• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

inundated with popups and ads...

4 posts in this topic

Quite an irritating problem.


I'm using eTrust Antivirus' free firewall, and it's not doing the job. I run Ad Aware probably 5 times a night...it gets rid of the cookies, but not the stuff which keeps soliciting the ads. THe popups start up as soon as I open my browser and start moving around.


I ran Adaware directly before posting here. Popup ads have included to Porn sites (which I never visit) and audio files that completely take over my speakers. I get a lot of WinAntiSpyware triple ads, DriveCleaner, and WinAntiVirus stuff that simply won't go away.


I will note that AVG seems to stop most of them, but some of these buggers are so persistent they end up closing down eTrust as I click them away. I've also tried to run HouseCall from Trend Micro...the popups get so bad that each and every time the browser has collapsed and the attempt was unsuccessful.


SpyDocter and Pop UP stopper say I've got a lot of infections, but naturally won't eliminate them unless they get paid. I basically use them just to see how bad the situation is. The last time I ran AVG's Trial version, it detected no viruses at all (yesterday), although it does an excellent job of blocking popups, it also restricts my ability to do online gaming for some reason.


I have a number of files that I was able to pick out with Pop Up Blocker's help, including a large number of /tmp##.tmp.dll files in the system32 file. They are sitting in my wastebasket ready to be deleted, but I've wondered if I should do so. There's several other files from Pop Up Blocker in there as well...I can restore them and run another HijackThis if you feel that would be appropriate.


Here is the required HiJackThis log.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:17:29 AM, on 6/17/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

Boot mode: Normal


Running processes:










C:\Program Files\eTrust\Antivirus\InoRpc.exe

C:\Program Files\eTrust\Antivirus\InoRT.exe

C:\Program Files\eTrust\Antivirus\InoTask.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe




C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Common Files\PFShared\UmxCfg.exe




C:\Program Files\Common Files\PFShared\UmxPol.exe



C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\eTrust\Antivirus\realmon.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe


C:\Program Files\Crazy Browser\Crazy Browser.exe

C:\Documents and Settings\bob\Desktop\Fixit stuff\HiJackThis_v2.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.thesteel.org/forum.asp?FORUM_ID=14

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll

O2 - BHO: (no name) - {8fad0c47-d0e1-4971-9234-0246f5f2f74b} - C:\WINNT\system32\CTPgmt.dll

O2 - BHO: DSE WE Addon Class - {BF55256A-3B3B-11D2-B05B-000001145917} - C:\Program Files\Common Files\PFWShared\weaddon.dll (file missing)

O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINNT\system32\tmp13.tmp.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINNT\System32\TrayIcon.exe


O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Run32dll] c:\winnt\system32\taskmngr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AMonitor] C:\Program Files\TPF4\amon.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\eTrust\Antivirus\realmon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [mbgvux] C:\WINNT\mbgvux.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [runner1] C:\WINNT\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINNT\mliiig.dll",realset

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/contr...ate/sdkinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: CTPgmt - C:\WINNT\SYSTEM32\CTPgmt.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll

O23 - Service: DSE Config Interpreter (ConfigInterpreter) - Unknown owner - C:\Program Files\Common Files\PFWShared\cfgintpr.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSVCCDA.EXE

O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Unknown owner - C:\Program Files\Microsoft Visual Studio .NET\Common7\Packages\Debugger\dbgproxy.exe (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\eTrust\Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\eTrust\Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\eTrust\Antivirus\InoTask.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: DSE Agent (UmxAgent) - Unknown owner - C:\Program Files\TPF4\umxagent.exe (file missing)

O23 - Service: FW Configuration Interpreter (UmxCfg) - Securitae - C:\Program Files\Common Files\PFShared\UmxCfg.exe

O23 - Service: FW Policy Manager (UmxPol) - Unknown owner - C:\Program Files\Common Files\PFShared\UmxPol.exe



End of file - 8605 bytes



My problems have started within the past two weeks...before then, pop ups were not an issue (although occasional 'stock offering' emails hidden inside garbled random emails still pop up in my mail.


If I need to upgrade my firewall and other software, please let me know.


Thank you for your time!



Share this post

Link to post
Share on other sites

The situation has somehow moved from bad to absolutely horrible.


My computer will no longer load my settings....says I don't satisfy the parameters, or something. It loads to a default setting. It won't even let me get on the Internet normally...for some reason, I tried hitting Windows Updates and it zipped right onto the internet, and I was able to reach here once I was on. However, just clicking on my browser just gets me to the IE setup wizard.


I tried loading the recommended AVS firewall I saw on some other posts as an Update to my own. Not only was I unable to load it, because I couldn't access the activation code because I can't access my own settings, but I get a 1711 error (out of memory) when I tried to Uninstall it...and so I can't uninstall it. I managed to delete the file in Safe Mode, but that doesn't seem to have helped my problem other then the fact it's not annoying me anymore.


Furthermore, just in case, I tried loading some documents I had done from my own Documents and Dettings to an E Drive tool (a little San Disk 100 meg porta drive.) I got messages that two data streams were trying to copy, and this wasn't supported (Inoculateit:$Data), and when I try to open the files, it informs me that I don't have permission to do so.


All the Temp##.Tmp.dll files that were in my wastebasket I restored to be on the safe side.


Accessing Search in safe mode or this 'default' mode crashes Windows.


Trying to uninstall a file called Advertismen via Control Panel fails and tells me I'm missing a .dll file (I can't give you the name right now, because for some reason I can't open Add/remove Programs!)


Adaware did a full scan, found 4 more items, I hit quarantine....and Adaware has now locked up.


I Just tried to run HiJack This in this default mode, and instead I get a Runtime '481': Invalid picture in a little box.


I can't even open my Email for computer errors. Here's hoping someone can get me some help soon.



Share this post

Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.


Thank you for your patience.


[this is an automated reply]

Share this post

Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.


Thank you for your patience.


[this is an automated reply]



Yay for robots.


I've been informed by my cousin, the head of CIS for the local school district, that my default user profile setting has been corrupted. Hence I am unable to save, open, download or otherwise make permanent changes to my computer. I am accumulating a huge number of dubious temp files inside Program files and Documents and Settings, presumably one per entry.


I might be able to fix the Default profile and get things back on track by using a Registry Repair tool for Win2k I got off the net...i just need to find a floppy disk drive to stick into my computer (yes, it had to use floppies, you couldn't burn it to a CD).


If that doesn't work, He says I'll need to re-install Windows...which might be a problem, as I can't find my win2k disks (amazing, I've not had to do a re-install of Win2k in the 5 years since I got the computer!), so I'll have to go begging a Restore Disk off someone.


I don't have to use Windows Updates to hookwink the computer into allowing me online, but I basically can't use any applications because I'm on a temporary profile and nothing I do will be saved.


I did confirm that I could copy and paste other files to a USB, so I saved my critical files.


And that is my latest update, for whoever the Mr. Fixit is who finally gets to this. Blah. It's been a bad couple of days.

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0