0

Yea I need some help I've run spybot, adaware, and norton. I have a hijack log if you want to see it then ask.

Still however, I leave my comp and come back to find the same pop ups everytime.

5
Contributors
10
Replies
11
Views
13 Years
Discussion Span
Last Post by steosaur(oWn)
0

Why don't you get google tool bar it might just finish off the rest of those pop ups for yah.. it's build into the browser. try it out.

0

Logfile of HijackThis v1.97.7
Scan saved at 6:23:05 PM, on 2/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Steven\Application Data\cacp.exe
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe

0

what kind of popups are they . 2 things in you log that look suspicious

O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Steven\Application Data\cacp.exe
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe
can't find any info on them and that makes them suspicious,do you ahve any idea what they are

0

what kind of popups are they . 2 things in you log that look suspicious

O4 - HKCU\..\Run: [Lerm] C:\Documents and Settings\Steven\Application Data\cacp.exe
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe
can't find any info on them and that makes them suspicious,do you ahve any idea what they are

CACP.EXE is OK, I checked it out earlier. wnsapisv.exe is suspect, however. I have not found anything by searching on it and the filename sounds a bit dangerous.

At the very least, you should download and run the following utilities from Gibson Research: DCOMbob.exe, ShootTheMessenger.exe, and uPNP.exe. The first one shuts off the DCOM/RPC function that Blaster/Nachi/Welchia uses to infect systems, the second shuts off the Messenger service (which is not the same as AIM, MSN Messenger. or Yahoo! Messenger) to prevent spam pop-ups (and is likely giving you your problems), and the third turns off Universal Plug-and-Play, a security risk. All of these procedures are reversible, of course.

0

Well there are two pop ups I keep seeing one is a window that says "Stop Pop Ups!" also i get a lot of those promtps to install somthing/trust this company? Sometimes I get the right click menu of the desktop, then sometimes they are just blank windows with an address. Some of these will let me copy their shortcuts. Then i get the generic advertising ones also. It seems like there is a "set" of these pages b/c after so long they repeat

I ran unplugandplay but not dcom b/c i wanted to let you know im on a campus network and is it still a good idea? The shootmessanger said mine was already disabled also.

P.S. I've uploaded two text files, a list of my start ups, and a list of running processes. A couple of the names are unfamilar to me (carpserv.exe, ccApp.exe, ccEvtMgr.exe, csrss.exe, and lsass.exe)

P.S.S. this is in my prefetch PURITYSCAN.EXE-0299F40C.pf
it is installed onmy comp, i opened it and used the link it provided to uninstall it, says it was uninstalled but there's still a folder and that ^ file (i dont recall downloading PURITY SCAN

Attachments
Item,Value,Section

AdaptecDirectCD,"""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe""","Registry - Machine Run"

AIM,"C:\Program Files\AIM\aim.exe -cnetwait.odl","Registry - User Run"

ATIModeChange,Ati2mdxx.exe,"Registry - Machine Run"

ATIPTA,"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe","Registry - Machine Run"

CARPService,carpserv.exe,"Registry - Machine Run"

ccApp,"""C:\Program Files\Common Files\Symantec Shared\ccApp.exe""","Registry - Machine Run"

ccRegVfy,"""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe""","Registry - Machine Run"

Cpqset,"C:\Program Files\HPQ\Default Settings\cpqset.exe","Registry - Machine Run"

"Display Settings","C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s","Registry - Machine Run"

"Microsoft Office.lnk","C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l","Startup - All Users"

MSMSGS,"""C:\Program Files\Messenger\msmsgs.exe"" /background","Registry - User Run"

PreloadApp,"c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d","Registry - Machine Run"

QT4HPOT,"C:\Program Files\HPQ\One-Touch\OneTouch.EXE","Registry - Machine Run"

"QuickTime Task","""C:\Program Files\QuickTime\qttask.exe"" -atboottime","Registry - Machine Run"

srmclean,C:\Cpqs\Scom\srmclean.exe,"Registry - Machine Run"

SynTPEnh,"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","Registry - Machine Run"

SynTPLpr,"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe","Registry - Machine Run"
0

Those are all good windows files .the carpserve one is associated with your a Zoltrix modem ,ccApp.exe ,and ccEvtMgr.exe are norton ,csrss.exe is client server releated .lsass.exe is legit system file ,but some can be virus releated if they are in the wrong folder,it gets complicated !!.If you are worried about viruses run a online virus scan .
http://housecall.trendmicro.com/

And this [popups about popup and how to get rid of them .]can be stopped by getting stop the messenger fro the GRC site mentioned in TallCool1 post

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.