Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: getting pop-up ads

Original Message
Name: shaunprice
Date: May 3, 2008 at 18:49:31 Pacific
Subject: getting pop-up ads
OS: Windows XP SP2
CPU/Ram: AMD 64 X2 DUAL 2.21GHZ/89
Model/Manufacturer: Gateway
Comment:
I've scanned with Adaware, Spybot S&D, and Nod32 and found trojans which were deleted. We are still getting pop-ups, and the computer is acting slow. Can anyone help us please. I can post a hijackthis log if needed

Report Offensive Message For Removal

Response Number 1
Name: scooter
Date: May 3, 2008 at 20:19:57 Pacific
Subject: getting pop-up ads
Reply: (edit)
Yes please post your log

Scooter D


Report Offensive Follow Up For Removal

Response Number 2
Name: XpUser4Real
Date: May 4, 2008 at 07:48:03 Pacific
Subject: getting pop-up ads
Reply: (edit)
did you try turning the IE pop-up stopper to the highest setting to see if they stopped? Are these pop-ups maybe messenger pop-ups?

Also, if the trojans are in your restore...it will be best to turn off system restore and then scan.

Spyware blaster will help you and I would probably use FREE winpatrol to see what is running on your PC in the addons as well as IE helpers.
Cleaner slim is real good to clean out excess junk on your PC. You can find these great freebies all listed on one page with basic instructions in my sig link.

A good free on-line scan to run is:
http://www.spywareinfo.com/xscan.php
remove all it finds

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report Offensive Follow Up For Removal

Response Number 3
Name: shaunprice
Date: May 4, 2008 at 15:45:44 Pacific
Subject: getting pop-up ads
Reply: (edit)
Scooter, thanks. Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:39 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel....
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage....
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage....
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage....
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=mi...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=mi...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM9fe731fe] Rundll32.exe "C:\WINDOWS\system32\qwfxnhsc.dll",s
O4 - HKLM\..\Run: [9cd40262] rundll32.exe "C:\WINDOWS\system32\fxxmkoda.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/Co...
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.playfirst.com/play/game/...
O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5058 bytes


Report Offensive Follow Up For Removal

Response Number 4
Name: brokencrow
Date: May 5, 2008 at 02:14:14 Pacific
Subject: getting pop-up ads
Reply: (edit)
You can delete these:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [BM9fe731fe] Rundll32.exe "C:\WINDOWS\system32\qwfxnhsc.dll",s
O4 - HKLM\..\Run: [9cd40262] rundll32.exe "C:\WINDOWS\system32\fxxmkoda.dll",b
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

You might also download and run Ccleaner to clear out the temp files and folders.

www.computerselfdefense.com


Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: getting pop-up ads

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Version Tracker Pro
Keep your software current and secure, effortlessly
Click Here for a Free Scan

Driver Agent
Automatically find the latest drivers for your computer.
 Click Here for a Free Scan

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC