Jump to content


Photo

inundated with popups and ads...


  • Please log in to reply
3 replies to this topic

#1 Aelryinth

Aelryinth

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 17 June 2007 - 02:28 AM

Quite an irritating problem.

I'm using eTrust Antivirus' free firewall, and it's not doing the job. I run Ad Aware probably 5 times a night...it gets rid of the cookies, but not the stuff which keeps soliciting the ads. THe popups start up as soon as I open my browser and start moving around.

I ran Adaware directly before posting here. Popup ads have included to Porn sites (which I never visit) and audio files that completely take over my speakers. I get a lot of WinAntiSpyware triple ads, DriveCleaner, and WinAntiVirus stuff that simply won't go away.

I will note that AVG seems to stop most of them, but some of these buggers are so persistent they end up closing down eTrust as I click them away. I've also tried to run HouseCall from Trend Micro...the popups get so bad that each and every time the browser has collapsed and the attempt was unsuccessful.

SpyDocter and Pop UP stopper say I've got a lot of infections, but naturally won't eliminate them unless they get paid. I basically use them just to see how bad the situation is. The last time I ran AVG's Trial version, it detected no viruses at all (yesterday), although it does an excellent job of blocking popups, it also restricts my ability to do online gaming for some reason.

I have a number of files that I was able to pick out with Pop Up Blocker's help, including a large number of /tmp##.tmp.dll files in the system32 file. They are sitting in my wastebasket ready to be deleted, but I've wondered if I should do so. There's several other files from Pop Up Blocker in there as well...I can restore them and run another HijackThis if you feel that would be appropriate.

Here is the required HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:17:29 AM, on 6/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\CTSVCCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\eTrust\Antivirus\InoRpc.exe
C:\Program Files\eTrust\Antivirus\InoRT.exe
C:\Program Files\eTrust\Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\eTrust\Antivirus\realmon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\bob\Desktop\Fixit stuff\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.theste...asp?FORUM_ID=14
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: (no name) - {8fad0c47-d0e1-4971-9234-0246f5f2f74b} - C:\WINNT\system32\CTPgmt.dll
O2 - BHO: DSE WE Addon Class - {BF55256A-3B3B-11D2-B05B-000001145917} - C:\Program Files\Common Files\PFWShared\weaddon.dll (file missing)
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINNT\system32\tmp13.tmp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINNT\System32\TrayIcon.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Run32dll] c:\winnt\system32\taskmngr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMonitor] C:\Program Files\TPF4\amon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mbgvux] C:\WINNT\mbgvux.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runner1] C:\WINNT\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINNT\mliiig.dll",realset
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.char...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.tr...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: CTPgmt - C:\WINNT\SYSTEM32\CTPgmt.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: DSE Config Interpreter (ConfigInterpreter) - Unknown owner - C:\Program Files\Common Files\PFWShared\cfgintpr.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSVCCDA.EXE
O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Unknown owner - C:\Program Files\Microsoft Visual Studio .NET\Common7\Packages\Debugger\dbgproxy.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\eTrust\Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: DSE Agent (UmxAgent) - Unknown owner - C:\Program Files\TPF4\umxagent.exe (file missing)
O23 - Service: FW Configuration Interpreter (UmxCfg) - Securitae - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW Policy Manager (UmxPol) - Unknown owner - C:\Program Files\Common Files\PFShared\UmxPol.exe

--
End of file - 8605 bytes


My problems have started within the past two weeks...before then, pop ups were not an issue (although occasional 'stock offering' emails hidden inside garbled random emails still pop up in my mail.

If I need to upgrade my firewall and other software, please let me know.

Thank you for your time!

===Ael

#2 Aelryinth

Aelryinth

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 17 June 2007 - 11:29 PM

The situation has somehow moved from bad to absolutely horrible.

My computer will no longer load my settings....says I don't satisfy the parameters, or something. It loads to a default setting. It won't even let me get on the Internet normally...for some reason, I tried hitting Windows Updates and it zipped right onto the internet, and I was able to reach here once I was on. However, just clicking on my browser just gets me to the IE setup wizard.

I tried loading the recommended AVS firewall I saw on some other posts as an Update to my own. Not only was I unable to load it, because I couldn't access the activation code because I can't access my own settings, but I get a 1711 error (out of memory) when I tried to Uninstall it...and so I can't uninstall it. I managed to delete the file in Safe Mode, but that doesn't seem to have helped my problem other then the fact it's not annoying me anymore.

Furthermore, just in case, I tried loading some documents I had done from my own Documents and Dettings to an E Drive tool (a little San Disk 100 meg porta drive.) I got messages that two data streams were trying to copy, and this wasn't supported (Inoculateit:$Data), and when I try to open the files, it informs me that I don't have permission to do so.

All the Temp##.Tmp.dll files that were in my wastebasket I restored to be on the safe side.

Accessing Search in safe mode or this 'default' mode crashes Windows.

Trying to uninstall a file called Advertismen via Control Panel fails and tells me I'm missing a .dll file (I can't give you the name right now, because for some reason I can't open Add/remove Programs!)

Adaware did a full scan, found 4 more items, I hit quarantine....and Adaware has now locked up.

I Just tried to run HiJack This in this default mode, and instead I get a Runtime '481': Invalid picture in a little box.

I can't even open my Email for computer errors. Here's hoping someone can get me some help soon.

===Aelryinth

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 19 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 Aelryinth

Aelryinth

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 19 June 2007 - 10:00 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]



Yay for robots.

I've been informed by my cousin, the head of CIS for the local school district, that my default user profile setting has been corrupted. Hence I am unable to save, open, download or otherwise make permanent changes to my computer. I am accumulating a huge number of dubious temp files inside Program files and Documents and Settings, presumably one per entry.

I might be able to fix the Default profile and get things back on track by using a Registry Repair tool for Win2k I got off the net...i just need to find a floppy disk drive to stick into my computer (yes, it had to use floppies, you couldn't burn it to a CD).

If that doesn't work, He says I'll need to re-install Windows...which might be a problem, as I can't find my win2k disks (amazing, I've not had to do a re-install of Win2k in the 5 years since I got the computer!), so I'll have to go begging a Restore Disk off someone.

I don't have to use Windows Updates to hookwink the computer into allowing me online, but I basically can't use any applications because I'm on a temporary profile and nothing I do will be saved.

I did confirm that I could copy and paste other files to a USB, so I saved my critical files.

And that is my latest update, for whoever the Mr. Fixit is who finally gets to this. Blah. It's been a bad couple of days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button