Pop-ups that aren't going away

August 31, 2012 at 10:01:13
Specs: Windows 7 32 bit
Ok, over that past few weeks I've been getting a popup every once in awhile when I click on an area in my browser, or go to a link on a related video in youtube etc. It's just simple adware I'm guessing but the fact I've done full scans with Norton, SuperAntiSpyware (free), Spybot S&D, and MalwareBytes and they haven't helped is depressing.

I use Google Chrome and I don't go on shady sites and download verified only files.


See More: Pop-ups that arent going away

Report •


#1
August 31, 2012 at 10:34:18
Run hijack this & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
August 31, 2012 at 10:49:34
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:47 AM, on 8/31/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\David\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\David\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/p...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10509 bytes


Report •

#3
August 31, 2012 at 11:15:54
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/p...

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

There is no reason for those ^^ to being running all the time. Once Flash is installed, that should be it. The same thing goes for all the google updates in O23. I like to decide when to update.

Besides that, I really don't see anything wrong. However, toolbars & their associated BHOs are insecure & that's where your peoblem could be. It's up to you but I would uninstall all toolbars.

The last thing is:
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

Did you install it & do you use it? If not, delete that too.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
August 31, 2012 at 12:47:11
C:\Windows\system32\Dwm.exe

you may wish to consider removal of this as well

http://www.systemlookup.com/search....

:: mike


Report •

#5
August 31, 2012 at 14:25:21
How does any of this relate to fixing my pop ups

Report •

#6
August 31, 2012 at 16:50:11
'How does any of this relate to fixing my pop ups'
If the above doesn't help....try this:
Try running these 3 progs in EXACTLY the order listed and fix all they find and don't reboot until after the last scan
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://support.kaspersky.com/faq/?q...
3- malwarebytes
http://www.filehippo.com/download_m...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#7
August 31, 2012 at 18:03:07
Toolbars & related BHOs can easily be related to pop-ups. I personally don't like automatic updates either. You don't know where you are being sent.

How do you know when a politician is lying? His mouth is moving.


Report •

#8
September 1, 2012 at 09:33:36
Well don't have any of toolbars on my chrome.
Only exception is Adblock and Avast web rating. But those are perfectly safe.

Report •

#9
September 1, 2012 at 09:50:25
Ok ran tdss killer and it removed a nasty file hopefully that's it.

Report •

#10
September 1, 2012 at 10:32:13
What was the name of the file?

BTW, you have toolbars running somewhere. They wouldn't have appeared in Hijack This otherwise.

How do you know when a politician is lying? His mouth is moving.


Report •

#11
September 1, 2012 at 14:17:18
did you run ALL 3 in the EXACT order as listed? I see you say you ran tdss killer....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#12
September 1, 2012 at 16:05:17
To guapo: I checked my toolbars in Chrome by going to the wrench in top-right and went to Tools, then I went to extensions. I assume thats where you'd have me look and then I removed a unfamiliar I guess toolbar. whats left is the avast webrating and Adblock. (I don't remember the file name but didn't seem to help anyway).

To XpUser4Real: I ran Rkill.exe and it didn't find anything. Then I ran tdss killer and it found something and removed it. I did a scan with malwarebytes (before you posted) and it found nothing so there you have it.

Something interesting was found with Avast. If I remember the file name it was something along the lines of js.redirecter which seems exactly like my problem when I click a link that gets redirected to a Ad.


Report •

#13
September 1, 2012 at 16:06:29
This seems to be what I found.
http://www.f-secure.com/v-descs/tro...

And Avast claims it deleted it and I restarted my computer like it said to but I'm still getting popups


Report •

#14
September 1, 2012 at 21:47:55
did you read what I said? DO ALL 3 progs in the EXACT order listed...you only did the first 2 and didn't do the last scan with malwarebytes....because you said you ran it before..so why not do them again in that order? If that doesn't work....do it AGAIN, only in safe mode....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#15
September 2, 2012 at 05:44:38
To guapo: "I checked my toolbars in Chrome by going to the wrench in top-right and went to Tools, then I went to extensions. I assume thats where you'd have me look and then I removed a unfamiliar I guess toolbar. whats left is the avast webrating and Adblock. (I don't remember the file name but didn't seem to help anyway)."

No, that's not where I wanted you to look. I would have uninstalled all toobars from the add & remove programs in the control panel.

How do you know when a politician is lying? His mouth is moving.


Report •

#16
September 2, 2012 at 13:06:58
I'm done with your help obviously none of you get what I'm saying.

Report •

#17
September 2, 2012 at 13:32:26
you can try these 2 fully working trials and run them till they run clean....they find things that others miss.
Trojan Remover
hitman pro

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#18
September 2, 2012 at 17:51:55
"I'm done with your help obviously none of you get what I'm saying"

Think about it. If none of us understand what your are saying then this must mean that your explanation was not clear enough. We can only read what you say.

There was a very real reason why MalwareBytes should have been run AFTER the other two programs given in #6. This seems to have been disregarded even after you were prompted.

All the advice given on this thread was quite relevant to the issue as you described it, either as a means of diagnosis or possible fixes.

Helpers on this forum do so without payment in their own free time in order to try to help others with their problems, nothing more nothing less. They don't therefore expect rudeness. You can always pay to have your computer fixed.

Always pop back and let us know the outcome - thanks


Report •

#19
September 2, 2012 at 20:06:24
That guy has to be kidding. Most of us have been cleaning machines for years.

How do you know when a politician is lying? His mouth is moving.


Report •

#20
September 3, 2012 at 08:01:59
Re #19

Posters are not obliged to either like or take the advice given.

What gets my back up is the petty insults when leaving, especially when quite unjustified.

Always pop back and let us know the outcome - thanks


Report •

#21
September 3, 2012 at 14:41:59
Well funny thing is Avast cleaned my system while all the other programs you suggested failed to do so. I even posted the virus result yet none of you said anything about it?

Thanks for your efforts anyway.


Report •

#22
September 3, 2012 at 14:49:11
'I even posted the virus result'
I never saw an Avast result....Did you try all the things I mentioned?

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#23
September 3, 2012 at 20:56:51
I'm done with this thread.

How do you know when a politician is lying? His mouth is moving.


Report •

#24
September 4, 2012 at 15:20:15
I think I know where the problem might lie.

Always pop back and let us know the outcome - thanks


Report •

Ask Question