Being pestered by popups / word lastig gevallen door popups.

Discussion in 'Computer Support' started by Martijn, Nov 1, 2004.

  1. Martijn

    Martijn Guest

    I'm being pestered by popups. Some adware installed on my PC launches
    an Advertising_Loading_Window and this launches ads at a regular
    interval. Running Adsgone popup software only works partially. Adaware
    and Spybot S&D don't work.

    Below is my HijackThis log.

    Can anyone here help? Thank you!

    Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
    Advertising_Loading_Window en deze lanceert reclame popups zo nu en
    dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
    alle. Adaware en Spybot S&D helpen totaal niet.

    Onderstaand staat mijn HijackThis log.

    Kan iemand helpen? Bij voorbaat dank!

    Logfile of HijackThis v1.97.7
    Scan saved at 1:57:12 AM, on 11/1/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\slserv.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\CTHELPER.EXE
    C:\WINNT\anvshell.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
    C:\WINNT\iexplore.exe
    C:\Program Files\Picasa\PicasaMediaDetector.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\AnalogX\MaxMem\maxmem.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\tinus\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = 24.232.241.94:80
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio -
    {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program
    Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
    Mouse\5.3\MOUSE32A.EXE
    O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
    Files\Picasa\PicasaMediaDetector.exe
    O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
    O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
    Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AdsGone 2003.lnk = C:\Program
    Files\AdsGone\adsgone.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
    C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    present
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {10000000-1000-0000-1000-000000000000} -
    ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
    (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
    NameServer = 194.109.104.104,194.109.6.66
     
    Martijn, Nov 1, 2004
    #1
    1. Advertisements

  2. Martijn

    Toolman Tim Guest

    Yeah? You seem to have a virus too...
    http://securityresponse.symantec.com/avcenter/venc/data/mhtmlredir.exploit.html
     
    Toolman Tim, Nov 1, 2004
    #2
    1. Advertisements

  3. Martijn

    Max of Mad Guest

    Try removing the DPF's.

    The first one looks like it might do a redirect.. The POP might have
    something to do with it.

    The second one looks like it is for MSN messenger.. It might be ok to
    leave this one.

    The third one looks ok too. If you don't use online storage, then
    delete it.

    The last one looks fishy. It looks like it forces your computer to use
    new name servers.


    Update Spybot. Use the latest version and make sure you have the latest
    updates.

    Try AdAware 6 as well.

    -Posted to 24hoursupport.helpdesk-
     
    Max of Mad, Nov 1, 2004
    #3
  4. Martijn

    CalamityKen Guest

    Martijn typed:
    <snip good stuff>

    Pop ups come from many places.
    Download the latest v1.98.2 version of HijackThis:
    http://aumha.org/downloads/hijackthis.exe
    or
    http://tools.radiosplace.com/HijackThis.exe
    Important: Create a folder on the C: drive called C:\HJT.
    You can do this by going to My Computer (Windows key+e) then double click on
    C: then right click and select New then Folder and name it HJT.

    Move HijackThis.exe into this folder as you do not want the HijackThis
    backup logs all over your My Documents folder.

    When you run HijackThis from C:\HJT folder by double clicking on it and have
    it "Fixed checked" it will create a backup file of modifications to use if
    restore is necessary.
    Go to Add/Remove Programs and uninstall AdsGone.
    The Google Toolbar is a much better pop up stopper and uses less system
    resources.
    Read further for more ad busting tips.
    Big system resource waster and is un-necessary.
    Install the prevention protection below and help your friends from being
    infected on the Internet.

    Empty the Recycle Bin.

    The Temp folders should be cleaned out periodically as installation programs
    and hijack programs leave a lot of junk there.
    Index.dat Suite helps with this.
    http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

    Insure that Index.dat Suite is Setup to empty the Temp folders especially
    C:\Documents and Settings\{user}\Local Settings\Temp
    then run the Find and create the run.bat and reboot to have it remove what
    it finds.

    {user} is the tinus User Account ID.
    Removal of infections and prevention protection should be installed on ALL
    User Account IDS.

    Download and install WinPatrol.
    http://www.winpatrol.com

    Browser settings for increased security:
    http://bshagnasty.home.att.net/browsersettings.htm

    Install IE-SPYAD then run the install.bat in the ie-spyad folder and
    SpywareBlaster then keep them up to date as today's Internet is full
    of nasty infections.
    https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
    http://www.javacoolsoftware.com/spywareblaster.html

    Install an ad blocking HOSTS file. I use hpHOSTS file.
    http://webpages.charter.net/hpguru/hosts/hosts.html
    Review the README for installation information.
     
    CalamityKen, Nov 1, 2004
    #4
  5. Clean the virus you have dummy
    http://securityresponse.symantec.com/avcenter/venc/data/mhtmlredir.exploit.html


     
    Trai' La' Trash, Nov 1, 2004
    #5
  6. Martijn

    Rudolpho Guest

    Max of Mad schreef:
    Dit zijn de DNS servers van XS4all. Die zijn zeker niet verdacht! Zie:
    http://www.xs4all.nl/helpdesk/algemeen/servers.html
     
    Rudolpho, Nov 1, 2004
    #6
  7. A thief believes everybody steals.

    --
    Lady Chatterly

    "You need to adjust your code a bit Lady C. Looks like you have the
    word "you: caught in a loop. I makes the above statement
    incomprehensable." -- Crawdad
     
    Lady Chatterly, Nov 1, 2004
    #7
  8. Every dog hath its day.
     
    Lady Chatterly, Nov 1, 2004
    #8
  9. Martijn

    FakeMail Guest

    FakeMail, Nov 1, 2004
    #9
  10. Martijn

    Rudolpho Guest

    Lady Chatterly schreef:
    /| /|
    ||__||
    / O O\__
    / \
    / \ \
    / _ \ \
    / |\____\ \
    / | | | |\____/
    / \|_|_|/ | _ ---------------------
    / / \ |____| || | Gelieve niet de |
    / | | | --| | trollen te voeren |
    | | | |____ --| | Dank u wel. |
    * _ | |_|_|_| | \-/ ---------+-+---------
    *-- _--\ _ \ | | |
    / _ \\ | / | |
    * / \_ /- | | | | |
    * ___ c_c_c_C/ \C_c_c_c____________________|_|__________
     
    Rudolpho, Nov 1, 2004
    #10
  11. #####################
    #Please DO NOT FEED#
    # the trolls #
    ####################
     
    christinA eijkhout, Nov 1, 2004
    #11
  12. Martijn

    John Henry Guest

    ############################
    # Please DO NOT RMGROUP #
    # the entire ALT hierarchy #
    ############################
     
    John Henry, Nov 1, 2004
    #12
  13. Martijn

    Free Speech Guest

     
    Free Speech, Nov 1, 2004
    #13
  14. Martijn

    Free Speech Guest

     
    Free Speech, Nov 1, 2004
    #14
  15. Martijn

    zippy do da Guest

    also emove thoses no name things and odd web addresses you don't visit
    in the logs as well.
     
    zippy do da, Nov 2, 2004
    #15
  16. Martijn

    Fred Guest

    Would you hire someone smarter than you?
     
    Fred, Nov 2, 2004
    #16
  17. Martijn

    Fred Guest

    You represent nothing and nobody.
     
    Fred, Nov 2, 2004
    #17
  18. Indeed. Quite sad, isn't it?
     
    Lady Chatterly, Nov 2, 2004
    #18
  19. Martijn

    Free Speech Guest

    I always have no equal in debate!!!!!

    Lying bot!
    Not you, fag.
     
    Free Speech, Nov 2, 2004
    #19
  20. Martijn

    Free Speech Guest

    Do hand her toilet paper, faggot!
     
    Free Speech, Nov 2, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.