TechSpot

can't remove popups...please help. HJT log included

By jobamsoft
Oct 23, 2005
  1. i'm getting popups from casinos, registry cleaners, various ads...
    i've run updated versions of ad-aware, spybot, and norton antivirus. i'm new to this, so please help me. i rebooted and ran HJT...log below.
    thanks


    Logfile of HijackThis v1.99.1
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. jobamsoft

    jobamsoft TS Rookie Topic Starter

    did everything and still have popups

    thanks for your help. i did everything you said exactly and i still get them. what's the next step?

    i've gone ahead and attached 2 logs. 1 after a fresh boot...and the other after i opened IE and a couple other programs and browsed a lil to get the popups to come out.

    when i get one of the popups, i click properties and the first part says:
    "click.aspx?"...something something then "epilot" ...other stuff then "productresearch.info"...blah

    below that in the properties window still...for address (url) it shows:

    "adchannel.contextplus.net/services/adclickserver/ccid_eql_11251_amp_requestid_eql_b32298B4"...blah blah blah "productresearch.info"...blah

    i also get www.888.com casino popups
    and also an antivirus ad popup with this url:
    http://www.pcsecurityshield.com/webApp/90023a.asp?trk=WTK&affid=571

    your help is greatly appreciated.
    thanks! :)

    chip
     
  4. jobamsoft

    jobamsoft TS Rookie Topic Starter

    and cassava casino popups

    i'm also getting cassava casino popups
    thanks for your help...hope to hear back from you soon. :)
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    NO /P/S/U/R/ FUNCTIONS FOR YOU.
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    ...................................................................................................

    I would advise to get rid of AOL, incl. the AOL-toolbar and AIM

    And stop using that crappy IE, go to www.getfirefox.com
     
  6. jobamsoft

    jobamsoft TS Rookie Topic Starter

    still having the same issues

    i followed the directions...turned off restore, allowed viewing of all files, etc...
    1 thing i had to do was actually open IE instead of just right click and properties when i had to delete cookies and files. would that screw it up?

    also...i ran spyware doctor and i typed a list of a buncha stuff it found below. lemme know if you have any other ideas. i'm fine with using regedit.

    i've attached the hjt log from when i rebooted a few minutes ago. (date and time are in the file name, not that it matters, but i i'll be able to review them and compare them if need be.)

    please help me get this crap off my system.
    thanks for your help...
    chip


    2nd-thought.com
    2o7.net
    epilot.com
    888.com
    exact advertising -trafficmp.com
    istbar - sfxwiz32-gcc.exe
    deal helper- gjoocbk2, gjoocbk1, gjoocbk
    ads.pointroll.com
    adknowledge.com
    media.adrevolver.com
    adrevolver.com
    maxserving.com
    tickle.com
    tradedoubler.com
    citi.bridgetrack.com
    ads.cc214142.com
    tribalfusion.com
    atwola.com
    revenue.net
    perf.overture.com
    centrport.net
    casalemedia.com
    statcounter.com
    pcsecurityshield.com
    overpro.com - swf studio\pulgins2\inifile.dll
    tradedoubler.com
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    What HJT-log?

    Without an indication WHERE you found those websites, your info is useless.
     
  8. jobamsoft

    jobamsoft TS Rookie Topic Starter

    sorry, forgot the attachment

    i just ran hjt a few minutes ago after i ran the apropos fix. logs are attached.

    in the previous response, i simply listed that spyware doctor had found that stuff. i didn't notice anything before, but i will look again to see if it gives details about where the files are. i figured it might give you more info on what exactly we're dealing with here.
    thanks a lot.

    chip
     

    Attached Files:

  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Apart from this
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

    the log is clean (if you overlook that crap-junk from AOL and Symantec...)
     
  10. jobamsoft

    jobamsoft TS Rookie Topic Starter

    ok, how do i fix that one?

    i checked it before and it came back. i'll try it again now that i haven't had any popups for a little while. hopefully everything is all better. i'll get back to you if it doesn't work this time.
    thanks for your help and take care.

    chip
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...