Member Avatar for sidoe

Hello My friend's computer has been overly popup friendly lately he gets about 7 popups per 2-3 mins. He has run adaware and Spybot but he is still having this problem. Please review his log and let me know what if anything he should remove. Thank you

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\PestPatrol\ppRemoteService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Logitech\system\em_exec.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\S4F\filter7.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.phbclife.org/templates/default.asp?id=24278
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: U.S.Robotics WLAN Adapter Configuration Utility.lnk =
C:\Program Files\USR WLAN\USR 22Mbps WLAN Adapter\USRWLAN.exe
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computers-etc.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template
and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  • 2 Contributors
  • 4 Replies
  • 157 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by caperjack

Recommended Answers

All 4 Replies

Member Avatar for caperjack

You are missing the very top of the log that tell us what OS they are running and what version of hijackthis ,ect ect
and i don't see anythin that would be causin popups .
If the top of the log was there i would know the OS ,what version of windows are they using .

Member Avatar for sidoe

Logfile of HijackThis v1.97.7
Scan saved at 8:40:50 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Here it is sorry bout that.

You are missing the very top of the log that tell us what OS they are running and what version of hijackthis ,ect ect
and i don't see anythin that would be causin popups .
If the top of the log was there i would know the OS ,what version of windows are they using .

Member Avatar for caperjack

Well if the cause is in that log I don't see it ,only thing i can think is maybe it the messenger process service[not msn messenger ] get them yo download and run this to stop it if it running .
http://www.grc.com/stm/shootthemessenger.htm

Member Avatar for caperjack

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

You could have them fix these 2 rescource hoggs ,not malware ,but a suggested fix

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.