Jump to content


Photo

Popups


  • Please log in to reply
12 replies to this topic

#1 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 16 July 2004 - 05:28 PM

I had submited a problem before and followed everything that was suggested and that problem was taken care of. Now I am getting lots of popups. I have a popup blocker but a small window will appear at the bottom right side with nothing in it but then a lot of popups starts coming in. Here is my HJT log:

ogfile of HijackThis v1.97.7
Scan saved at 6:22:08 PM, on 7/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\TrojanHunter 3.9\THGuard.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?38156.7228125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Thank you,

Kathy

#2 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 19 July 2004 - 03:28 AM

Theres nothing in your log thats responsible - its clean. Did you take all the preventative advice LoPhatPhuud gave you? I see spyware guard....

Theres a few other things it may be though. Are you getting full 'picture' adverts or 'windows messenger' style text boxes.

If the latter try running shoot the messenger from here.
http://grc.com/stm/s...hemessenger.htm

This will help you block bad sites and ad servers. In windows explorer go to C:\WINDOWS\System32\Drivers\Etc, locate the file called hosts (no file extension) and rename it to hosts.old. Then download MVPS hosts file and extract it to the exact same location

Which popup blocker are you using - the one in the google tool bar or another?
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#3 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 19 July 2004 - 09:10 AM

Scoff,

I have done every thing that LoPhatPhuud recommended.

I ran http://grc.com/stm/s...hemessenger.htm.

But when I located the file C:\WINDOWS\System32\Drivers\Etc and found the file named hosts I couldn't rename it because I already had a file named hosts.old. Should I try to move it to the file hosts.old and if so how?


Kathy S

#4 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 19 July 2004 - 05:08 PM

You've had a new hosts file before then, rename hosts.old to hosts.old.old - or copy it somewhere, or leave the current hosts.old as it is as its probably your original one and delete the current hosts file (if you know its not a custom one of your own) and replace it with the MVPS hosts file. Which pop up blocker are you using?
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#5 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 20 July 2004 - 11:20 AM

Scoff,

I remaned the file and downloaded MVPS hosts file.

I use the Google toolbar popup blocker.


Kathy

#6 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 20 July 2004 - 05:00 PM

Are the pop ups still happening? let me know if the hosts file has had any effect. I use the google toolbar as a pop up blocker, but if you want an alternative try panicware pop up stopper - google will find it.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#7 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 20 July 2004 - 10:22 PM

Scoff,

I am still getting the small window in the bottom right corner and then a lot of popups. I will download panicware pop up stopper and then let you know if that works.

Thank you for your time.

Kathy

#8 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 21 July 2004 - 11:37 PM

Scoff,

The popup stopper appears to be working but now I not only have the same window at the bottom right side but now it is in the middle of my screen. It is only when I open my crazy browser and not on internet explorer. I have tried to get rid of them but when I click on the x nothing happens. I cannot not download any popup stoppers for the crazy browser. Any suggestions on what to do?


Kathy

#9 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 22 July 2004 - 08:31 AM

Crazy browser is not one I'm too familiar with, I understand v1.05 should have a built in pop up blocker, if theres filter settings for it, maybe something is set to allow pop ups to sneak through from a particular address. Are there options in it for this?
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#10 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 22 July 2004 - 05:25 PM

Scoff,

There is a popup blocker for crazy browser that was enabled but it appears not to work since I get popups.


kathy

#11 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 22 July 2004 - 05:28 PM

usually with most blockers you can tailor it to allow certain things through that you want to see. If its possible this can be done in crazy browesr (i'm not sure), I was wondering if anyhing is set in your built in crazy browser blocker?
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#12 cloud0528

cloud0528

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 26 July 2004 - 04:29 PM

Scoff,

I don't know what I did but now the popup bloclker is working.
Thank you for your help.

Kathy

#13 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 27 July 2004 - 08:43 AM

I'm not sure either :rofl: but glad we could help.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button