Results 1 to 7 of 7

Thread: hi im getting pop ups pls help me

  1. #1
    OptiBoard Novice
    Join Date
    Dec 2006
    Location
    england
    Occupation
    Consumer or Non-Eyecare field
    Posts
    4

    Confused hi im getting pop ups pls help me

    ive tried ad aware spybot and afew others pls help me get rid thanx
    lordy
    Logfile of HijackThis v1.99.1
    Scan saved at 02:20:07, on 17/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ntl\ntl Netguard\fws.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\essspk.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ntl\ntl Netguard\RPS.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\keith\Desktop\utorrent torrents\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [usercashblahstore] C:\Documents and Settings\All Users\Application Data\Movetestusercash\New bias.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [STUPIDITCH] C:\DOCUME~1\keith\APPLIC~1\01MANA~1\Live thunk ante.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\keith\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C18590B-F957-42FC-BDF2-9BD87147F191} (WebCamX Control) - http://live.dss.com.tw/WebCamX.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/W...gPublisher.exe
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

  2. #2
    Rising Star
    Join Date
    Jun 2006
    Location
    behind you
    Occupation
    Optical Laboratory Technician
    Posts
    84
    I was going to be goofy and tell you that "iexplore.exe" is a known spyware application and you should remove all traces from your system, but two things jumped out:

    O4 - HKLM\..\Run: [usercashblahstore] C:\Documents and Settings\All Users\Application Data\Movetestusercash\New bias.exe
    Can't find much about this program anywhere other than here, but they seem to feel that it's a "threat process".

    The other two I'd strongly recommend uninstalling/getting rid of generally are:

    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirate...GameLoader.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    So much of that freebie and cheap software has nasty little junkware built into it. Those may not be your culprits, but they're probably not helping. avast! is a very thorough scanner you may want to try out, too, since Spybot and Ad-Aware aren't catching whatever it may be.

    Lastly, stop using Internet Explorer, stop using Internet Explorer, and finally, stop using Internet Explorer. Oh, and stop using Internet Explorer. Firefox is a great (and FREE) alternative, and will work with 99.99999% of sites you'll be visiting, and less apt to get infected and fouled up with all the junk out there. Plus you get tabbed browsing, useful extensions, and GreaseMonkey scripts.

  3. #3
    OptiBoard Novice
    Join Date
    Dec 2006
    Location
    england
    Occupation
    Consumer or Non-Eyecare field
    Posts
    4

    thanx

    thanx alot im just gonna try

  4. #4
    OptiBoard Novice
    Join Date
    Dec 2006
    Location
    england
    Occupation
    Consumer or Non-Eyecare field
    Posts
    4
    Quote Originally Posted by lordy25 View Post
    thanx alot im just gonna try
    deleted the ones yo said but no cigar still havnt stopped but still thanx mate:cheers:
    also do i need ie7 anymore or do i delete it?
    because this problem only started when i downloaded ie7 thanx again lordy
    Last edited by lordy25; 12-17-2006 at 12:30 AM.

  5. #5
    Rising Star
    Join Date
    Jun 2006
    Location
    behind you
    Occupation
    Optical Laboratory Technician
    Posts
    84
    O4 - HKCU\..\Run: [STUPIDITCH] C:\DOCUME~1\keith\APPLIC~1\01MANA~1\Live thunk ante.exe
    This shows up here too, so get rid of it. You may want to follow the removal instructions on that page also, because it looks like lop.com has just gotten nastier with age. The good news is that they provide a removal tool. Run that, scan with Spybot/Ad-Aware (and avast!) and post another Hijack This dump.

    Second, don't bother uninstalling IE7 (it probably won't let you anyway), just download FF and stop using IE completely. The only sites you'll have anything more than passing trouble accessing using Firefox are (surprise!) MS-heavy sites like Exchange IMAP e-mail setups, but if you're not using a large corporate e-mail system, it will likely never be an issue. The chief bonus (among the many enumerated above) is that you'll be massively more protected from scumware installing itself automatically while you're not looking.

  6. #6
    Master OptiBoarder Cindy K's Avatar
    Join Date
    Sep 2000
    Location
    Upper Fraser Valley, BC
    Occupation
    Dispensing Optician
    Posts
    567
    Pardon my ignorance, but I've never used nor had installed a browser other than IE.

    What exactly is the difference between FireFox and IE? Does FF have better security controls? Loading speed? User features? I've been on their website but these questions really aren't addressed.

  7. #7
    Rising Star
    Join Date
    Jun 2006
    Location
    behind you
    Occupation
    Optical Laboratory Technician
    Posts
    84
    Firefox is an open-source web browser, based very loosely on the internals of Netscape. Firefox differs from Netscape in that it removes most of the latter's feature bloat while keeping the same rendering engine, called Gecko. Being open-source, you can also get under the hood, so to speak, and make custom changes to the software. If the change is good and useful enough, you can submit it back to the Firefox people, and it can potentially be a new feature in a future build.

    From a user standpoint, it's little different from Internet Explorer. You view web pages with it. However, it's significantly more secure than IE because Microsoft has decided that it was a wise idea to root IE deeply into the operating system. This is great, because you can have the same "feel" navigating your computer as you do on the Internet. But the issue arises in that it's not a very secure browser, so malicious programs can easily go from messing up IE to really playing havoc with the whole system.

    Also, until the very recent release of IE 7, there's been little to no development of Internet Explorer really since version 5, which was released...six years ago? In the meantime, Firefox (and Opera, Konqueror, Mozilla, Netscape and Safari) have been adding new functions and features and generally being better at everything than IE.

    The other problem with IE is that Microsoft has decided to render web pages the way they'd like to, rather than how the W3C has collectively decided. Because IE is still the dominant browser, "breaking" sites by promoting IE-only code that no other browser will render correctly gives people the erroneous impression that IE is the only browser that works correctly, when in fact the opposite is true.

    So far, we have security and standards-compliance as the two things FF does better. The other nifty feature is extensions. These are programs that live inside Firefox, for lack of a better term, and "extend" the functionality of the browser by adding new features. The most popular include Adblock, Mouse Gestures (you haven't lived until you've seen mouse gestures in action), Flashblock, Session Saver, and Greasemonkey scripts. There are literally thousands of extensions you can install to totally customize your browser. Take a look.

    The other great function is Tabbed Browsing. What this does is rather than opening one browser window for each page you're viewing, it opens the page in its own "tab" (much like the Windows Taskbar, but inside the browser window), so you can easily have four or five (or twenty) pages open with only one window on the desktop.

    I could go on, but I'm getting tired of typing.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •