Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > pop up ads

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

pop up ads

Reply to Message Icon

Name: smitty1811
Date: November 22, 2004 at 19:28:13 Pacific
OS: me
CPU/Ram: celeron
Comment:

I keep getting popup ads even when I am off line. I noticed that mypcsearch and second thought icons were on my desktop. I ran spybot but, no luck, still those pesky ads. Any suggestions? I have a HJT log if anyone wants to take a look at it. Thanks for the help.



Sponsored Link
Ads by Google

Response Number 1
Name: HiJinx
Date: November 23, 2004 at 00:23:07 Pacific
Reply:

Try posting your log to Spywarewarrior.com. They're very experienced at dealing with logs there.

You should also scan with Ad-Aware before posting your log there (you can get it at download.com).


0

Response Number 2
Name: fordman
Date: November 23, 2004 at 13:35:22 Pacific
Reply:

NO, for hijackthis logs go to www.hijackthis.de. You also need to get Spybot from www.safer-networking.com. Here is the best place for spyware. That's not a browser hijacking really either.

Always looking for techs:
http://www.protonic.com/volunteer.php?PHPSESSID=25e06d90d2153c5e0b49d9c798c3024d


0

Response Number 3
Name: HiJinx
Date: November 23, 2004 at 15:56:47 Pacific
Reply:

NO, for hijackthis logs go to www.hijackthis.de

Have to disagree on that one. It's much better to have actual, experienced people help with a log rather than just relying on some automated script. Many things can't be resolved by HijackThis alone. Removing registry entries won't last if the malware just puts them right back again. Simply removing entries also does not help in getting rid of the files that remain on the computer. The automated check does not refer users to removal programs or methods, and it also flags a lot of legitimate entries as unknown or 'possibly nasty'. This can be confusing to new users at best, dangerous at worst.

The automated checker can be of limited use, but you'd have a hard time making a case that it's better than getting advice from someone who really knows what they're doing.


0

Response Number 4
Name: fordman
Date: November 24, 2004 at 13:38:39 Pacific
Reply:

True. But, if I got sent a hijackthis letter than I would have of went to hijackthis.de and told them what to delete. Not too good for newbies, this is true.

You can even post it here, on computing.net!!!

Always looking for techs:
http://www.protonic.com/volunteer.php?PHPSESSID=25e06d90d2153c5e0b49d9c798c3024d


0

Response Number 5
Name: smitty1811
Date: November 30, 2004 at 21:38:04 Pacific
Reply:

Thanks for the reponses. I ran the usuals, ad-aware,spybot etc. to no avail. Now I ca'nt even downoad videos because some pop up by second thought appears. Could somebody please look at my hijack this log and giveme some expert advise. Thanks again.


0

Related Posts

See More



Response Number 6
Name: smitty1811
Date: November 30, 2004 at 21:39:59 Pacific
Reply:

Here is my hijack this log i forgot to post.
Logfile of HijackThis v1.98.2
Scan saved at 12:17:52 AM, on 12/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\LEXBCES.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.exe
C:\COMPAQ\CPQINET\CPQINET.exe
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.exe
C:\CPQS\BWTOOLS\SCCENTER.exe
C:\WINDOWS\SYSTEM\PRINTRAY.exe
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.exe
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.exe
C:\WINDOWS\SYSTEM\HPZTSB05.exe
C:\WINDOWS\SYSTEM\HPHMON04.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.exe
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.exe
C:\PROGRAM FILES\CSBB\CSV7P070.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\VMHM16.exe
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.exe
C:\WINDOWS\SYSTEM\HIDSERV.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.exe
C:\WINDOWS\SYSTEM\VFWFG32.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\WINDOWS\COMPAQ\EREG\REMIND32.exe
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.exe
C:\WINDOWS\SYSTEM\HPHIPM11.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.exe
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.exe
C:\PROGRAM FILES\CXTPLS\CXTPLS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UHLQNQH8\HIJACKTHIS19802[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.exe
O4 - HKLM\..\Run: [CSV7P70] \Progra~1\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [r83R36X] VMHM16.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\default\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\default\Client\HelpExp.exe
O4 - HKCU\..\Run: [azs5RWbmQ] VFWFG32.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Reminder-cpq40601.lnk = C:\WINDOWS\Compaq\Ereg\Remind32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab



0

Response Number 7
Name: fordman
Date: December 1, 2004 at 19:41:45 Pacific
Reply:

Delete the following:

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL

O4 - HKLM\..\Run: [SystemTray] SysTray.exe

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\default\HXIUL.exe

O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\default\Client\HelpExp.exe

There you go!!!

Always looking for techs:
http://www.protonic.com/volunteer.php?PHPSESSID=25e06d90d2153c5e0b49d9c798c3024d


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: pop up ads
some pop-up ads evading my blocker www.computing.net/answers/security/some-popup-ads-evading-my-blocker/5372.html

pop up ads before browsing, how? www.computing.net/answers/security/pop-up-ads-before-browsing-how/3684.html

Pop-up Ads not stoping www.computing.net/answers/security/popup-ads-not-stoping/10470.html