• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tatonka_1

pop up will not go away

3 posts in this topic

Hello all, I am new to this fourm and need some help.

each time i open or close a new widow a pop up ad will open

stating i have spyware on my machine. each time i try and close the

window, the pop up will return. also my homepage is set to about:blank but

i am always directed to a search page where i am bombarded with spyware

ads that will not close. HELP!

 

Here is my log.

 

Logfile of HijackThis v1.97.7

Scan saved at 7:56:13 AM, on 7/17/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O2 - BHO: (no name) - {8C0C13E1-D627-11D8-9218-00C07D56206E} - C:\WINDOWS\SYSTEM\FPOHPA.DLL

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDB57890086B} - C:\WINDOWS\DIAL.DLL

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-111111111111} - C:\WINDOWS\SYSTEM\BACKUP.DLL

O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe

O4 - HKLM\..\Run: [sncntr] c:\windows\system\sncntr.exe /nocomm

O4 - HKLM\..\Run: [hxlrfovym] C:\WINDOWS\HXLRFOVYM.exe

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [shell] c:\ray.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe

O4 - HKLM\..\Run: [Winhost] C:\WINDOWS\win.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w

O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: SEARCH (HKLM)

O9 - Extra button: ANTIVIRUS (HKLM)

O9 - Extra button: ENTERTAINMENT (HKLM)

O9 - Extra button: SECURITY (HKLM)

O9 - Extra button: SEARCH (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O19 - User stylesheet: (file missing)

Share this post


Link to post
Share on other sites

HELP, Anyone. I use the net to take test and quiz'es for a summer math course and the unstoppable pop-ups evenually cause an error disconnecting me.

Share this post


Link to post
Share on other sites

The running processes in your HijackThis log looks rather short - next time make sure you're including the whole log. Also, go ahead and get the new v1.98 of HijackThis from: http://www.spywareinfo.com/~merijn/files/HijackThis.exe

or http://www.downloads.subratam.org/hijackthis.zip

 

Download StartDreck from http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

 

Don't let all the German throw you - just look for the line:

<DOWNLOAD> (396.737 Bytes) md5: eeed12045428c9e7a1d4912127e2e536

and click on <DOWNLOAD>

 

Unzip it to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select the location to save the log file

(default is the same folder as the application)

 

Post the log in this thread along with a new HJT v1.98 log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0