unstoppable
Registered
Okay guys, I run AD aware AND Spybot and I still am getting pop ups!
Any ideas?????????
Any ideas?????????
Pop up help
- Thread starter unstoppable
- Start date
magic_marker
Registered
RE: Pop up help
Download a free trial of Tuneup Utilities, and use it to thoroughly clean out your registry and get rid of pesky programs:
http://www.tucows.com/preview/317392.html
After that, QUIT VISITING NAUGHTY SITES!!
Download a free trial of Tuneup Utilities, and use it to thoroughly clean out your registry and get rid of pesky programs:
http://www.tucows.com/preview/317392.html
After that, QUIT VISITING NAUGHTY SITES!!
unstoppable
Registered
RE: Pop up help
Believe it or not guys the pop ups are in no way porn related.
But thanks I'll try the program.
Believe it or not guys the pop ups are in no way porn related.
But thanks I'll try the program.
RE: Pop up help
Usually before I run Adaware and/or SpyBot, I run msconfig and uncheck all suspicious startup programs. Go through and delete all cookies and temp folders. Check the taskbar for unwanted programs. Use Ctrl-Alt-Del to find background programs to delete. Usually the disk cleanup utility comes in handy here. Then run windows uninstall software utility and get rid of non-essentials. Be ruthless. If you don't recognize it, kill it. Finally finish up with Adaware and Spybot scans.
I have seen friends' computers literally unusable due to so many pop-ups. Pathetic. xo
Usually before I run Adaware and/or SpyBot, I run msconfig and uncheck all suspicious startup programs. Go through and delete all cookies and temp folders. Check the taskbar for unwanted programs. Use Ctrl-Alt-Del to find background programs to delete. Usually the disk cleanup utility comes in handy here. Then run windows uninstall software utility and get rid of non-essentials. Be ruthless. If you don't recognize it, kill it. Finally finish up with Adaware and Spybot scans.
I have seen friends' computers literally unusable due to so many pop-ups. Pathetic. xo
RE: Pop up help
What kind of pop-up's are you talking about? Do you get them when surfing the internet or just randomly in windows?.
If you are running Win2k or XP and getting random popups when not surfing the net: go-to your start menu > Run and type "services.msc" find the service labeled "Messenger" and right click on it > properties and disable and stop it.
If you just want a good popup blocker, try the google toolbar or you can try the popupblocker here: http://www.download.com/Pop-Up-Stopper-Free-Edition/3000-7786-10298195.html?tag=lst-4-3
If you have Windows XP, Service Pack 2 for it should be out in less than a month and it will include a buil-in popup blocker in IE.
Hope this answers your question?
What kind of pop-up's are you talking about? Do you get them when surfing the internet or just randomly in windows?.
If you are running Win2k or XP and getting random popups when not surfing the net: go-to your start menu > Run and type "services.msc" find the service labeled "Messenger" and right click on it > properties and disable and stop it.
If you just want a good popup blocker, try the google toolbar or you can try the popupblocker here: http://www.download.com/Pop-Up-Stopper-Free-Edition/3000-7786-10298195.html?tag=lst-4-3
If you have Windows XP, Service Pack 2 for it should be out in less than a month and it will include a buil-in popup blocker in IE.
Hope this answers your question?
unstoppable
Registered
RE: Pop up help
I get it EVERYTIME I start up IE.
Messenger WAS disabled.Any more ideas?
I get it EVERYTIME I start up IE.
Messenger WAS disabled.Any more ideas?
unstoppable
Registered
RE: Pop up help
Its set to yahoo
Its set to yahoo
sleeper
Former LOD President
RE: Pop up help
start spybot, go into advanced mode. find the section that lets you disable processes that start on startup. kill 'em all. see if that helps. if it's opening popups, there's probably something running on your computer. you just have to find it and kill it.
start spybot, go into advanced mode. find the section that lets you disable processes that start on startup. kill 'em all. see if that helps. if it's opening popups, there's probably something running on your computer. you just have to find it and kill it.
RE: Pop up help
Did you update Adaware and Spybot before you ran them?
Ok, then you might have something they can't remove, try this program: http://www.majorgeeks.com/download.php?det=4086
And if you still get pop-ups after using that, then run this program: http://www.majorgeeks.com/download.php?det=3155 and when you run it. hit scan, then "save log", and then cut and paste the log into this thread.
Did you update Adaware and Spybot before you ran them?
Ok, then you might have something they can't remove, try this program: http://www.majorgeeks.com/download.php?det=4086
And if you still get pop-ups after using that, then run this program: http://www.majorgeeks.com/download.php?det=3155 and when you run it. hit scan, then "save log", and then cut and paste the log into this thread.
unstoppable
Registered
RE: Pop up help
http://www.download.com/Pop-Up-Stopper-Free-Edition/3000-7786-10298195.html?tag=lst-4-3
This pop up stopper seems to have stopped them.But it has its own little pop up each time it stops a pop up?
I'll try your new removal tools and see if we cant get rid of it for good.
Thanks guys.
http://www.download.com/Pop-Up-Stopper-Free-Edition/3000-7786-10298195.html?tag=lst-4-3
This pop up stopper seems to have stopped them.But it has its own little pop up each time it stops a pop up?
I'll try your new removal tools and see if we cant get rid of it for good.
Thanks guys.
devicemanager
Registered
RE: Pop up help
These things can be the biggest pita to get rid of.
Make sure your virus protection is up to date and do a full system scan before you attempt any of those other thingys.
These things can be the biggest pita to get rid of.
Make sure your virus protection is up to date and do a full system scan before you attempt any of those other thingys.
unstoppable
Registered
RE: Pop up help
I tried your link earlier and it wouldnt work.I think it was on my end though. I'm going to try it again in a little bit.
I use Norton.
I tried your link earlier and it wouldnt work.I think it was on my end though. I'm going to try it again in a little bit.
I use Norton.
RE: Pop up help
If that link doesnt work, try this one: http://home.comcast.net/~mx300/cwshredder.zip
If that link doesnt work, try this one: http://home.comcast.net/~mx300/cwshredder.zip
unstoppable
Registered
RE: Pop up help
[div class="dcquote"][strong]Quote[/strong]
Did you update Adaware and Spybot before you ran them?Ok, then you might have something they can't remove, try this program: http://www.majorgeeks.com/download.php?det=4086And if you still get pop-ups after using that, then run this program: http://www.majorgeeks.com/download.php?det=3155 and when you run it. hit scan, then "save log", and then cut and paste the log into this thread.
[/div]
Here it is.
Logfile of HijackThis v1.98.0
Scan saved at 3:23:26 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\hgbgcrun.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chris\Application Data\anse.exe
F:\FDRIVE~1\chris\DOWNLO~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\FDRIVE~1\chris\DOWNLO~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF5b47.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [ukwbqisieuyb] C:\WINDOWS\System32\hgbgcrun.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF5b47.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cacr] C:\Documents and Settings\Chris\Application Data\anse.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\FDRIVE~1\chris\DOWNLO~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &ieSpell Options - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Check &Spelling - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.samsphotoclub.com/add/XUpload.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
[div class="dcquote"][strong]Quote[/strong]
Did you update Adaware and Spybot before you ran them?Ok, then you might have something they can't remove, try this program: http://www.majorgeeks.com/download.php?det=4086And if you still get pop-ups after using that, then run this program: http://www.majorgeeks.com/download.php?det=3155 and when you run it. hit scan, then "save log", and then cut and paste the log into this thread.
[/div]
Here it is.
Logfile of HijackThis v1.98.0
Scan saved at 3:23:26 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\hgbgcrun.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chris\Application Data\anse.exe
F:\FDRIVE~1\chris\DOWNLO~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\FDRIVE~1\chris\DOWNLO~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF5b47.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [ukwbqisieuyb] C:\WINDOWS\System32\hgbgcrun.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF5b47.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cacr] C:\Documents and Settings\Chris\Application Data\anse.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\FDRIVE~1\chris\DOWNLO~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &ieSpell Options - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Check &Spelling - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://F:\F Drive Backup\chris\downloads\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.samsphotoclub.com/add/XUpload.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
magic_marker
Registered
RE: Pop up help
Chris, it looks like the cuplrit might be the "Ndrv.exe" file.
http://forums.windrivers.com/showthread.php?t=60001&page=4&pp=15
I would completely delete Ad Aware and download the google toolbar with popup blocker. It blocks about 99% of all popups...
Good luck!
Chris, it looks like the cuplrit might be the "Ndrv.exe" file.
http://forums.windrivers.com/showthread.php?t=60001&page=4&pp=15
I would completely delete Ad Aware and download the google toolbar with popup blocker. It blocks about 99% of all popups...
Good luck!
RE: Pop up help
Run Hijackthis, and check the following, then hit fix.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.c
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
C:\WINDOWS\System32\NDrv.exe
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: C:\WINDOWS\alchem.exe
O4 - HKCU\..\Run: C:\WINDOWS\System32\NDrv.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
Here's what I want you to do if you havent already: Do the above, Run CWS Shredder if you havent, then restart your system, now update and run Spybot and Ad Aware again, sometimes a program is running and it prevents them from finding something, then update Norton, and go download a good Trojan Scanner: http://www.trojanhunter.com/ Download the trial, and do a full system scan, and you can uninstall it after you run it if you want. Now run Hijack This again, and make sure nothing you removed earlier came back, if anything did, save the new log and post it here. Then go download SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html and hit immunize, that should protect you from getting most spyware, if not all.
That should clean you up.
How much ram do you have? You might want to consider dumping Norton and getting "AVG Free" http://www.grisoft.com/us/us_dwnl_free.php It uses less resources, and has a better detection rate than Norton, I use it on all my systems. Zonealarm is a decent firewall, but if you feel like switching, try Sygate http://soho.sygate.com/products/spf_standard.htm
Also the most important thing, RUN WINDOWS UPDATE. I cannot stress that enough, go-to "windowsupdate.com" and have it install the latest updates, or if you dont have the time, go-to your "control panel > System > Automatic Updates" and turn them on, so it will update automatically.
For the most security, consider an alternative browser, such as Mozilla http://www.mozilla.org/ It does everything IE does, and it includes a built in popup blocker, just try it.
Scott: Why should he delete Ad Aware?
Run Hijackthis, and check the following, then hit fix.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.c
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
C:\WINDOWS\System32\NDrv.exe
O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: C:\WINDOWS\alchem.exe
O4 - HKCU\..\Run: C:\WINDOWS\System32\NDrv.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
Here's what I want you to do if you havent already: Do the above, Run CWS Shredder if you havent, then restart your system, now update and run Spybot and Ad Aware again, sometimes a program is running and it prevents them from finding something, then update Norton, and go download a good Trojan Scanner: http://www.trojanhunter.com/ Download the trial, and do a full system scan, and you can uninstall it after you run it if you want. Now run Hijack This again, and make sure nothing you removed earlier came back, if anything did, save the new log and post it here. Then go download SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html and hit immunize, that should protect you from getting most spyware, if not all.
That should clean you up.
How much ram do you have? You might want to consider dumping Norton and getting "AVG Free" http://www.grisoft.com/us/us_dwnl_free.php It uses less resources, and has a better detection rate than Norton, I use it on all my systems. Zonealarm is a decent firewall, but if you feel like switching, try Sygate http://soho.sygate.com/products/spf_standard.htm
Also the most important thing, RUN WINDOWS UPDATE. I cannot stress that enough, go-to "windowsupdate.com" and have it install the latest updates, or if you dont have the time, go-to your "control panel > System > Automatic Updates" and turn them on, so it will update automatically.
For the most security, consider an alternative browser, such as Mozilla http://www.mozilla.org/ It does everything IE does, and it includes a built in popup blocker, just try it.
Scott: Why should he delete Ad Aware?
magic_marker
Registered
RE: Pop up help
[font color=blue]Scott: Why should he delete Ad Aware?[/font]
For some reason, it just seems like Ad Aware is a magnet for spyware. I can't explain it. I had pesky popup issues when I used both Ad Aware and Spybot. Now that I use the Google toolbar popup blocker + Spybot, I have no issues.
I think it's a karma thing!
[font color=blue]Scott: Why should he delete Ad Aware?[/font]
For some reason, it just seems like Ad Aware is a magnet for spyware. I can't explain it. I had pesky popup issues when I used both Ad Aware and Spybot. Now that I use the Google toolbar popup blocker + Spybot, I have no issues.
I think it's a karma thing!