Member Panel

reveriereptile · 03:49 PM

I'm having problems with a ton of pop ups. There is a pop up blocker on the computer and I still get them even if it is turned on high. I have been trying to block the pop ups but it doesn't help any. I've ran spybot, ewido, antivirus, and ccleaner. Nothing has helped. Here is my hijackthis log.

ladygreenwitch

Hi Reveriereptile,

Welcome to PCHF. We have a wonderful team of techs here and I am sure that we will be able to identify your problem.

Just for future reference, please make sure to ONLY post HijackThis! logs as attachments, this protects other users from accidentally clicking on a potentially infectious post. (Appears Joe took care of this for you this time)

It would also be helpful for you to post the ewido log from your last scan, just incase.

We should have a diagnosis of your HJT log very shortly.

TTFN

LGW

ladygreenwitch

OK RR,

The HJT log doesn't look that bad, although you are running HJT from a temporary folder and it would be better to make sure it is installed into its own folder. As near as I can tell, the reason you are getting the Popups is that you still have Windows Messenger enabled. You would be well to disable that process.

Please download Shoot The Messenger

Download and run the small (22 kbyte) "ShootTheMessenger.exe" utility. It will display the current status of your system's Messenger Service. The button near the bottom of its window will allow you to set the service to whichever state ? running or disabled ? that you desire.

If, for any reason, you should ever choose to re-enable the Windows Messenger Service, simply re-run ShootTheMessenger to do so.

Then you can fix these with HJT, it may be that the 09 entry Extra Tools will no longer be there because you disabled Windows Messenger.

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Rerun CCleaner, making sure that Advanced options are set, answer OK to all warnings. Rerun HJT and post your new log back here.

Looking forward to your reply,

TTFN

LGW

reveriereptile

Thank you for your help. I have disabled the Windows Messenger, ran ccleaner, HJT which I fixed the Extra Tools you stated, and just started running ewido. Since running the scans I still have the pop ups appearing.

joe5

You could uninstall the "Viewpoint Manager/Toolbar" in add and remove programs if you don't want/use it.

And these can be fixed with hjt:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)

And can you also attach the Ewido log to check?

ladygreenwitch

:smiley: Hi RR,

Thanks for that. I am not familiar with the version of McAffee that you are running. Does it include a firewall? Otherwise it appears that you do not have one. If you are using the one that came with SP2, it would probably be a good idea to replace it with one of these; Firewalls.

Can you please download Spy Sweeper from my signature, Click on Options, make sure that all options are selected except Do Not Scan System Restore Files. Click on Scan Now, Start. Quarantine everything that it finds. There may be some traces left from another infection.

Also, You've let Yahoo in pretty thouroghly, I would consider fixing these with HJT,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

Then uninstalling the Yahoo Toolbar until after you have installed a firewall and configured it for no popups. I did have Popup trouble with them at one time and removing the toolbar solved the problem. I am reasonably sure you would be able to reinstall it after you configured your firewall.

@Joe, can you think of a reason that these two entries would have come back? They looked pretty benign to me?

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)

You might also try running one of these anti-Popup programs. Like this http://www.pcworld.com/downloads/fil...id,8060,00.asp.

Also, have you disabled your System Restore before running CCleaner and HJT, it might make a difference. I would also run one of the registry cleaners in my signature, I prefer RegSupremePro even tho it's a trial just because it is so thourogh. Do the registry cleaning before you get back on the internet.

Look forward to your reply,

TTFN

LGW

reveriereptile

Here is my ewido log. I'll get busy with your other suggestions. I do have a firewall on the computer.

Member Panel

Sponsors and Ads

Noticeboard