TechSpot

Pop Up Mania Doing my head in!

By ywain
May 25, 2005
  1. This hijack this log is posted from a computer at work! The thing is I can't work because of silly popups all the time........

    Could someone have a look and tell me if something needs the old heave ho!!!

    p.s. thankyou to blackstuff if you're looking at this - you've saved my PC on a few occasions!
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Please post a .txt file.
    I refuse (as anybody should!) to open a .doc file
     
  3. Vikkilea

    Vikkilea TS Rookie

    its okay if you open it in openoffice :p
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Vikkilea
    this really should be a nobrainer!
    That doc-file comes from an infected PC; go ahead, get infected!
     
  5. Vikkilea

    Vikkilea TS Rookie

    i seriously..

    i cant be bothered arguing. I can sense you dont like me already. Meh, grudges will be held by people and theres nothing i can do.
     
  6. ywain

    ywain TS Rookie Topic Starter

    Don't fight!!!!!

    Here it is in txt - sorry it rejected it last time because Hijackthis had called it .log and I forgot to change it!!!

    Thanx

    Please don't fight!!!
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    WToolsS.exe
    nsvsvc.exe
    sdoefilt.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    WToolsS.exe
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, try to UNinstall anything to do with:
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.2.98:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [3FFg39P] sdoefilt.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n22u0cf9ef2.dll
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
    ...................................................................................................
    Now click on the Fix Checked button in HJT.
    When done, from between the dotted lines, delete the bold files.
    When a directory-name is bold, delete everything in it, including that directory itself.

    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
     
  8. ywain

    ywain TS Rookie Topic Starter

    thanx

    thank you very much again blackstuff!! will try this and get back!

    Yws
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...