i'm getting popups from casinos, registry cleaners, various ads...
i've run updated versions of ad-aware, spybot, and norton antivirus. i'm new to this, so please help me. i rebooted and ran HJT...log below.
thanks


Logfile of HijackThis v1.99.1

Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Then Read: How to post your Hijackthis log-files as an attachment.

thanks for your help. i did everything you said exactly and i still get them. what's the next step?

i've gone ahead and attached 2 logs. 1 after a fresh boot...and the other after i opened IE and a couple other programs and browsed a lil to get the popups to come out.

when i get one of the popups, i click properties and the first part says:
"click.aspx?"...something something then "epilot" ...other stuff then "productresearch.info"...blah

below that in the properties window still...for address (url) it shows:

"adchannel.contextplus.net/services/adclickserver/ccid_eql_11251_amp_requestid_eql_b32298B4"...blah blah blah "productresearch.info"...blah

i also get www.888.com casino popups
and also an antivirus ad popup with this url:
http://www.pcsecurityshield.com/webA...=WTK&affid=571

your help is greatly appreciated.
thanks!

chip

Attached Files

	hijackthis-freshboot-b4popups.txt (6.9 KB, 3 views)
	hijackthis-after popups.txt (7.1 KB, 3 views)

i'm also getting cassava casino popups
thanks for your help...hope to hear back from you soon.

First Read: Only use these HJT-instructions when asked!
NO /P/S/U/R/ FUNCTIONS FOR YOU.
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
........................................................................... ........................
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
........................................................................... ........................

I would advise to get rid of AOL, incl. the AOL-toolbar and AIM

And stop using that crappy IE, go to www.getfirefox.com

i followed the directions...turned off restore, allowed viewing of all files, etc...
1 thing i had to do was actually open IE instead of just right click and properties when i had to delete cookies and files. would that screw it up?

also...i ran spyware doctor and i typed a list of a buncha stuff it found below. lemme know if you have any other ideas. i'm fine with using regedit.

i've attached the hjt log from when i rebooted a few minutes ago. (date and time are in the file name, not that it matters, but i i'll be able to review them and compare them if need be.)

please help me get this crap off my system.
thanks for your help...
chip


2nd-thought.com
2o7.net
epilot.com
888.com
exact advertising -trafficmp.com
istbar - sfxwiz32-gcc.exe
deal helper- gjoocbk2, gjoocbk1, gjoocbk
ads.pointroll.com
adknowledge.com
media.adrevolver.com
adrevolver.com
maxserving.com
tickle.com
tradedoubler.com
citi.bridgetrack.com
ads.cc214142.com
tribalfusion.com
atwola.com
revenue.net
perf.overture.com
centrport.net
casalemedia.com
statcounter.com
pcsecurityshield.com
overpro.com - swf studio\pulgins2\inifile.dll
tradedoubler.com

What HJT-log?

Without an indication WHERE you found those websites, your info is useless.

i just ran hjt a few minutes ago after i ran the apropos fix. logs are attached.

in the previous response, i simply listed that spyware doctor had found that stuff. i didn't notice anything before, but i will look again to see if it gives details about where the files are. i figured it might give you more info on what exactly we're dealing with here.
thanks a lot.

chip

Attached Files

	hijackthis-103105-1400.txt (6.4 KB, 5 views)
	log.txt (1.9 KB, 1 views)

Apart from this
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

the log is clean (if you overlook that crap-junk from AOL and Symantec...)

i checked it before and it came back. i'll try it again now that i haven't had any popups for a little while. hopefully everything is all better. i'll get back to you if it doesn't work this time.
thanks for your help and take care.

chip