears. *sigh*So here is my HJT. I hope... Read more

A:Please Help. :( Pop Ups Galore

Don't know if this is relevant or not, but I also get a lot of pop ups for the Bowflex. ??? and also Microsoft Internet Explorer windows with a Question Mark and NOTICE: sign, usually says something like...

You have not completed the error scan. If your computer has errors in file system or windows registry, it could cause unpredictable or erratic PC behavior, freezes, crashes and loss of data. You need to install ErrorPorector to scan for and if find, fix system errors now (Recommended).

And then it has two buttons to click on either OK or CANCEL. I usally close the window with the X. This message was for the ErrorProtector but there are many other ones I cannot remember at the moment.

I also get a window "FDEGHDF" that says:

Runtime error: "401";
Can't show non-modal form when modal form is displayed.
Seems like I have a slew of problems.

Read other 30 answers
RELEVANCY SCORE 34.4

Helping a friend with this out of town, have walked him through the preperation guide and got his HJTlog. Excessive pop-ups and a "system alert [email protected]"This seems to be very much the same as my other post, and a couple others, is there no standard fix available for this infection?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:59 AM, on 12/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Video Add-on\icthis.exeC:\Program Files\Video Add-on\isfmntr.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files�... Read more

A:Pop-ups Galore!

Hello and welcome to BC. Sorry for the delay in response. If your friend hasn't received help elsewhere already, and still require assistance, please ask him/her submit a fresh HijackThis log and I'll be happy to hellp him/her. It would actually be a lot more efficient if s/he communicated with us directly.

Read other 2 answers
RELEVANCY SCORE 34.4

I've ran Super Anti-Spyware and it found over 100 things that were wrong.
I thought it would get rid of these annoying pop ups i keep getting almost every other click.
No such luck.
I turn to you guys now because I heard great things.
Any help is appreciated, and I know NOTHING about computers so bare with me.
 

A:Pop-ups Galore Cant get rid of em

Read other 16 answers
RELEVANCY SCORE 34.4

I am a newbie to the site and need help. I keep getting pop ups on computer even when my browser is not open. I downloaded Pop-Up Blocker and it is working overtime but still does not stop dialog boxes from poping up. I have downloaded and run SpyBot SD and then run HighJack This. Her is the HJT log, can someone take a look and tell me what is wrong. Thanks.

Logfile of HijackThis v1.97.2
Scan saved at 10:33:19 AM, on 9/24/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Logite... Read more

A:Pop Ups Galore

Scan with HijackThis, put a checkmark at and "Fix checked" the following entries.

O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...B8108/turbo.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50026/QDow.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/ads/1402...r1402030731.exe

Restart your computer and delete C:\WINDOWS\System32\stcloader.exe file.
 

Read other 2 answers
RELEVANCY SCORE 34.4

Please help, here is my hijack log.... (just following previous problems)

Logfile of HijackThis v1.98.0
Scan saved at 6:08:07 PM, on 07/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msoffice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm49.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts:... Read more

A:Pop ups galore!!

Read other 7 answers
RELEVANCY SCORE 34.4

In lew of my Hijackthis being outdated, here is the one which the message asked me to use.Logfile of HijackThis v1.99.1Scan saved at 4:47:27 PM, on 4/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\slClient.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\TIREMOTE\wuser32.exeC:\WINDOWS\TIREMOTE\TIRemoteService.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\WINDOWS\system32\slagent.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\CyberLink\PowerDVD\DVDL... Read more

A:Pop-ups Galore

Hello,It is important you don't miss a step and perform everything in the right order!!* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):O2 - BHO: (no name) - {02BC45A7-88BE-44EA-8FE8-22748DB1A221} - C:\WINDOWS\system32\jkklj.dll (file missing)O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\abkilqtq.dllO2 - BHO: (no name) - {8646C1EA-7E39-42BC-953F-7F29D2D4CE86} - C:\WINDOWS\system32\cujwikhg.dllO2 - BHO: (no name) - {9886594C-B8B1-48EF-8857-87994737525A} - C:\Program Files\Analog Devices\hokelo.dllO2 - BHO: (no name) - {F76FC100-9F37-43B8-9C1F-99139CE15D79} - C:\WINDOWS\system32\ddccd.dll (file missing)O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exeO4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\brgjomep.dll",setvmO15 - Trusted Zone: *.sxload.net (HKLM)O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab* Click on Fix Checked when fi... Read more

Read other 2 answers
RELEVANCY SCORE 34.4

I am at my moms boyfriends house his computer is messed up!!! Did a HJT, the following is the log. Someone help!!!

Logfile of HijackThis v1.99.1
Scan saved at 9:25:56 PM, on 7/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
c:\winnt\system32\azrobn.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINNT\System32\msxct.exe
C:\WINNT\System32\exp.exe
C:\WINNT\System32\wintask.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINNT\System32\cls40.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINNT\System32\Tipqbr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\RUNDLL32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\nsvsvc\nsvsvc.exe
C:\WINNT\System32\vidctrl\vidctrl.exe
C:\WINNT\system\rbkkjfvx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\Syst... Read more

A:Pop-Ups Galore!!!

Hi and Welcome to TSF!

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

It would appear that your Operating System and Internet Explorer are seriously outdated and this seems to be the source of your problem. Please go to Windows Update site and install all available Critical Updates. Patch your system with the most current security fixes and plug all the known vulnerabilities.

In the meanwhile, I suggest that you stop using Interent Explorer until we've fully disinfected your machine. Please download & use an alternative browser like Firefox.

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!.
If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

Please do not run Hijackthis from it's current location. Create a permanent folder and move hijackthis.exe into it. From Windows Explorer, Click on drive C:
Click on File>New>Folder
Call it HJT, or any other name of your choice.
Move all files to the newly cre... Read more

Read other 6 answers
RELEVANCY SCORE 34.4

Can someone take a look at this and make suggestions as to why I'm suddenly
being deluged with pop ups? Do those pop up killers really work? I'm trying to include the hijack this file but it keeps giving me an invalid file type message and I don't know how to change it.
 

A:pop ups galore

Probably the reason you are getting all the pop ups is that you are visiting sites that use advertising to support their website.

Pop up blockers do work. One of the best is 12 ghosts which is available almost anywhere and is free, suggest you download and install. Be advised that some of the sites you want to navigate use new windows to display their information. 12 Ghosts will bring a small notifcation to the front, but you will have to be fast to see it. Just hold down the CTRL key (or any of the others, check the options menu of Ghosts) to allow the new window to open.

Also, get some spyware remover and install it. I like Ad-Aware but there are others. You can get Ad-Aware at www.lavasoft.com. Install and retrieve the latest reference fine before you run the scan. Takes a bit of time but worth it. Be advise there is some stuff in XP that you can mess up if you delete all cookies so check with some of the other messages on this site in the security forum.

Hope this helps
 

Read other 1 answers
RELEVANCY SCORE 34.4

I hAve already run spybot, adware SE, AVG 7, ewido suite, xsoftspy 4.13 and hijack this with no resolve to the problem. If Y'all could take a look at this and see if maybe You can figure out what's causing it that'd be much appreciated. also, when the pop ups start there is a folder created in C:/ documents and settings/owner/local settings/temp/ called cpft and you can delete it, but it always comes back again.
I also run cleancache daily on the unit.

Logfile of HijackThis v1.97.7
Scan saved at 6:55:11 AM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program ... Read more

A:pop ups galore

I typically offer a fix first, but this version of HJT you have is so old, I'd like you to update it and post a new log first, please. Also, be sure to turn off the Word Wrap feature in notepad when copy and pasting the log...it creates a double space effect which makes the log hard to read.

You have an outdated version of HijackThis. Download the newest version at http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

Read other 19 answers
RELEVANCY SCORE 34.4

I've been getting a lot of pop ups lately which come in all different varieties and are seemingly designed for whatever site I am on. For instance, logging on here I got hit with two for spyware removal. I have attached a logfile. Any suggestions
Logfile of HijackThis v1.99.1
Scan saved at 1:58:15 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LimeWire\LimeWire.exe
E:\HijackThis\HijackThis.exe

R1 - HKLM\Software\... Read more

A:Pop Ups Galore

Anybody have any suggestions for this one?
 

Read other 2 answers
RELEVANCY SCORE 34.4

I have completed the 5 steps before I post my LogFile. This a brand new computer that is infected to the gills with spyware can you please help me because I am about to just throw it away Thanks!!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 1:16:52 PM, on 12/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\xload.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E... Read more

A:Pop Ups Galore Help!!!!!!!

Please do the following:

Download L2MFix - Double click L2mfix.exe & answer Yes when prompted. Then click the Install button to extract the files to a newly created folder named - L2mfix

Close all open programs
Double click L2mfix.bat
Select option #2 - Run Fix - by typing 2
Press any key to reboot your computer.
After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, you will be presented with a log. Copy the contents of that log and paste it here, along with a new HJT log.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

Read other 3 answers
RELEVANCY SCORE 34.4

have loads of pop ups. Elitebar, ads1-revenue der biz, please please help.

have run all the adaware under the sun and it finds the odd thing (elitebar normally) so I remove it but it is still there after a reboot

her is my log file

Logfile of HijackThis v1.99.1
Scan saved at 14:28:28, on 04/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\windows\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program Files\Office Mouse\MOUSE32A.DAT
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\windows\system32\devldr32.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Progr... Read more

A:pop ups galore

Hello J.Couch and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked

Download ELITEBAR REMOVAL TOOL
Do NOT run it yet, must be in Safe Mode

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Run ELITEBAR REMOVAL TOOL

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteckj32.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0297739a7e4685...ip/RdxIE601.cab

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\windows\system32\eliteckj32.exe

Reboot your System in normal mode.

If you have a fast internet connection (Broadband), run an online scan at Trend Micro or RAV Antivirus.
Please select the ?autoclean? option when using Trend Micro.

Please post a fresh Hijack This log so that we can check if your system is clean.

Read other 5 answers
RELEVANCY SCORE 34.4

I went to a site and got a bunch of pop ups generating on my gf's computer. the sites include antivirus 2010, zedo, and holiday shopping guide. i have tried spybot, microsoft, and other programs but nothing has gotten rid of these annoying pop ups. so enough of this here is the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:32 AM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft... Read more

A:Pop up galore

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 5 answers
RELEVANCY SCORE 34.4

Deckard's System Scanner v20070426.43
Run by Manager on 2007-05-09 at 16:57:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-05-09 20:58:12 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Manager.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:58:53 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:... Read more

A:POP UP GALORE please help with log

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Dual Core AMD Opteron(tm) Processor 165
CPU 1: Dual Core AMD Opteron(tm) Processor 165
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1022.37 MiB / 549.33 MiB
Pagefile Memory (total/avail): 2461.12 MiB / 1913.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.7 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 30 GiB total, 23.45 GiB free.
D: is Fixed (NTFS) - 202.88 GiB total, 202.37 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Manager\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SERVER
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents a... Read more

Read other 19 answers
RELEVANCY SCORE 34.4

Hi everybody, I'm new here... let's just get down to it!

I've got some pop-up problems. I fixed 'em a little to where they're not so frequent, but they're still coming up. I seem to have had the one that goes to 888.com, Ceres, and another one that has dolsp.dll in the Winsock LSP.

I already had the problem of not being able to load any internet sites, but I fixed it with "WinsockxpFix" that I found somewhere. It worked like a charm, but I still have pop-ups. So here's my latest log:


Logfile of HijackThis v1.99.0
Scan saved at 1:09:26 AM, on 3/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program... Read more

A:pop-ups galore

Hello and welcome to TSF-

Oh my. You?ve got a nasty critter on board. [ieautosearch]
Here's what we are going to do. First, we will clean everything except the ieautosearch badguy. Then we will tackle the ieautosearch problem.

We will be using several anti-spyware, anti-adware and anti-hijack programs. I recommend that you keep these programs on your system permanently.
Only use Hijack This under the guidance of an expert! Accidentally deleting something can disable your operating system. Print out these instructions so you may reference them without any programs open. It is very important that no programs (especially internet browsers) are running when implementing these fixes. [You may leave your firewall and virusscanner running, of course.]
----------------------------------------------------------------
* When running scans and fixes, it is imperative that you close all programs especially internet browsers. HiJackThis, Spybot, AdAware and CWShredder cannot repair the badguys when these programs are open. So close them all now. You may leave your virusscanner and firewall on.
* Your HiJackThis program is in a temporary folder or on the Desktop. It is important that this program reside in a permanent folder. I recommend c:/program files/HJT/. You should save each log with a name that you can recognize, like HJT 3-20-05a.log. The 'a' is in case we make multiple logs in one day. HiJackThis is a single file program. So you may freely cut/paste it to wheree... Read more

Read other 19 answers
RELEVANCY SCORE 34.4

Logfile of HijackThis v1.99.1
Scan saved at 11:46:58 AM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\h... Read more

A:pop ups galore!!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

In the meantime, make sure you subscribe to this thread so that you will receive an instant email when I have replied with a fix to your problem. You may do this by clicking the Thread Tools option at the top of your post and then clicking Subscribe to this thread. Then, make sure Instant Notification by email is selected and click Add Subscription

Please be patient with me during this time.

Read other 4 answers
RELEVANCY SCORE 34.4

Hello! Pop-ups have completely taken over my internet. I couldn't even buy a plane ticket the other day. The last time this happened, I had to wipe out my entire computer. A friend suggested that I try you guys in hopes that you would be able to help. I read some of the other threads hoping that I could just use the suggestions made on there and avoid starting a new thread but it doesn't seem to be the same. Here is the list that came up in wordpad after I ran "hijack this." Thanks for your help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 5:35:41 PM, on 5/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program F... Read more

A:Pop-ups Galore!

Hi HisKarmaGirl, Welcome to TSF

You have quite a lot going on here. This will take a few rounds.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

The Temp folders... Read more

Read other 7 answers
RELEVANCY SCORE 34.4

Hello to all, I have run the latest versions of Adaware and Sbybot but the Ad pop ups continue. Please help.

Logfile of HijackThis v1.98.2
Scan saved at 6:50:39 AM, on 08/28/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\PROGRAM FILES\STOPZILLA!\SZNTSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\INTRIGUE TECHNOLOGIES\HARMONY REMOTE\EASYZAPPERMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTRIGUE TECHNOLOGIES\HARMONY REMOTE\EASYZAPPERMANAGEREXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\SPYWARE DETECTORS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explo... Read more

A:Pop ups Galore Please help

I am in Punta Gorda, FL and have very limited access to the internet. PLEASE HELP!!

Read other 3 answers
RELEVANCY SCORE 34.4

Here is the HJT Log & it keeps turning the Microsoft updates off. Also, a pop-up that keeps coming is something to do with "computer struck with Spyware, Install Antivirus 2009 for malware?"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:22, on 12/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra... Read more

A:Pop-Ups galore

This is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:22, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\PC Stuff\SmitfraudFix\Policies.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {a18d06f2-a041-4b61-b34a-a3c757adc3a1} - C:\WINDOWS\system32\retasevo.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSch... Read more

Read other 2 answers
RELEVANCY SCORE 34.4

Hello I have a computer with many pop ups. I have run VundoFix, combofix then ran hijackthis. Logs from each are posted below. The computer now appears to be running normally but would appreciate a review of the logs to see if problems still remain. Thanks much,Wayne===============================================================================VundoFix V6.5.9Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 2:16:59 PM 10/9/2007Listing files found while scanning....C:\WINDOWS\system32\ldttusno.iniC:\WINDOWS\system32\onsuttdl.dllC:\WINDOWS\system32\yluwpkwa.dllBeginning removal... Attempting to delete C:\WINDOWS\system32\ldttusno.iniC:\WINDOWS\system32\ldttusno.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\onsuttdl.dllC:\WINDOWS\system32\onsuttdl.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yluwpkwa.dllC:\WINDOWS\system32\yluwpkwa.dll Has been deleted!Performing Repairs to the registry.Done!VundoFix V6.5.9Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 2:26:43 PM 10/9/2007Listing files found while scanning....No infected files were found.=============================================================================ComboFix 07-10-09.3 - Channie 2007... Read more

A:Pop Ups Galore!

Hello and welcome to BC. Sorry for the delayed response. Scan with HijackThis log and put a checkmark against the following entries:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0O2 - BHO: (no name) - {205885D1-5A52-4714-BE76-3BF866451E1E} - C:\Program Files\Windows Plus\hope83122.dll (file missing)O2 - BHO: 0 - {7D055505-5B04-43EF-698E-789EAD77CB80} - C:\Program Files\Messenger\labumu.dll (file missing)O2 - BHO: (no name) - {7EDAE2A8-3A41-4592-B484-C67BC864C147} - C:\Program Files\Windows Plus\hope4444.dll (file missing)O20 - Winlogon Notify: nnnmlmk - C:\WINDOWS\SYSTEM32\nnnmlmk.dllClose all browsers/windows other than HijackThis and click on "fix checked". ==============================Discard the copy(ies) of Combofix you have and Please download ComboFixNote: It is important that it is saved directly to your desktop.Close all browsers. Double click combofix.exe & follow the prompts. When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log please. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

Read other 9 answers