Popups when i have no browsers open

Discussion in 'Computer Support' started by koolpost@hotmail.com, Aug 16, 2005.

  1. Guest

    Hi
    i was hoping that someone could help me out
    i seem to be getting a lot of popups when my browser is closed
    i have run spysweeper, spybot, ad-aware, microsoft antispyware and AVG
    all with up-to-date definitions and all reported back as being fine.
    my messenger service is disabled and my windows firewall is up and
    running.
    i have also checked in my ad/remove for any dodgy looking programs but
    couldnt find any as well as msconfig to check start up and services but
    i didnt really know what i was looking for in there.

    i was just wondering if anyone has any other ideas i could follow or
    try?
    any help would be greatly appreciated
    Thanks a lot
    Jay
     
    , Aug 16, 2005
    #1
    1. Advertising

  2. pcbutts1 Guest

    Download, install, update and run all of the following.


    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe


    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it.

    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > Hi
    > i was hoping that someone could help me out
    > i seem to be getting a lot of popups when my browser is closed
    > i have run spysweeper, spybot, ad-aware, microsoft antispyware and AVG
    > all with up-to-date definitions and all reported back as being fine.
    > my messenger service is disabled and my windows firewall is up and
    > running.
    > i have also checked in my ad/remove for any dodgy looking programs but
    > couldnt find any as well as msconfig to check start up and services but
    > i didnt really know what i was looking for in there.
    >
    > i was just wondering if anyone has any other ideas i could follow or
    > try?
    > any help would be greatly appreciated
    > Thanks a lot
    > Jay
    >
     
    pcbutts1, Aug 16, 2005
    #2
    1. Advertising

  3. relic Guest

    wrote:
    > Hi
    > i was hoping that someone could help me out
    > i seem to be getting a lot of popups when my browser is closed
    > i have run spysweeper, spybot, ad-aware, microsoft antispyware and AVG
    > all with up-to-date definitions and all reported back as being fine.
    > my messenger service is disabled and my windows firewall is up and
    > running.
    > i have also checked in my ad/remove for any dodgy looking programs but
    > couldnt find any as well as msconfig to check start up and services
    > but i didnt really know what i was looking for in there.
    >
    > i was just wondering if anyone has any other ideas i could follow or
    > try?
    > any help would be greatly appreciated
    > Thanks a lot
    > Jay


    Free Pest Patrol scan:
    http://home.ca.com/dr/v2/ec_main.en...lient=ComputerAssociates&sid=35715&CID=190323
     
    relic, Aug 17, 2005
    #3
  4. Guest

    Hi i installed the Ewido suite and updated and it did find some cookies
    so i delted them however i have had popups through again to day, its
    was from monster market place if that is any help?

    any way i ran hijackthis

    here is the log

    Logfile of HijackThis v1.99.1
    Scan saved at 19:27:24, on 17/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\windows\system32\ngpw36.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    www.google.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    www.google.co.uk
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper -
    {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar1.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer -
    {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program
    Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common
    Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia
    PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program
    Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=www.google.co.uk
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120424009013
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{7BA116E0-CCBB-44D5-B278-CFDD8740D2BC}:
    NameServer = 192.168.1.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks -
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program
    Files\ewido\security suite\ewidoguard.exe
    O23 - Service: GEARSecurity - GEAR Software -
    C:\WINDOWS\system32\gearsec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown
    owner - C:\WINDOWS\system32\UAService7.exe



    Thanks Jay
     
    , Aug 17, 2005
    #4
  5. pcbutts1 Guest

    From safe mode have hijackthis fix the following lines.

    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > Hi i installed the Ewido suite and updated and it did find some cookies
    > so i delted them however i have had popups through again to day, its
    > was from monster market place if that is any help?
    >
    > any way i ran hijackthis
    >
    > here is the log
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 19:27:24, on 17/08/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
     
    pcbutts1, Aug 17, 2005
    #5
  6. Plato Guest

    Plato, Aug 20, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martijn
    Replies:
    21
    Views:
    1,341
  2. jimmie
    Replies:
    1
    Views:
    822
    The-Wisest-One
    Feb 26, 2006
  3. Knowledge
    Replies:
    26
    Views:
    1,336
    Knowledge
    Jan 29, 2007
  4. Big-Dog

    Security with Open source browsers ...

    Big-Dog, Apr 21, 2005, in forum: NZ Computing
    Replies:
    38
    Views:
    895
    FreedomChooser
    Apr 29, 2005
  5. richard

    Do OE emails open with browsers? crosspost

    richard, Nov 12, 2010, in forum: Computer Support
    Replies:
    61
    Views:
    1,837
    Desk Rabbit
    Nov 15, 2010
Loading...

Share This Page