endless pop ups

Computing.Net > Forums > Security and Virus > endless pop ups

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

endless pop ups

Name: coreo57
Date: January 29, 2004 at 07:44:37 Pacific
OS: XP Home
CPU/Ram: 400/256

Comment:

I somehow downlaoded a pop program that loads on windows startup. I have tried Spybot and Adaware but have not been able to get rid of it. Below is the HijackThis log. Hopefully someon can tell me what i need to do.
Logfile of HijackThis v1.97.7
Scan saved at 9:35:36 AM, on 1/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\JAWS50\JHookLdr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\Wms09TH.exe
C:\WINDOWS\System32\Wms09TH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\George\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [3FQGBC75AY46F5] C:\WINDOWS\System32\Cjo9g.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD75BC5-5A77-4CD1-8FC4-8F2BA141A273}: NameServer = 207.230.192.251 209.142.152.253

Thanks for your help

Sponsored Link

Ads by Google

Response Number 1

Name: mark2a
Date: January 29, 2004 at 10:39:56 Pacific

Reply:

You have a peper trojan infection
Go to http://www.memorywatcher.com/uninst.exe and download the uninstall.exe, double click and run it. It may require access past your firewall, allow it access.
Allow it to run and terminate.
Then reboot and post a fresh Hijackthis log, other than peper there's nothing suspicious that I see.

Response Number 2

Name: coreo57.
Date: February 4, 2004 at 13:43:16 Pacific

Reply:

I have tried running uninst.exe several times but it seems to close befre completeing. Here is the log after restarting.
Logfile of HijackThis v1.97.7
Scan saved at 3:31:28 PM, on 2/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\AktB238.exe
C:\WINDOWS\System32\Wms09TH.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\George\Desktop\HijackThis.exe
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [3FQGBC75AY46F5] C:\WINDOWS\System32\Cjo9g.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD75BC5-5A77-4CD1-8FC4-8F2BA141A273}: NameServer = 207.230.192.251 209.142.152.253

Response Number 3

Name: mark2a
Date: February 4, 2004 at 23:43:28 Pacific

Reply:

There's a new tool,
http://www.broadbandmedic.com/download/VbStuff/PeperFix.exe
Might be worth a try?

Sponsored Link

Ads by Google

you were logged on but have not been validated by a server crypserv.exe msimn.exe download msimn uninst.isu live pop settings uninstall.exe devldr32.exe res://C:\Program Files\Outlook Express\msoeres.dll/frntpage.htm devldr32.exe	i keep getting random pop ups windows installer keeps popping up windows installer pop up problem windows vista pop up blocker work offline keeps popping up windows media player keeps popping up how to stop trend micro pop up how can i stop pop ups on my computer work offline message keeps popping up pop up message in access
See More

Trojan horse Downloader.d...

New IE flaw

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: endless pop ups

Endless pop-ups - Help!

Summary

www.computing.net/answers/security/endless-popups-help/21347.html

Pop Up Problem

Summary

www.computing.net/answers/security/pop-up-problem/18958.html

Annoying pop ups! Can't Fix

Summary

www.computing.net/answers/security/annoying-pop-ups-cant-fix/18150.html

From the Geek Dictionary
Mephy Run - A way to find items in Diablo 2 LOD. Most effective when ran over and over...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Unable to connect to 192.168.0.1

malicious program

Foxpro 2.6

Missing subfolders

upgrade my Dell Inspiron 640 laptop RAM

All Awaiting Reply

Tom's News
Verizon: iPhone is Digitally Clueless Beauty Queen

Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE