Read on full site | 
Join TechSpot! (it's free) | 
Bookmark / Share this
|
jobamsoft 10-23-2005, 04:16 PM i'm getting popups from casinos, registry cleaners, various ads... i've run updated versions of ad-aware, spybot, and norton antivirus. i'm new to this, so please help me. i rebooted and ran HJT...log below. thanks Logfile of HijackThis v1.99.1 RealBlackStuff 10-24-2005, 01:18 AM Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!. Read: How to remove Begin2Search/Coolwebsearch and Other Nasties (http://www.techspot.com/vb/topic17297.html) Then Read: How to post your Hijackthis log-files as an attachment (http://www.techspot.com/vb/topic19133.html). Ad 10-24-2005, 01:18 AM jobamsoft 10-25-2005, 06:45 PM thanks for your help. i did everything you said exactly and i still get them. what's the next step? i've gone ahead and attached 2 logs. 1 after a fresh boot...and the other after i opened IE and a couple other programs and browsed a lil to get the popups to come out. when i get one of the popups, i click properties and the first part says: "click.aspx?"...something something then "epilot" ...other stuff then "productresearch.info"...blah below that in the properties window still...for address (url) it shows: "adchannel.contextplus.net/services/adclickserver/ccid_eql_11251_amp_requestid_eql_b32298B4"...blah blah blah "productresearch.info"...blah i also get www.888.com casino popups and also an antivirus ad popup with this url: http://www.pcsecurityshield.com/webApp/90023a.asp?trk=WTK&affid=571 your help is greatly appreciated. thanks! :) chip jobamsoft 10-25-2005, 09:57 PM i'm also getting cassava casino popups thanks for your help...hope to hear back from you soon. :) RealBlackStuff 10-26-2005, 06:18 AM First Read: Only use these HJT-instructions when asked! (http://www.techspot.com/vb/topic34861.html) NO /P/S/U/R/ FUNCTIONS FOR YOU. The text between the dotted lines underneath goes between the dotted lines of that post. Make sure to follow ALL instructions, and in HJT tick/fix ALL lines! ........................................................................... ........................ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) ........................................................................... ........................ I would advise to get rid of AOL, incl. the AOL-toolbar and AIM And stop using that crappy IE, go to www.getfirefox.com jobamsoft 10-27-2005, 07:33 PM i followed the directions...turned off restore, allowed viewing of all files, etc... 1 thing i had to do was actually open IE instead of just right click and properties when i had to delete cookies and files. would that screw it up? also...i ran spyware doctor and i typed a list of a buncha stuff it found below. lemme know if you have any other ideas. i'm fine with using regedit. i've attached the hjt log from when i rebooted a few minutes ago. (date and time are in the file name, not that it matters, but i i'll be able to review them and compare them if need be.) please help me get this crap off my system. thanks for your help... chip 2nd-thought.com 2o7.net epilot.com 888.com exact advertising -trafficmp.com istbar - sfxwiz32-gcc.exe deal helper- gjoocbk2, gjoocbk1, gjoocbk ads.pointroll.com adknowledge.com media.adrevolver.com adrevolver.com maxserving.com tickle.com tradedoubler.com citi.bridgetrack.com ads.cc214142.com tribalfusion.com atwola.com revenue.net perf.overture.com centrport.net casalemedia.com statcounter.com pcsecurityshield.com overpro.com - swf studio\pulgins2\inifile.dll tradedoubler.com RealBlackStuff 10-28-2005, 05:42 AM What HJT-log? Without an indication WHERE you found those websites, your info is useless. jobamsoft 10-31-2005, 02:08 PM i just ran hjt a few minutes ago after i ran the apropos fix. logs are attached. in the previous response, i simply listed that spyware doctor had found that stuff. i didn't notice anything before, but i will look again to see if it gives details about where the files are. i figured it might give you more info on what exactly we're dealing with here. thanks a lot. chip RealBlackStuff 10-31-2005, 02:42 PM Apart from this O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) the log is clean (if you overlook that crap-junk from AOL and Symantec...) jobamsoft 11-01-2005, 07:52 AM i checked it before and it came back. i'll try it again now that i haven't had any popups for a little while. hopefully everything is all better. i'll get back to you if it doesn't work this time. thanks for your help and take care. chip Ad 11-01-2005, 07:52 AM |
|
Post a reply, see related topics & more