• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jevelasquez

unwanted pop up

5 posts in this topic

I´m getting unwanted pop up when i come to internet.

afther i run ADware 6 and remove some elements it seems to be ok, but if i restar my pc, swhen i come to internet i´m getting again this pop up....

any help how to get out of this.

 

thank's

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Thank´s for theresponse..

 

this is the log file.

 

As a note this morning just afther dialing to theinternet i get a pop screenn (either before load IE) with a page of ¨Mercado Libre¨.

i hope you ca help me.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:06:21 AM, on 7/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPConfig.exe

C:\Archivos de programa\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Archivos de programa\Norton AntiVirus\navapsvc.exe

C:\ARCHIV~1\NETFORMX\BIN\OSCMGR4.EXE

C:\ARCHIV~1\NETFORMX\BIN\OSSERVER.EXE

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\carpserv.exe

C:\ARCHIV~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system\hpsysdrv.exe

C:\ARCHIV~1\NORTON~1\navapw32.exe

C:\Archivos de programa\QuickTime\qttask.exe

C:\WINDOWS\system32\sfpsvr.exe

C:\documents and settings\propietario\configuración local\temp\PmF.exe

C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\Zig5qx6.exe

C:\WINDOWS\System32\RumB3.exe

C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE

C:\Archivos de programa\Outlook Express\msimn.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\Documents and Settings\Propietario\Configuración local\Temp\Directorio temporal 2 para hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.multitel.com.co/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Archivos de programa\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Archivos de programa\Common Files\midaddle\midaddle.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Archivos de programa\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Desktop Zoom] C:\Archivos de programa\HPQ\Desktop Zoom\hpwinadj.exe -s

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [TV Now] C:\Archivos de programa\HPQ\Notebook Utilities\TvNow.exe /RK

O4 - HKLM\..\Run: [Display Settings] C:\Archivos de programa\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\ARCHIV~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Archivos de programa\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sfpsvr] C:\WINDOWS\system32\sfpsvr.exe

O4 - HKLM\..\Run: [PmF] C:\documents and settings\propietario\configuración local\temp\PmF.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Wkv9.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [p76X33l] cnelbmsg.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\ARCHIV~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Kodak software updater.lnk = C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Netformx Updater.lnk = ?

O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E521F3B1-E2C4-4FB6-AB64-F3E747382A4E}: NameServer = 200.13.224.8 200.75.78.78

Share this post


Link to post
Share on other sites

You have the Peper trojan, which requires special treatment to put it out of your misery!

Please download and run this uninstaller.

 

Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

 

Next, go to the folder C:\Archivos de programa\Common Files\midaddle, and check if there is an uninstaller there. If so, run it.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Archivos de programa\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Archivos de programa\Common Files\midaddle\midaddle.dll

 

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Archivos de programa\SEP\sep.dll

 

O4 - HKLM\..\Run: [sfpsvr] C:\WINDOWS\system32\sfpsvr.exe

O4 - HKLM\..\Run: [PmF] C:\documents and settings\propietario\configuración local\temp\PmF.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Wkv9.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [p76X33l] cnelbmsg.exe

 

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

Reboot and delete

 

files

C:\WINDOWS\system32\sfpsvr.exe

All files in the C:\documents and settings\propietario\configuración local\temp folder

C:\WINDOWS\Downloaded Program Files\bridge.dll

C:\WINDOWS\System32\Wkv9.exe

C:\WINDOWS\System32\dp-him.exe

cnelbmsg.exe

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

I´ve tried to follow step by step your instructions, but i ve some questions:

- Afther runing the peperfix, it request me for restar the PC, i Did not.

- Afther runing the unistal program in the C:\Archivos de programa\Common Files\midaddle, it request me to restart the PC again, i did not.

 

i´ve restarted the PC only when your instructions said it.

 

Afther restart,

- there was some files i can´t remove from the temp folder it´s 4 files called ¨me_???????

- i cant´find the files:

C:\WINDOWS\System32\Wkv9.exe

C:\WINDOWS\System32\dp-him.exe

cnelbmsg.exe

 

this is the hitjak This log afther all.

 

Logfile of HijackThis v1.98.0

Scan saved at 6:32:42 PM, on 7/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPConfig.exe

C:\Archivos de programa\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Archivos de programa\Norton AntiVirus\navapsvc.exe

C:\ARCHIV~1\NETFORMX\BIN\OSCMGR4.EXE

C:\ARCHIV~1\NETFORMX\BIN\OSSERVER.EXE

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\carpserv.exe

C:\ARCHIV~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system\hpsysdrv.exe

C:\ARCHIV~1\NORTON~1\navapw32.exe

C:\Archivos de programa\QuickTime\qttask.exe

C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Propietario\Configuración local\Temp\Directorio temporal 1 para hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.multitel.com.co/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Desktop Zoom] C:\Archivos de programa\HPQ\Desktop Zoom\hpwinadj.exe -s

O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [TV Now] C:\Archivos de programa\HPQ\Notebook Utilities\TvNow.exe /RK

O4 - HKLM\..\Run: [Display Settings] C:\Archivos de programa\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\ARCHIV~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Archivos de programa\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Voqw.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\ARCHIV~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Kodak software updater.lnk = C:\Archivos de programa\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Netformx Updater.lnk = ?

O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Archivos de programa\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/insta...00/SYSsfitb.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

 

i hope i´ve done all fine.

 

At least while i´ve been writing this i´ve not get any pop up.

 

Thank´s

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0