Tech Problem Aggregator

Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

Q: Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

Im getting a rediculous amount of popups!Logfile of HijackThis v1.99.1Scan saved at 12:05:58 AM, on 20/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\OptusNet DSL Internet\DSC.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepageR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.optusnet.com.au/dsl/favorites/homepageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepageR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNetO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exeO4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\qcrwqoou.dll",realsetO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeO23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - G:\Program Files\alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exeO23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

A: Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

4 more replies
Answer Match 108.78%

I have Windows98 and last week started getting multiple popups. It won't happen for about 5 minutes then, suddenly, 5-6 popups start appearing along with requests to reset my startup page, script errors and download requests. I don't know if Surfsidekick is causing the problem or not but I can't get it off my computer so I'm thinking that may be it. Here's my Hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 2:22:36 PM, on 11/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\R... Read more

A:Solved: Lots of popups driving me crazy

Hi cordovajules

Welcome to TSG!

Go to Add/Remove programs and uninstall Viewpoint Manager.

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\SYSTEM\MSKHHE.DLL (file missing)

O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\SYSTEM\MSJFBL.DLL (file missing)

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O4 - HKLM\..\Run: [ciqtzm] C:\WINDOWS\SYSTEM\ciqtzm.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [X_CSST] C:\WINDOWS\SYSTEM\X_CSST.exe

O4 - HKLM\..\Run: [svrrun] C:\WINDOWS\svrrun.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\SYSTEM\MSEHEK.DLL

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete these files:

C:\WINDOWS\svrrun.exe
C:\WINDOWS\SYSTEM\msmc.exe
C:\WINDOWS\SYSTEM\X_CSST.exe
C:\WINDOWS\SYSTEM\ciqtzm.exe

Delete this folder:

C:\Program Files\Viewpoint

Also in sa... Read more

3 more replies
Answer Match 101.64%

PLEASE HELP ME! my computer is sooo SLOW and i dont know what is wrong with it. So please tell me Wich files i can Delete..
THNK YOU VERY VERY MUCH!
Logfile of HijackThis v1.97.3
Scan saved at 19:54:12, on 14/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe
C:\Archivos de programa\Winamp\Winampa.exe
C:\ARCHIV~1\NORTON~1\navapw32.exe
C:\Archivos de programa\rb32\rb32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Orbit\update.exe
C:\Archivos de programa\Orbit\view.exe
C:\WINDOWS\webassist.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\rundll16.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Docume... Read more

A:Help PLEASE my computer is slow and i get lots and lots of popups

13 more replies
Answer Match 97.86%

I'm getting lots and lots of pop ups from IE not Mozilla.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:32 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE
C:\Program Fi... Read more

A:Lots and Lots of Popups I think I have a virus

Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the remo... Read more

3 more replies
Answer Match 92.82%

This will take some explaining to do:

I had just got internet from my school a couple of hours ago. When I rebooted the computer, a blank box pops up saying "personalized settings" and nothing else will load. My friend opened task manager and ran "msconfig" and saw that on start-up, after turning everything off, 2 things still come up:

NvCPL - command: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" and "Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run"

ctfmon - command: "C:\WINDOWS\system32\ctfmon.exe" and Location: "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

It might be something because I was trying to get on my school's internet and it had to make sure I ran a special virus cleaner first, but I had to actually go get that over-ridden so I could actually get on the internet.

So now to use Internet, I have to manually use Windows Task Manager and do "New Task > Firefox.exe" and all that.

Help?

A:Insane problems, need lots of help

I think the "personalized settings" window comes up with explorer.exe

5 more replies
Answer Match 88.62%

I am trying to help my sister with her pc . she downloaded some trojans that simply wont go away . I have done virus scans.. cw shredder. adaware ..everything I can think of . and she still has something called project1 as well as 2 others which cause her pc to continually bring up popups to fix or remove spyware . ( oxymoron I know) I do have the hijackthis file

Logfile of HijackThis v1.99.1
Scan saved at 4:03:43 PM, on 8/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\kybrdff_13.exe
C:\dfndrff_13.exe
C:\WINDOWS\win32096-19720988.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\mqwf\mqwfm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.e... Read more

A:popups driving me insane~!

1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Quote:




IMPORTANT!:
Before we can proceed any further, please visit http://v4.windowsupdate.microsoft.com/default.asp and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update ... Read more

1 more replies
Answer Match 88.62%

Here is my hijackthis log.. I don't know what we're doing to get all these programs, but it really is getting out of control!!

I have run adaware, spybot and housecall's virus and spyware detection..
I also used http://www.hijackthis.de/index.php to delete what was definetly spyware.

Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 8:15:19 PM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\DOCUME~1\STEPHC~1\L... Read more

A:Popups are driving me insane

Welcome to TSF.

I don't see anything major here that's sticking out. What's the problem you are having now?

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by ... Read more

1 more replies
Answer Match 87.78%

Hi, I have just recently started getting CiD popups. They slow down my computer and interfere with everything I do. I have tried everything from running virus checks to looking for it in add/remove programs. I would really appreciate if someone could help me remove these popups.

Here is my HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:21 PM, on 24/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Di... Read more

A:Solved: CiD popups driving me insane!

16 more replies
Answer Match 86.94%

I have picked up some kind of pop up nightmare machine on IE ( and god knows what else) and can't get ride of it. I tried using adaware which usually does the trick but no dice this time. Any help would be greatly appreciated. Logfile of HijackThis v1.99.1Scan saved at 12:05:46 AM, on 7/19/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Common Files\Stardock\SDMCP.exeC:\Program Files\Object Desktop\WindowBlinds\wbload.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Microsoft Hardware\Keyboard\type32.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2w... Read more

A:Ruthless ad.yieldmanager popups driving me insane

Hi,Please download the following.Now download the killbox http://www.downloads.subratam.org/KillBox.zip Unzip the Killbox to your desktop.Close all your running programs. Run Hijackthis and place a check next to the following.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htmF3 - REG:win.ini: run= O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLLO2 - BHO: (no name) - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no file)O4 - HKLM\..\Run: [a2a34fa27d22] C:\WINDOWS\System32\browsewm.exeO4 - HKLM\..\Run: [26865d089e45] C:\WINDOWS\system32\aclui958.exeO16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://my.uo.com/fonts/tdserver.cabO16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocxO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exeO16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exeO16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://t... Read more

5 more replies
Answer Match 84.84%

Hi, my name's Katie and I'm having major virus/spyware,adware,malware removal issues! I

have a lot of different things going on here, and can't make any sense of it. I tried

following other people's solved threads, but they didn't solve my issues, so I guess I need

personalized help. I have Windows security running (well, I usually do when it's working

properly,) and I run Ad-Aware and Spybot regularly, but it appears that they cannot solve

my issue. Anyway, here's a list of things that have been happening to my computer since the

virus happened...

1. I KNOW the virus was contracted in AIM. An IM came in from a friend with only a link. It

didn't look suspicious to me, so I clicked it, and all of a sudden I had IMEd everyone in

my buddy list the link, and received about a million IMs back (didn't have time to read

them before My Computer's virtual memory ran out and crashed AIM on me.

2.When the computer starts up, sometimes a default background appears before the logon

screen with the user accounts appears.

3.After logon, the same thing in general happens every time. Spybot comes up with a bunch

of messages saying that there is a registry change to my homepage or something else

happening. I deny it, and it denies it over and over again to seemingly no avail. A .txt

file appears on the desktop. I have never opened this file, don't know what it is, and

delete it every time. My homepage is con... Read more

A:Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

16 more replies
Answer Match 84.42%

Hi all,

I need some help fixing my computer and getting rid of a malware/spyware/trojan/virus.

When I start my computer I see lots of IEXPLORE.EXE process being run (by the user) under the processes in task bar.

Then i also see cmd.exe using 99% of my CPU.

i have attached the HijackThis log and the ComboFix log with this.

Please help.
Thanks
Kamal


**********HIJACKTHIS LOG**********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:25 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\u... Read more

A:lots of IEXPLORE.EXE without any IE window open and cmd.exe eats up lots of memory

Hello,

ComboFix is frequently updated.

Please delete your existing version. Grab a new copy from one of the links below.

This machine does not have the Windows XP Recovery Console installed.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

---------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please do this:
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

For you, it would be:

Microsoft Windows XP Professional Service Pack 2

http://www.microsoft.com/downloads/d...displaylang=en



Download the file & save it as it's originally named, next to ComboF... Read more

1 more replies
Answer Match 84.42%

Hello everyone

I've been getting this error again and again, and my computer is hungup or BSOD after awail...

Do you know what can I do to fix it? Or what the problem is??
Thank you!!


Asrock X58 Supercomputer bios 3.10
i7 920 (bloomfield) @2.67ghz -1.128vol.
Corsair 12GB (6X2GB) @1333
1st PCIE - Nvidia GeForce 9800GT
2nd PCIE - Nvidia GeForce 9500GT
3rd PCIE - Nvidia GeForce 8800GS
4th PCIE - Nvidia GeForce 8800GS

RAid5 4X 500GB Seagate ST3500410AS
1X 500GB WD500AAKS
TSST Corp CDDVDW SH-S203p

Realtek PCI-e GBE (onboard)
Realtek PCI GBE (1st PCI)

==========================================================================================
if the 2nd onboard Realtek Pcie gbe is Active I get this error
Driver PCI returned invalid ID for a child device (01000000684CE00000)
and after a will I get BSOD


The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800d488038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\071410-48359-01.dmp. Report Id: 071410-48359-01.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2&l... Read more

A:Lots of BSOD & Hungup - Lots of Event17 WHEA-Logger

Hi,

Please follow these instructions: http://www.sevenforums.com/crashes-d...tructions.html

Attach the .zip file to your next post in this thread.

Btw, have you seriously got 4 graphics cards in your computer!

Regards,
Reventon

3 more replies
Answer Match 84.42%

dell inspiron 6000
running xp pro
here is HiJackthis list
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:20 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Co... Read more

More replies
Answer Match 84.42%

Hi!
Have used BC over the years, and always found you guys to be extremely helpful, knowledgeable, and efficient.  Always happy to recommend you to others. Uninstalle the ASPCA we-care virus with revo uninstaller.
 
My Norton is down, I know; my dad gave me the box with his Norton, but the code was cut out.  Working on getting Norton up and running again.
I paste dds and attach the attach, as requested.
---Mark Miner
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by mark miner at 13:35:13 on 2014-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2934.1428 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C... Read more

A:slow; lots of "program not responding,"lots of "this page can not be displayed."

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

10 more replies
Answer Match 84%

Hi,
 
I sure need help  --- I do not know how to deal with viruses, trojans, spyware, etc.
 
My husband and I were traveling. We had to use public Wifi places to check our email on our laptop. when we got home and checked our email accounts on our laptops, we found some really weird looking email messages. I 'think' my husband opened one that had his name in the Subject line, but we deleted all he other ones that looked strange. We did not open those emails, just deleted them.
 
Now all 3 of our computers are doing really weird things. I have run scan after scan after scan, both downloaded one and online ones. Sometimes they find problems and fix them. sometimes the scans find nothing. Yet our problems just seem to be getting worse and worse. I DESPERATELY need a lot of help.
 
I know it would be very confusing to try to work on all 3 of our computers at once so maybe we can start with my husband's desktop computer.
 
I am currently running Avast on it and it has been running for hours. It is find TONS of things like these ----
 
"...is infected by win32:Funweb-K [Pup}"
 
"...is infected by JS: ScriptIP-inf [Trj}
 
etc, etc, etc.
 
 
 
I have very little knowledge of how to fix a computer problem and no idea what to do. And I have absolutely NO idea how our desktops became infected from our lap top.
 
 
Is anyone willing to help me? I know it is bad and will probably take a long time to fix, but I need help... Read more

A:Used public WiFi - LOTS and LOTS of problems now - Newbie needs help

CORRECTION to my post above -
 
When I said "when we got home and checked our email accounts on our laptops", i meant to say our deaktops, not laptops.We have 2 desktop computers and 1 laptop. They are all infected badly.

25 more replies
Answer Match 84%

Hello Bleepers! You have helped me in the past and I am back. This time, this is my mom's computer and she didn't have a firewall (until now) and so this thing was infected beyond anything I have seen!I will be posting the log below, but first let me tell you a few things. I did follow the preparation instructions as best as I could, however, there were certain things I could not do.Ad-Aware:I kept running Ad-Aware and rebooting and it kept finding 50+ new critical items every time. I then disconnected the internet access to the computer and ran it. This way I got it down to 2 entries it said it couldn't removed and it couldn't remove them even after restarting.Spybot:A similar thing happened with Spybot, except I connected to the internet only to download the software and updates and disconnected to do the scan and fixes. Spybot also said it couldn't fix certain items, EVEN AFTER doing it during rebooting.I then ran HouseCall, Bit Defender and Avert Stinger (Panda was taking too long and I wasn't sure if it was stalled).Then, I installed ZoneAlarm and Finally ran HijackThis.Hopefully you can help me get this thing cleaned up and it top shape soon! Thank you in advance for all your help!------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 11:17:20 PM, on 8/21/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINNT\System32\smss.exeC:�... Read more

A:Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Hello,We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click here to get Service Pack 1Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.After you have updated your computer to SP1, please restart your computer and post a new HJT log.

10 more replies
Answer Match 84%

Summary:

Lots of errors in Windows XP immediately after fresh install following a format.

PC Spec

AMD Athlon 3200+ XP
Radeon x800 XT PE VPU 256 mb
1024mb DDR 400 3200 RAM
2x 160gb HDD, 7200 rpm blah blah
Audigy 2 ZS Sound Card, Creative SB
Wireless Internet Connection (D-Link Wireless Router, 2.2mbps connection)
2x Optical Drives, DVDRW 4x, CDRW 50x

Problems Encountered

1) Windows Installation : Various files cannot be copied and/or not copied correctly. Giving blue screen of [enter] retry, [esc] skip or F3 to abort installation. Files constantly failing to copy : cyycoins or something, lots of .chm files, too many to mention. Curious thing is, same problems for both optical drives and both HDDs, varying both for many installations.

Eventually I held down [enter] and the files went in, well some didn't but Windows booted fine.

2) Warhammer Dawn of War : Winter Assault. wh40k.cab is corrupt. Changed optical drives during installtion, installed fine. Could be hardware issue with my cdrom?

3) Same game, when playing will crash to desktop. No error message sometimes, no indication of crash (no freezing or warning sounds or stuttering, just flat out BOOM, .exe gone. Sometimes error message appears to send error report, sometimes doesn't. Occurs while under load (heavy gameplay) and while idle (like leaving it in menu for ages. Go away to get food, come back game gone, only desktop)
I thought this could again be CDROM issue, with the copy protection not keeping th... Read more

A:Lots and lots of XP errors : Random program crashes etc etc.... >:¦

6 more replies
Answer Match 84%

Bitdefender Total Security 2011, Real Time Protection Disabled (WINDOWS XP >Says I have NO Anti-Virus) I really need help and I can't seem to find any. Its really making me sick..
Watch this
&#x202a;Bit Defender Total Security 2011 Real Time Protection Disabled&#x202c;&rlm; - YouTube

(This is all I know, and I DID A FRESH Install of my OS and formatted my pc well I did the Format then re-installed my OS then installed BD). That my good sir is when I hit a brick wall!!!

Operating System
MS Windows XP Home 32-bit SP3
CPU
AMD Athlon XP
Thoroughbred 0.13um Technology
RAM
2.00 GB DDR @ 133MHz (2.5-2-2-6)
Motherboard
MICRO-STAR INTERNATIONAL CO., LTD MS-6390 (Socket A) 26 ?C
Graphics
COMPAQ FP7317 ([email protected])
S3 Graphics ProSavageDDR
Hard Drives
78GB Seagate ST380011A (PATA) 36 ?C
Optical Drives
HP DVD Writer 1040r USB Device
LITE-ON DVDRW SHW-160P6S
Audio
Realtek AC'97 Audio for VIA ? Audio Controller

Operating System
MS Windows XP Home 32-bit SP3
Windows Security Center
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Firewall
Firewall Enabled
Company Name BitDefender
Display Name BitDefender Firewall
Product Version 14.0.30.357
Antivirus
Antivirus Enabled
Company Name BitDefender
Display Name BitDefender Antivirus
Product Version 14.0.30.357
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Da... Read more

A:[SOLVED] Lots and lots of trouble with bitdefender and windows xp..

In Bit Defender, do a Live Update of your virus and software definitions. That should update you to the latest version. Or post to their forum, you will get a better response then in this general Microsoft Forum. or better yet, uninstall it and use Avast Free version and or Microsoft Security Essentials.

15 more replies
Answer Match 84%

since a week I have been getting the following spybot alerts whenever I boot up my computer. I keep denying the change, but not sure what to make of it. I don't think it's any good.

Spybot Search & Destroy
Category: winlogon
change: value deleted
entry: Shell
old data: c:\recycler\s-1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windoes\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe
new data: (blank)

Spybot Search & Destroy
Category: Winlogon
Change: Value Change
Entry: TaskMan
Old data: c:\recycler\s-1-5-21-0644449550-9642043494-812783143-2613\pv8g67.exe
New data: C:\RECYCLER\S-1-5-21-9516793152-0396749843-580062649-1820\pv8g67.exe

Spybot Search & Destroy
Category: System Statup user entry
Change: Value added
Entry: qplsec
Old data: (blank)
New data: c:\windows\system32\qwmmmse.exe

Spybot Search & Destroy
Category: Winlogon
Change: value changed
Entry: Shell
old data: c:\recycler\s\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32,velplsme.exe
new data: c:\recycler\s-1-5-21-9516793152-0396793152-0396749842-580062649-1820\yv8g67.exe, c:\reclycler\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe

Spybot Search & Destroy
Category: winlogon
change: value cha... Read more

A:Spybot is detecting changes in Winlogon, lots and lots of blacklist pop ups

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:37 AM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dash\4990891\Program\ServiceWrapper-4990891.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\The Sabre Group\Sabre32\Cfgsrvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NAVCOLR.EXE
C:\Program Files\NDAS\System\ndassvc.exe... Read more

1 more replies
Answer Match 82.32%

Ok, I have lots of XP problems:

Can't open My computer from the desktop, the computer just locks up whilst attempting to open it, showing me the animated torch, saying it is looking for files.

The computer is running really slow, locking up and crashing programs for no apparent reason.

Cant access the drop down box (shortcut key F4) in windows explorer/applications/anywhere.

Internet explorer refuses to do anything if I type a web address without the http:// into the address box. It worked before, but now it isn't for some reason.

Finally, when I restart windows, it locks up for anything up to 5 minutes when it comes back up. The windows bar with the start button on, when I pass my mouse over it, the pointer turns to an hourglass and I am unable to do anything unti it sorts itself out.

I have tried running several anti virus programs, including AVG, Mcafee and Norton. Only AVG came up with a virus, 'Dialler'. I cleared this and it didn't make any difference. I alos tried system restore from several points, but each time it told me that it was unable to restore.

If ANYONE can give me any help at all, I would be extremely grateful.

Yours,

Wayne Donnelly.
 

A:Lots and lots of XP problems - I'm tearing my hair out

6 more replies
Answer Match 81.48%

Hi
My computer has been having serious popup issues and internet explorer doesn't work most of the time. I have enclosed a hijack this log.
Thanks for the help,
Jon

Logfile of HijackThis v1.99.1
Scan saved at 7:22:03 PM, on 2/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\advpack8.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110088~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0... Read more

A:Lots of Popups

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

You have the Peper infection. Download PeperUninstall. Ma... Read more

6 more replies
Answer Match 81.48%

Hello. I've been having a problem since July 31st, I think it was. I was on the internet, when all of a sudden, from what I can remember, I got lots of popups, and under ctrl-alt-del, there were some running programs listed like program1 or something. There were also new icons on the desktop and I think some other problems. Sorry, I don't really exactly remember. Anyways, I rebooted, and managed to fix some of the problems by running ad-aware and spybot, and manually deleting some stuff. But theres still some remaining problems.

So here are the current issues.. Whenever the internet is connected, mostly when internet explorer is opened, every few minutes I get popups like Amaena, ad.yieldmanager, adfarm, drivecleaner, ilead.itrack and mpmediaholdings, which show up on the toolbar and I can close right away. Also, there are popunders which I don't see until minimizing any running programs and that don't come up on the toolbar. Some of these are cheappress, dofact, greatbulletin, gojournalists, realrealities, img.mediaplex and yourtruths. Also, sometimes when I turn on the computer, a program called WebHancer is listed under Add/Remove programs and in the program files folder. Whenever I run Ad-Aware, things like Look2Me and Webhancer are found, which I delete, but it always says that some files could not be deleted. Anyways, thats all that I can think of. Should I get hijackthis, I think it's called? Any help would be really appreciated!!

A:Lots Of Popups

Hi simgirl678I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.Please read, and follow, all directions carefully!!!Read Preparation Guide for use before posting a HijackThis Log.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet. A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner. Stelios

3 more replies
Answer Match 81.48%

Hi there i am getting loads of popups that arent coming from the websites in IE, all sorts of scanning popups etc. I have followed the please read thread and still get them.

Please can you have a look at my HJT log thanks,

Chris

A:Lots of POPUPS

Please post the contents of your HJT log here. Do not attach the log as a file to your post. One of our analysts will be happy to help you .

19 more replies
Answer Match 81.48%

My computer has become almost unusable due to the amount of popups I am continually getting. I have tried using Ad-Aware with the latest updates as well as AVG Free Edition with the latest updates and it has not really helped.I am getting normal popups in IE (new windows) and in FireFox it is giving me multiple tabs and auto resizing my Firefox window as needed. It is also poping up graphical browserless popups. Actually they look pretty cool, but they are annoying to say the least.I am using Windows XP Professional, service Pack 1 with recent updates from windowsupdate.com.I don't know what to do next, but here is my Hijackthis log. Hopefully my problems are easily identifiable and fixable.Thanks in advance.Lorenzo_CALog follows:Logfile of HijackThis v1.99.1Scan saved at 1:24:59 AM, on 2/7/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\RegSrvc.exeC:\Program Files\Spyware Doctor\... Read more

A:Lots Of Popups

Hi There! I am currently working on your log and am checking it with a teacher.I will get back to you as soon as possible.David

10 more replies
Answer Match 81.48%

I have used Norton AV to remove viruses and have run Ad-Aware SE Personal 1.06, which cleaned out a lot of things, but am still getting popups in a major way. I did a HijackThis log just before I started with the Norton and Ad-Aware, but have not had access since to obtain another log. I will have a limited time access later today to the PC in question. Can someone go through this log and post a fix for me for the popups by 3:00 pm CST today? That would really be helpful. I will repost a new HijackThis log as soon as I get access to the PC today.Thanks. Here is the log contents.Logfile of HijackThis v1.99.1Scan saved at 8:27:46 AM, on 1/19/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Network Monitor\netmon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS&... Read more

A:Getting Lots Of Popups

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall New.Net.Click here to download ewido anti-malware - it is a trial version of the program.Install ewido.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screen.You will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Then:Click on scannerClick on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido.Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.

2 more replies
Answer Match 81.48%

Hi,

I'm having a lot of popups on my computer.

I have popup blocker enabled on IE, but there is still a problem.

Should I post a hijackthis log? If so, what steps do I need to take, I forgot the process...?

Thanks a lot!

A:Lots Of Popups

Hi,before we go to the HJT,if we have to let's run this. Are you running XP?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal proc... Read more

1 more replies
Answer Match 81.48%

hi my gf click on some wintouch program? need help fixing it. thank you. ive been trying to read earlier posts on how to dispose but not quite sure exactly.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:51 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\... Read more

A:Lots of popups and ads..help please

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found a... Read more

1 more replies
Answer Match 81.48%

Hello. I'm trying to help a friend get rid of a bunch of popups. I've run a number of different virus and spyware scans in Safe Mode and otherwise with no luck. I uninstalled everything that looked suspicious.

I've never had to post a HijackThis log before. Hope I did it right.

I appreciate any help you can give me.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:46:01 AM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Do... Read more

A:Lots of popups

I have to have this machine functional by MOnday, so I'm trying more self-diagnosis. If I don't get it clear by a reasonable time on Sunday, I'll wipe the machine and reinstall Windows, which I'm tempted to do anyway. This isn't meant to rush anyone... I know you guys are busy and greatly appreciate that you're doing this service for free. I'm simply explaining why I can't be more patient.

In any case, I've seen Combofix suggested for cases similar to mine, so I ran it. Here is the log:

ComboFix 08-01-04.1 - Barbara 2008-01-05 12:50:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.671 [GMT -8:00]
Running from: C:\Documents and Settings\Barbara\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Barbara\Favorites\Error Cleaner.url
C:\Documents and Settings\Barbara\Favorites\Privacy Protector.url
C:\Documents and Settings\Barbara\Favorites\Spyware&Malware Protection.url
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\00700137.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html
C:\... Read more

2 more replies
Answer Match 81.48%

First of all, thanks a million to anyone who can help with this.
I've recently gotten badly infected with popups, especially to www.loadingwebsite.com which starts up IE, even if it isn't running, or if something else is running (happened even while I was playing FarCry). But popups also happen for other websites, a lot of which just go to a raw IP address. Also, something has happened to my recycle bin, it doesn't show any files when I put something in it.
Finally, every now and then, two icons (shortcuts) get installed on my desktop, one for some game with a pack man logo, and another for "Celeb Pics" with a girl logo.

Here's my HJT log, which was produced with the Hyjack log analyser as described in the sticky post at the top of this forum.

Thanks for your time, hope someone can help.

Cheers.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot... Read more

A:Lots of Popups here's my log

You've got a nasty one there. We'll get you cleaned up, but stay on the path.

=========

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on... Read more

8 more replies
Answer Match 81.48%

Logfile of HijackThis v1.99.1
Scan saved at 12:07:10 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\WEBTIM~1\RTServer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {537... Read more

A:Help.. Lots of Popups

Download L2MFix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening. After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!

5 more replies
Answer Match 81.48%

I have already ran the CWShredder and it removed CWS.AFF.TOOLBAND, but still have popups..

Logfile of HijackThis v1.99.1
Scan saved at 3:32:30 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PSupport\psupport.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\program files\altnet\points manager\points manager.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\DropSpam\oesrv.exe
C:\windows\system32\nldsregs.exe
C:\WINDOWS\system32\lwinmodv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\program files\zango\zango.exe
C:\Program Files\Dell Support\DSAgnt.exe
... Read more

A:Lots of popups

16 more replies
Answer Match 81.48%

Hi There,

Can someone please help, I'm having problems with loads of popups on my computer.

My Highjack This Analyser log is as follows:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/23/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O23 - Service: AVSync Manager - Unknown - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 14:52:35, on 15/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Altiris\AClient\AClient.exe
c:\centenn.ial\audit\CAgent32.exe
c:\centenn.ial\audit\xferwan.exe ... Read more

A:help - lots of popups!

Dave tell you about us, did he?

=============

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Downl... Read more

6 more replies
Answer Match 81.48%

Logfile of HijackThis v1.99.1
Scan saved at 17:26, on 2007-08-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Rtvscan.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\... Read more

A:Lots of popups

7 more replies
Answer Match 81.48%

Logfile of HijackThis v1.99.1
Scan saved at 11:53:49 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Odyssey Client for Linksys\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Odyssey Client for Linksys\OdTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Ares Lite Edition\AresLite.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Micros... Read more

A:Lots of popups

Hello mwabaseballkid,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)
When SpySweeper starts, please accept any prompts to update definitions. Exit the program after you have updated.

---------------------------

Go to My Computer->[B]Tools[B]->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Viewpoint
SurfAccuracy
WinFixer_2005

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make s... Read more

3 more replies
Answer Match 81.48%

So I stupidly fell for a new scam. DivoCodec was supposed to be a codec but in turn was probably the virus that started the whole thing. It put 16 way.exe on my computer. I got rid of that and did a system restore. Here is my current hijack this log. Thanks in advance for the help.Logfile of HijackThis v1.99.1Scan saved at 10:12:06 AM, on 8/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Visioneer OneTouch\OneTouchMon.exeC:\Program Files\Adobe\Reader 8.0\Reader�... Read more

A:Hjt Log, Need Help - Lots Of Popups

Hello jasonmlit,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 81.48%

hii have suddenly started getting popups on my computer and my system has become slow too.i don't know with what the system is infected...i have tried doing all the steps mentioned but none work.i cleaned the temporary files and temp files.i downloaded adaware and spybot but both failed to run on the system.i scanned the system with mcafee and it did not detect any virus.i scanned with housecall antivirus thrice but every time the window disappears all by itself.i ran the mcafee stinger but it said it was an outdated version and didnot detect anything.my computer doesnot shut down or logoffeverytime i pulloff the plug and start it i have a msg saying some files required for system stability have been replaced by unrecognised versions and that it needs xp cd 2...which i donot have.i am at wits end beause my exam is soon and i have all the material in the system and my only way of communication with my family abroad is through the net somebody please help me what to do....the ads i get are powered by websell or something...thats what i keep getting on the popupsthis is the logfile......any help please...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:45:16 AM, on 1/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\ls... Read more

A:Lots Of Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jyoshuMy name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Download RenV.exe to your desktop,double click to run it:http://download.bleepingcomputer.com/sUBs/Beta/RenV.exeWhen its finished it will produce a Log.Please post the contents of that Log into your next reply.... Read more

20 more replies
Answer Match 81.48%

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:51:26 PM, on 05/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\seekmo\seekmo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\mstsc.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class ... Read more

A:Lots of popups. Help!

Hi and welcome to TSF.

My handle is TexRanger, and I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread by clicking Thread Tools then subscribe to this thread so that you are notified when you receive a reply.

Please be patient with me during this time.

5 more replies
Answer Match 81.48%

Heres my log, can anyone help?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:20 PM, on 4/10/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exeC:\Windows\system32\Taskmgr.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Lots Of Popups, Not Even When In Ie

Hello Lhall9184 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

1 more replies
Answer Match 81.48%

Hi, this is my first time using this website and I thought i'td try it out. I am running Windows XP Professional. All of a sudden when I turned my computer on, all these popups started coming and my icons on my desktop were messed up. I've tried using adaware, spybot, and cleanup. I've deleted like at least 200-300 infected files with adaware and spybot. I've also tried to clear all temporary internet files, history, etc. The popups are still here and I think I may have been infected with something. Can someone please look over my HJT log file and tell me whats wrong? thanks for taking time to look over this post. Here is my file:

Logfile of HijackThis v1.99.1
Scan saved at 4:32:44 PM, on 10/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lo... Read more

A:Lots of Popups every second! need help please!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

2 more replies
Answer Match 81.48%

Logfile of HijackThis v1.97.7
Scan saved at 2:41:03 PM, on 6/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rogers\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http:/... Read more

More replies
Answer Match 81.48%

Here's my hijack this log. Can someone please tell me what I've got to do to get rid of all the popups.

Thanks muchly
Logfile of HijackThis v1.97.2
Scan saved at 9:36:24 PM, on 9/30/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\PNLT32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\LTMSG.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\TOTEM SHARED\UNINSTALL0001\UPD.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\BELKIN\BELKIN WIRELESS USB ADAPTER MANAGER\WLANMONITOR.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\WINSERVS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\KAP.GMT\KAPLAN HIGHER SCORE GMAT.EXE
C:\WINDOWS\S... Read more

A:Lots Of Popups

6 more replies
Answer Match 81.48%

Hi there,
A few days ago I mistakenly installed an .exe file that was supposed to be a vide downloaded from a torrent site. I immediately realised my mistake but it was too late. Since I have had a nightmare trying to remove the virus or trojan or whatever has infected my computer. It installed something called "safesurf" I think and now popups come up when I am using any of the three browsers, mozilla, chrome and explorer. I have tried numerous malware removal tools to no success. I even purchase spyhunter and although it has removed some stuff the annoying popups still appear. I have also noticed that a tool bar has been created in chrome, at the top of the page, and whenever I type anything in the main google window it gets written in that toolbar instead and then when I hit enter, it redirects briefly to play-bar.net and then to bing for the search.
I dont know what else to try.
 
THis is the FRST log. THanks very much in advance for your help
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Alfons (administrator) on VINENTS (04-08-2016 02:52:17)
Running from C:\Users\Alfons\Downloads
Loaded Profiles: Alfons (Available Profiles: Alfons)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recover... Read more

More replies
Answer Match 81.48%

My uncle's been getting a ridiculous amount of popups on his PC. He asked me to help. I ran a spyware cleaner and a trend micro virus scan but it didn't help. Since I'm useless, I'll post his hijackthis log here.

Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:32:45 AM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\syst... Read more

A:Lots of popups. Please help.

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

2 more replies
Answer Match 80.64%

I've started a new thread because I am totally new to this so please bear with my ignorance. My choice to start a new thread also is because I didn't know where to start adding a thread as I've so many problems at the same time. They may be interlinked but I don't have a clue.

I keep getting unwanted popups as follows:

C:\Documents and Settings\Anna.I3SPXNTOXU2KDLB\Local Settings\Temp\~DlfnTmp1\index.html
Advert popup for Friends Reunited
________________
C:\Documents and Settings\Anna.I3SPXNTOXU2KDLB\Local Settings\Temp\~DlfnTmp2\index.html
http://66.230.146.2/sms-universe/sms-uk-bm15.html
Another advert popup for Friends Reunited
_________________
Ringtone Universe popup
---------------------------
C:\Documents and Settings\Anna.I3SPXNTOXU2KDLB\Local Settings\Temp\~DlfnTmp2\index.html
Blank page popup - This looks to me as though its linked to Hijack this!!!
___________________
http://e.rn11.com/adbuys/a405-admed-ron
System Alert popup with details: image name spy_dos_orange_600_400
This one tells me I have MAY have various worms and spyware files on my computer, tells me they cant be removed and to click OK to remove them. I haven't done this as I searched my computer for all the files listed and didnt find any (not to say that they are not ther though of course!)
_____________________
http://www.loadingwebsite.com/normal/yyy17.html
Blank page (was the ringtone page for driving frog) I think I might have blocked this with popup blocker blocked site... Read more

A:Loadingwebsite, popups and lots more!

Sounds like alot of bad spyware and adware. You should download Spyboy Search & Destroy. You can get it here:

http://www.safer-networking.org/en/index.html

Its free, and it works like a bad-*** oughta.

Hope this helps.

15 more replies
Answer Match 80.64%

ran spybot and cleaned what it found but still have lots of spyware popups and messages
hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:21, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:... Read more

A:lots of spyware and popups

====================================================

Hello! You are infected!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

====================================================

5 more replies
Answer Match 80.64%

i think i have a virus. i havn't installed anything new, and i keep getting little flashing icons saying i need malware protection and i keep getting loads of popups.
one more very annoying thing is my ie homepage was changed to some spyware page, and i cant change it back.
so now im getting:
annoying blinking icons
loads of popups
unable to change my ie homepage

please help me this is very annoying and its keeping me from getting any work done.
im not sure what it could be!
 

A:PLEASE HELP ME i think i have a VIRUS (lots of popups)

11 more replies
Answer Match 80.64%

my computers is getting lots of popups and it's been running really slow. please help me figure out what's wrong. thankyou lots.

Logfile of HijackThis v1.99.1
Scan saved at 6:29:13 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Fi... Read more

A:Solved: please help, lots of popups

7 more replies
Answer Match 80.64%

so i ran adaware and etc and they found lots of stuff. but i still have popups...logLogfile of HijackThis v1.99.1Scan saved at 9:17:13 PM, on 4/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\QWltZWUgQnV5ZWE\command.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\UB-VPN\cvpnd.exeC:\Program Files\NavNT\defwatch.exeC:\WINDOWS\msput.exeC:\Program Files\Network Monitor\netmon.exeC:\Program Files\NavNT\rtvscan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\NavNT\vptray.exeC:\Program Files\D-Tools\daemon.exeC:\Program Files\QuickTime\qttask.exeC:�... Read more

A:Hijack Log Lots Of Popups

Hello and welcome.. Lets get started. ==Please download Look2Me-Destroyer to your desktop.Disconnect your PC from Internet; pull your plug out if necessary.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Re-connect back to the internet.Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. If Look2Me-Destroyer does not reopen automatically, reboot and try again.

6 more replies
Answer Match 80.64%

When I use google I am constantly re-directed. Also, when I am connected to the internet I keep getting pop-ups, even when not using google. The pop-ups are often search related. Also, my computer runs very slow and seems to be constantly thinking even when there are not any programs running. I have 1GB of ram. It is the Toshiba Satellite A75-S213.
I scan with AVG and Trend Micro Office Scan. They are not showing any problems in the scans. My operating system is Windows XP Professional.
Hopefully this is enough information to get started. My hijackthis log is below.

Thank you for your help.
Jessica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:35 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardia... Read more

A:Getting redirected and lots of popups

16 more replies
Answer Match 80.64%

Hello there,

I am trying to cleanup my PC which popups lots of messages. Here is my
hijack this log file. Please help.

Logfile of HijackThis v1.97.7
Scan saved at 9:19:43 PM, on 10/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\dite.exe
C:\Thanesh\Mitel\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.... Read more

A:Lots of popups - Need help with hijack this

Get these

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their definition updates and then run AdAware and Spybot, fixing anything they say.

and then get the latest HJT and repost

HiJack This http://www.majorgeeks.com/download3155.html
 

2 more replies
Answer Match 80.64%

Spybot found and fixed 40 problems, Ad-aware found 110 Objects, Fixed, CWShredder removed CWS.Searchx, 2 infected IE registry values and CWS affiliate: Madfinder.

Here is the HijackThis file.

Logfile of HijackThis v1.98.2
Scan saved at 9:31:45 AM, on 12/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\winnt\system32\rcmdsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\System32\MsiExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINNT\loyyy.exe
C:\Program Files\Web_Rebates\WebRebates0... Read more

A:HJT with LOTS of POPUPS and ICONS!

13 more replies
Answer Match 80.64%

i constantly get many, many popups, any help would be appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:26:54 PM, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Documents and Settings\Emma\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\explorer.... Read more

A:Lots of spyware/popups, please help

Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.
Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot"

On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

10 more replies
Answer Match 80.64%

I was recently infected with a adware called duce6. Ever since, I have been bombarded with popups and my drivers, ALL OF THEM, Video, Audio, USB, ALL have been uninstalled... Here is my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 3:03:49 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\win32093161929218.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Documents and Settings\AtomicBucket\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [mmahre] C:\WINDOWS\system32\muvpsg.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: ... Read more

A:No Sound. Lots-0-popups.

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.You are missing one important program on that computer - an antivirus! This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as you can and run a complete scan of the computer. AVG and Avast are excellent, free antivirus programs..Never install more than one antivirus on your system - several together can cause problems and decrease performance.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O4 - HKLM\..\Run: [mmahre] C:\WINDOWS\system32\muvpsg.exe reg_runO4 - HKLM\..\Run: [win32093161929218] C:\WINDOWS\win32093161929218.exeO4 - HKCU\..\Run: [iihjt] C:\WI... Read more

9 more replies
Answer Match 80.64%

Logfile of HijackThis v1.99.1Scan saved at 9:36:42 PM, on 5/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\eManager\anbmServ.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\psdriver\psdriver.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Java\jre1.5.0_09\bin\jusched.exeC:\Program... Read more

A:Lots Of Popups Infected?

Help!!!!

6 more replies
Answer Match 80.64%

Recently i have been getting lots of gambling pop ups and a sign what pops up next to my clock saying there is a virus threat. This directs me to this site hxxp://malwarewiped.com/?aid=237Anyone help?Heres my hijack this logcheers!Logfile of HijackThis v1.99.1Scan saved at 17:14:44, on 2/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Security\pmsnrr.exeC:\Program Files\Internet Security\pmmnt.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Java\jre1.5.0_03\bin\jucheck.exeC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\Program Fil... Read more

A:Lots Of Gambling Popups

Hello,* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against next entry:O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - (no file)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the ... Read more

2 more replies
Answer Match 80.64%

If i du a vundofix program it just comes back after a whileand nothing seems to be catching what is going on with my system, I run ad aware and spybot and the windows Onecare scan and it fixes a few things but they all just come back up. Anyone see anythin that culd be the probem?Logfile of HijackThis v1.99.1Scan saved at 6:28:20 AM, on 7/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINNT\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\DBSRV8.EXEc:\client803\client\sysmonsvc.exeC:\WINNT\system32\nvsvc32.exeC:\Program Files\Dantz\Client\Remotsvc.exeC:\WINNT\system32\skeys.exeC:\Program Files\Dantz\Client\retroclient.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Progra... Read more

A:Lots Of Popups And Freezing

Hello and welcome aboard Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YES.Once you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply along with the others requested..Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.=====Please download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply, aswell as the VundoFix log and a fresh HijackThis log. Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

2 more replies
Answer Match 80.64%

I have run spybot and cwshredder in safe mode. This is my hijack this log after I rebooted into normal mode. Not sure how to get rid of everything here. Thanks for any help.
Logfile of HijackThis v1.97.7
Scan saved at 9:15:52 AM, on 08/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINACS\ACSTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\wdskctl.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Free Downloads Accelerator\fdaagent.exe
C:\Documents and Settings\pwalker\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet E... Read more

A:HijackThis log - lots of popups

Lets begin by rescanning once again with hijack and putting a check next to each of the following then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll

O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll

O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2603963ee82825b4f806/netzip/RdxIE601.cab
then reboot into safe mode http://dotcomsecurity.org/forums/index.php?showtopic=55
Open windows explorer, find then delete:
C:\WINNT\wdskctl.exe

Reboot
Download Adaware Se from http://www.lavasoftusa.com/support/download/
In Ad-aware click the Gear to go to the Settings area.
The following items should be on a g... Read more

3 more replies
Answer Match 80.64%

my brother had a malware that kept hijacking his wallpaper and a weird antivirus program that told him to download it kept popping up. After running a couple of spyware programs i was able to remove these annoying messages. But after that i started to get some 16 bit virtual console notice about a file that didnt exist. So i used atf cleaner and now that is gone also.

I;ve tried malwarebytes, superantispywares, trendmicro online, spybot.

I;m not sure if he has any trace of the malware left. How can i be certain that his computer is clean now?

The only thing i can't seem to finish scanning is the kaspersky online scanner. I can't get past 50 percent because the computer will restart.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:00 AM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.e... Read more

A:malware help with lots of popups

i also noticed that sometimes when the computer restarts he gets his error message

16-bit Windows Subsystem:

C:\Program Files\Alwil Software\Avast4\aswMonVd.dll.

An installable Virtual Device Driver failed Dll Initialization.

Choose 'Close' to terminate the application

I;m pretty sure he never installed avast since we use avg.
 

1 more replies
Answer Match 80.64%

I've been getting a lot of random popups for about a week now. I'v used NOD32 and ADAware Pro to scan the system but neither can find anything wrong. Please help. TIA


Logfile of HijackThis v1.99.1
Scan saved at 9:44:14 AM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\atung1\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\I... Read more

A:Lots of Random Popups

Is this the same machine as here:

http://www.techsupportforum.com/showthread.php?t=107949

Will you actually perform a fix that someone posts, and return with the requested logs?

19 more replies
Answer Match 80.64%

Today I fell for the update the media player scam and have been infected with tons and tons of extra tabs opening in Firefox.  I appreciate your help!!
 
DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280
Run by Sulphur Springs at 15:40:59 on 2014-10-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2038.1166 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PCTRunner\MyOSProtect.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30... Read more

A:tlvmedia.com - LOTS of popups!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

14 more replies
Answer Match 80.64%

i had my computer on and out of no where i received a bunch of popups and prgrams just started to install and i wasnt even in internet explorer

i have managed to get rid of alot of it but theres still popups and something called QoolAid that norton keeps scanning but not getting rid of
here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:34:15 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:... Read more

A:Please Help Lots of popups and errors!

16 more replies
Answer Match 80.64%

first off i would like to thank you before hand, you guys have always been of GREAT help to me and my close friends.

with that said. here is my problem, my friend brought me his computer to try and help him fix it. i couldnt so i here iam, again lol.
i ran hijack this on his computer before he left home and took it with him. here are the results.
Logfile of HijackThis v1.99.1
Scan saved at 8:15:49 PM, on 4/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program F... Read more

A:lots of popups when trying to email, etc.

9 more replies
Answer Match 80.64%

Logfile of HijackThis v1.99.1Scan saved at 9:32:31 PM, on 7/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5335.0005)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exeC:\WINDOWS\System32\CTSvcCDA.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\ssoftsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\System32&... Read more

A:I've Had Lots Of Popups. Am I Infected?

//Mod edit: Merged HJT logs//Previous Topic Title: "I Have A Mysterious Toolbar Appearing In Winpatrol., gebbbba.dll"My hijackthis log is as follows:Logfile of HijackThis v1.99.1Scan saved at 10:15:34 PM, on 7/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeF:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\... Read more

3 more replies
Answer Match 80.64%

Hi - I have been struggling with popups for a long time. It has recently gotten worse - I receive a box on my screen saying server busy - retry or switch. The only way I can get rid of it is to close all of my web browsers (which ends up causing an error to be sent to Microsoft) and hitting retry to open up the popup. I have followed all of your instructions for checking logs. Attached is my results.txt log which was run after adaware, after the online virus scan and is the result of the analysis of the Hijack This log. Any help you can provide would be appreciated - these popups are killing me! Thank you.

Result.txt:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesd... Read more

A:Please check HJT log - lots of popups

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

2 more replies
Answer Match 80.64%

Logfile of HijackThis v1.99.1Scan saved at 11:59:53 AM, on 2/13/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\COMPAQ\ACLIENT\ACLIENT.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINNT\System32\cpqalert.exeC:\WINNT\CPQDIAG\CPQDFWAG.EXEC:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXEC:\WINNT\System32\svchost.exeC:\WINNT\system32\hidserv.exeC:\Program Files\Compaq\LCRMS\LCRMS.EXEC:\Program Files\Canon\MultiPASS\mpservic.exeC:\Program Files\Network Monitor\netmon.exeC:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINNT\system32\MSTask.exeC:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINNT\system32\stisvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmn... Read more

A:Honestly, This Pc Has Lots Of Popups

Sorry, I am new to this. I didn't put too much info in that post. The pc I am trying to clean of popups/adware/malware is running Win2k pro. I ran Microsoft's AntiSpamware twice, Spyware Vanisher twice and Trend's Housecall. All found items to remove and I removed them. However, popups are still coming up on this pc. I have submitted the HiJack This log file above. All help in resolving this is much much appreciated.

Thanks in advance.

4 more replies
Answer Match 80.64%

My homepage is changed and I get tons of popups even when Internet Explorer isn't open?
Logfile of HijackThis v1.98.2
Scan saved at 9:05:55 PM, on 10/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\auahcv.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\scagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\iPod\... Read more

A:HiJack This Log, I get lots of popups

Hi
Make sure you have already run Adaware, Spybot S & D(check for updates) and CWShredder as these will do a preliminary clean first.

Then....
If running XP turn off your System Restore. See Here.Reinstate it when your log is cleaned.Now close your browser window and run hjt in safe mode... How To Run Safemode and fix the items listed.Uninstall any folders that I have highlighted likewise,remove the highlighted files from your hard drive, as well as fixing all the items from the log. Make sure to have your system set to show hidden files and folders.. How To Show Files .Check first as some folders maybe uninstalled via the Add/Remove program..Please post a new log when finished....Please ask if you require further assistance.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet E... Read more

1 more replies
Answer Match 80.64%

I have tried all that I know to do. I have run adaware and spybot and both in safemode. I have tried to track down what a could and delete it. Now my system is running at a complete slow crawl and I can't stop the same popups over and over!!! I have tried reading other postings and now it is beyond what I can figure out. Here is my HJT log if you could help that would be great!!!

Thanks in advance!!

Logfile of HijackThis v1.99.1
Scan saved at 12:59:31 PM, on 2/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\ezSP_... Read more

A:?IBIS gone? Now Lots of Popups HJT log

6 more replies
Answer Match 80.64%

Windows Xp.

Popups everytime I use the internet. Since the pop-ups began, everything about the computer has been slow. Sometimes the desktop won't load on restart.

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 2:45:35 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Ass... Read more

More replies
Answer Match 80.64%

Here's my log...I have AVG Free and AntiMalware Bytes but they aren't really picking up anything...any advice would help!!! Thanks.


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:10:26 PM, on 2/28/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C... Read more

A:Lots of popups...here's my hijackthis log!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 80.64%

My computer has slowed down, even worse I get popups in the cornner and the homepage is not what I want.

A:Slow PC with lots of popups

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

8 more replies
Answer Match 80.64%

ive gotten most of it off but i still get lots of popups here and there

heres my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 9:48:14 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system... Read more

A:please help I've been attacked...lots of popups

6 more replies
Answer Match 80.64%

Hello everyone, im brand new to the site to please bare with me......I've tried everything that your forum tells me to do before posting on this site but none of it seems to work,ive used used spybot, avg, window washer, adaware SE and still the popups keep appearing. So, now it comes to this. I NEED HELP! I get popups (they open in IE when im running firefox) about every thirty seconds when i have an internet page open.the main problem started with cpvfeed.com, i think, then more pop ups just kept appearing. I'm really confused by the entire thing. My computer is only ever used by me so noone else in my family could have used it.. I have a hijackthis log as well, but I can't find anything on there that is relative (hopefully you guys will). I have some computer experience, but I have never come across anything this confusing to me. Any help would be greatly appreciated.In addition, Stinger (which I just dl'ed) says the comp is clean, as does all of the other various spyware, adware and virus detectors that I have.below is my hijackthis log. hope you can help me with this problem. look foward to your reply soon.thanks in advance for your helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:31:35, on 02/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.e... Read more

A:Help With .cpvfeed.com, Popups And Lots Of Them....

Hello and welcome aboard One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards.---------If you do want to clean this up,Please download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stal... Read more

7 more replies
Answer Match 80.64%

No matter what site I go to I get lots of random popups. I'm 100% sure they are coming from some type of spyware or virus, because as I said they come up anywhere I go, even my
I've scanned with Avira AntiVir Personal, AVG Antivirus, AVG AntiSpyware, and SUPERAntiSpyware, all with the latest updates and nothing has found it thus far.
Please help me, its driving me crazy!
Anyways, here is my HijackThis Log:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:57 PM, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\P... Read more

More replies
Answer Match 80.64%

This is my nephews computer, he was running without antivirus or firewall. I have installed and ran adaware, spybot, mccafe avert scanner, installed antivirus and firewall, and cleaned all temp files. I downloaded the programs from my computer and then installed to his. I can connect to internet with his but not get internet explorer to work without tons of popups to begin with, installed firefox browser and used it. But tonight couldn't get it to work either said it could not find page requested. I removed program called command.exe and new dot something. I have also downloaded the awido anti malware program, but did not get the option for advanced mode ( or maybe do not understand is this option given during install? if so I did not see it and I did it twice) therefore cannot run it in the safe mode. I unistalled it cause it kept wanting to restartmy computer. I have not been able to update my windows, I tried it tonight but could not get it to do anything. Anyways here is my hijack log.Logfile of HijackThis v1.99.1Scan saved at 6:58:55 PM, on 3/23/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:&... Read more

A:Lots Of Popups, Ie Not Working

Hi,The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.Then I'll take a look. Also, I don't even see ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.Please visit http://www.microsoft.com/windowsxp/downloa...p1/network.mspx and update to Service Pack 1. Without this update, you're wide open to re-infection, and we're both just wasting our time.When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

14 more replies
Answer Match 80.64%

Well, whenever I go to a website, I am greeted with the website and a popup. Its a little disturbing. Also, Internet explorer managed to open itself 30+ times once and on another occasion my computer froze while continuously making that noise where you try to click out of something but can't. DDS (Ver_09-10-26.01) - NTFSx86 Run by Malcolm at 9:12:41.06 on Sat 11/07/2009Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.91 [GMT -5:00]AV: ZoneAlarm Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CheckPoint\ZAForceField\ForceField.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program... Read more

A:Popups...lots of them, some crashes

Hi,uTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again: Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When ... Read more

2 more replies
Answer Match 79.8%

I recently downloaded a program and it ended up crashing my computer, when I rebooted I had to run from last known good configuration. Now it's constantly finding viruses, malware, etc. and displaying a lot of popups at the same time. Would appreciate any help, thanks!

Here's my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:58 PM, on 5/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C... Read more

A:Lots of viruses and continuous popups

bump
 

2 more replies
Answer Match 79.8%

Hi, I've followed the instructions in the preparation guide. Also was unable to remove smitfraud using instructions for smitfraudfix. Lots of popups. Here is my Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:25:28 PM, on 8/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\SiteAdvisor\6066\SAService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\st... Read more

A:Smitfraud, Winfix Lots Of Popups. Etc

Hello mike3334,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

8 more replies
Answer Match 79.8%

my girlfriends computer is running really slow and is getting lots of popups, can anyone help? shes running windows xp.
 

A:slow computer and lots of popups

download hijackthis - install it to its own folder on her pc, run it and post the log here

http://www.spywareinfo.com/~merijn/downloads.html
 

2 more replies
Answer Match 79.8%

I've been having a ton of pop ups with internet explorer, though I only use Mozilla. The pop ups are titled Internet Speed Monitor. Since this has started my computer has been really slow too, I'm guessing they're related. Adaware and Avast aren't getting everything, so I'm hopping someone here could help. Thanks!

-STEP 1-
I found none of these programs listed.

-Step 2-
Done

Here's the Panda Log

Incident Status Location

Virus:Trj/Downloader.QMW Disinfected Operating system
Virus:Trj/Downloader.QLZ Disinfected Operating system ... Read more

A:Lots of popups and just generally slow...

Hello and welcome to TSF.

Thank you for carrying out the requested steps.

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log please.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

8 more replies
Answer Match 79.8%

Ok i keep getting popups i got rid of alot of adware already but this one i cant mllji.dll i may have other virus as well here is the log.


C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\mllji.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe /auto
O4 - HKUS\S-1-5-19\..\RunOnce: [FirstLogon] C:\windows\system32\prefetch32\Rundll.bat (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [FirstLogon] C:\windows\system32\prefetch32\Rundll.bat (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: IBM.lnk ... Read more

A:HJT log mllji.dll found LOTS OF POPUPS

Tried to fix the mllji.dll but it morphed to this line. I did the safe mode delete. I think this is the vundo trojan.

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhe.exe

13 more replies
Answer Match 79.8%

Hello,

Im havin major problems. A few days ago I started gettg tese pop ups and I IE would open about 2-6 new tabwith blank pages on them. This happens about every minute and is driving me crazy. I also notice that Yahoo/google search is reallly slow, Some times IE just closes nd Ihave to reopen it. (Also just noticed that when typing on ths forum the site freezes and skips keys that I just typed about evry 5 sec)

I did some reading around this forum and used a few programs I saw oers using.

SpyBot - Search & Destroy
CWShredder
VundoFix

Others I aready had

PC Pitstop Optimize
Kaspersky Anti-Virus 6.0
FireFox

none of the above fixed my problem but did find a few errors.

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:43 AM, on 4/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C... Read more

More replies
Answer Match 79.8%

A few weeks ago i got a iphone, I played around with it and downloaded some .avi to .mp4 file converters. I think while i was downloading the converters i got some virus into my computer. Right now, stupid ad popups about anti-spyware softwares keep poping up everywhere from Internet Explorer. I'm a Norton fan, and thought Norton can always protect my computer. I installed Norton 360 v2, ran some scans, Norton detected: Trojan.Vundo, Trojan.LowZones, Infostealer.Gampass, Infostealer.Lineage, and some tracking cookies. But even after Norton has "fixed" these viruses, the popups still pops up. I run 2 more scans after, and Norton dont detect anything anymore.
Another issue beside the popups is that Windows Explorer sometimes fails and freezes recently, I don't know if it is connected to the popups or not.
I am running on Windows Vista Home Edition.
Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:52 AM, on 29/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\Netscape Accelerator\slipcore.exe
C:... Read more

A:Lots of Popups, Cannot detect by Norton

16 more replies
Answer Match 79.8%

xp keeps saying thins like
"your system is probably infected with latest version of spyware.cyberglog-x "
"system alert:[email protected]"
"your computer is infected with a black door trojan that allows the remote attacker"
"your computer is infcted with adware or spyware that displays advertisement while you browse the internet"
"security alrert [email protected]"
"your computer is infected with psw.x-vir trojan. psw trojan steals
"your computer is infected with a black door trojan that allows the remote attacker to perform various malicious actions"

I could not run panda for reasons that i dont know or dss because whenever i tried something would pop up and stop it.

hijackthis would run byitself though here is the log obtained:

Logfile of HijackThis v1.99.1
Scan saved at 10:58, on 2007-12-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe... Read more

A:lots of popups/trojan warnings

You have a few nasties sitting in your system.

Download Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your syste... Read more

19 more replies
Answer Match 79.8%

I think I have a virus and it is causing tons of popups to the point that I can't do anything on the internet. Below is the DDS and attached are a GMER file even though it wouldn't run completely I attached what it found for as far as it would go. I have since removed the SecureIT antivirus since it wasn't functioning properly anyways.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Lana Smith at 19:00:01.84 on Tue 04/27/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.71 [GMT -5:00]

AV: SecureIT AntiVirus *On-access scanning enabled* (Outdated) {12D9381A-7023-11DC-B2FD-DA9C55D89593}
FW: SecureIT Security Firewall *enabled* {B13BC22D-DCD7-4A2A-B2C7-983FEA4E48E8}
FW: SecureIT Firewall *disabled* {1DDC791B-8CD1-415C-9079-171B4414A8C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbb... Read more

A:Virus causing lots of popups

Hello and welcome to TSF.

If you still require assistance, please post a new set of logs from DDS and gmer as done previously, so I can see the current state of the machine.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

13 more replies
Answer Match 79.8%

Deckard's System Scanner v20071014.68
Run by Devin on 2007-11-09 00:56:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2007-11-09 05:56:52 UTC - RP23 - Deckard's System Scanner Restore Point
22: 2007-11-09 02:34:03 UTC - RP22 - Installed AVG 7.5
21: 2007-11-09 02:33:24 UTC - RP21 - Removed AVG 7.5
20: 2007-11-08 16:09:19 UTC - RP20 - System Checkpoint
19: 2007-11-07 15:52:00 UTC - RP19 - System Checkpoint


-- First Restore Point --
1: 2007-10-16 02:21:02 UTC - RP1 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-09 00:57:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer... Read more

More replies
Answer Match 79.8%

I have automatic updates set on my computer, and last night before I turned off my computer, I installed the latest update. Well, when I turned on the computer this morning, I immediately get a balloon telling me that spyware has been detected and I should get it scanned. This was followed by a whole lot of popups and the computer running very slowly. I did a system restore to Friday, and it seemed to clear up the popup problem so far, but it looks like I'm still running slower than normal. I just find it very strange how it seems like this happened as a direct result of an install of something straight from Microsoft. Below is my log, see anything wrong? Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:21 AM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe... Read more

More replies
Answer Match 79.8%

hi...my system got infected and i keep getting popups.i had this problem a week ago when a kind soul helped me and my system was fine...within a week again i have got infected and i keep getting these popups "powered by zedo" and webbuy.the internet explorer closes all by it self and i don't know what to do. my antivirus doesnot work now and i downloaded mcafee stinger and ran it but it didnot do much. the only programes i use are yahoo messenger and yahoomail...i am not able to see the webcam again.i am posting the log file....please help meLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:16:37 AM, on 1/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\cG9vamE\command.exeC:\Program Files\Juniper Net... Read more

A:Infected Twice In A Week...lots Of Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

11 more replies
Answer Match 79.8%

Heya all! Tryin' to fix up my sister's laptop. Internet Explorer is being wacky and because or apart from that, I cannot run many of the programs in the first 5 steps--specifically panda scan, IE-spyad, and DSS (sad face). She gets all the automatic updates for Windows, but I could not double check if she had them all as I got an error whenever I tried downloading. Any help would be appreciated! :)

Here is the HJT log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:07 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicm... Read more

A:Slow Computer,Lots of popups

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

11 more replies
Answer Match 79.8%

Hello. I have noticed a lot of popups lately, plus when I browse a website it appears their ads get hijacked by the same add from adv.net. When I try to update my McAfee it doesn't update.

Here's my log.txt from rsit.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-25 13:35:17
Microsoft? Windows Vista? Home Premium Service Pack 1
System drive C: has 124 GB (68%) free of 183 GB
Total RAM: 2813 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:21 PM, on 10/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.e... Read more

A:can't update mcafee and lots of popups

bump, please

7 more replies
Answer Match 79.8%

Hello,

I'm trying to help my dad fix up his pc.. It's almost unusable due to all the popups and it takes a long time to open a window. Could someone please help me help him?

From reading some other posts I'm assuming I have to download Hijack This and show you the log, which I've done and will paste here. I'm really not all that experienced with this stuff, so please be kind!

Thank you so much in advance...
Logfile of HijackThis v1.98.2
Scan saved at 4:57:36 PM, on 10/30/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINNT\System32\wfxsnt40.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINNT\System32\sqltok.exe
C:\WINNT\dhbrwsr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINNT\S... Read more

A:Lots of popups & running sluggishly

12 more replies
Answer Match 79.8%

Hello people.
I could sure use your advise.
My computer has alot of popups, and I'm sure other problems.
Could you please review this log file, and give me some advise and instructions to clean this mess up?
Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:52 PM, on 5/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\iTouch... Read more

A:HiJackThis Log File -Lots of PopUps.

7 more replies