|
| ||
| Major Popup Problem ok this is what is happening... computer is running very slow and has tons of popups that both spybot and adaware will not get rid of. Nortons is the anti-virus software on this computer. most likely downloaded a few bogus popup blockers/killers also, thx for your help Here is the HijackThis File. Logfile of HijackThis v1.99.0 Scan saved at 4:52:26 PM, on 07/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\hkcmd.exe C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\System32\aclui857.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Qjqyydl\Vrhm.exe C:\WINNT\system32\nsvsvc\nsvsvc.exe C:\WINNT\system32\picsvr\picsvr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rundll32.exe C:\program files\tvs\tvs_b.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE C:\WINNT\system32\vlnakp.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe C:\Program Files\BestPopUpKiller\BestPopupKiller.exe C:\WINNT\system32\drivers\KodakCCS.exe C:\WINNT\system32\w?auclt.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\sder\dees.exe C:\Program Files\Norton Internet Security Professional\NISUM.EXE C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton Internet Security Professional\SymPxSvc.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINNT\wanmpsvc.exe C:\Program Files\Norton Internet Security Professional\NISSERV.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AOL Companion\companion.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Norton Internet Security Professional\ATRACK.EXE C:\WINNT\System32\wbem\wmiapsrv.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe O4 - HKLM\..\Run: [OSS] C:\WINNT\system32\ossproxy.exe -boot O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [8249f2a3a346] C:\WINNT\System32\aclui857.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [SStb.exe] SStb.exe O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe O4 - HKLM\..\Run: [aMl] C:\windows\aMl.exe O4 - HKLM\..\Run: [wWFfCJ] C:\windows\wWFfCJ.exe O4 - HKLM\..\Run: [Phjay] C:\Program Files\Qjqyydl\Vrhm.exe O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe O4 - HKLM\..\Run: [kuitrc] C:\WINNT\System32\kuitrc.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Nsv] C:\WINNT\system32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [picsvr] C:\WINNT\system32\picsvr\picsvr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\elitediw32.exe O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe" O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [KavSvc] C:\WINNT\system32\vlnakp.exe reg_run O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe" O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O4 - HKCU\..\Run: [Anxzj] C:\WINNT\system32\w?auclt.exe O4 - HKCU\..\Run: [Ltho] C:\Program Files\sder\dees.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0g\aoltray.exe O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0e\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/do...ARKETING32.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.aol.com/netagen.../custappx2.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0018.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0019.exe O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Professional Service - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\NISSERV.EXE O23 - Service: Norton Internet Security Professional Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\NISUM.EXE O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Norton Internet Security Professional Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\SymPxSvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINNT\wanmpsvc.exe |
| ||
| Re: Major Popup Problem I hate to say this, but your HijackThis log looks like the Who's Who of Spyware Celebrities. :eek: Also, you are using an outdated version of HijackThis. Please download the latest version and use that from now on. Once you get the new version of HJT, please go through the general cleaning procedures below in order to get some/most of the "unwanted guests" off of your system: You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad. 1. Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can: http://www.kaspersky.com/scanforvirus.html http://housecall.trendmicro.com/ http://us.mcafee.com/root/mfs/default.asp?cid=9914 http://www.pandasoftware.com/active...n_principal.htm http://www.ravantivirus.com/scan/ http://www.bitdefender.com/scan/licence.php 2. Download, install, and run the following (free) detection and removal tools (use each program's online update function before running them to make sure you have the most current updates installed). After each utility completes its fixes, reboot before continuing on to the next utility; have the utilities fix all of the problematic/malicious items they find: ewido Security Suite - http://www.ewido.net/en/download/ Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en Ad Aware SE Personal - http://www.lavasoftusa.com/ SpyBot Search & Destroy - http://www.safer-networking.org/ 3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) - Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". - For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves): Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else! 1. Cookies 2. Local Settings\Temp 3. Local Settings\History 4. Local Settings\Temporary Internet Files - Delete the entire content of your C:\Windows\Temp folder. - Delete the entire content of your C:\Windows\Prefetch folder. Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK. - Empty your Recycle Bin. - Reboot normally. * After doing as much of the above as possible, please run HijackThis again and post a fresh log. |
| All times are GMT -4. The time now is 5:20 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC