can't remove popups...please help. HJT log included
- Thread starter jobamsoft
- Start date
RealBlackStuff
Posts: 6,450 +3
Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties
Then Read: How to post your Hijackthis log-files as an attachment.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties
Then Read: How to post your Hijackthis log-files as an attachment.
did everything and still have popups
thanks for your help. i did everything you said exactly and i still get them. what's the next step?
i've gone ahead and attached 2 logs. 1 after a fresh boot...and the other after i opened IE and a couple other programs and browsed a lil to get the popups to come out.
when i get one of the popups, i click properties and the first part says:
"click.aspx?"...something something then "epilot" ...other stuff then "productresearch.info"...blah
below that in the properties window still...for address (url) it shows:
"adchannel.contextplus.net/services/adclickserver/ccid_eql_11251_amp_requestid_eql_b32298B4"...blah blah blah "productresearch.info"...blah
i also get www.888.com casino popups
and also an antivirus ad popup with this url:
http://www.pcsecurityshield.com/webApp/90023a.asp?trk=WTK&affid=571
your help is greatly appreciated.
thanks!
chip
thanks for your help. i did everything you said exactly and i still get them. what's the next step?
i've gone ahead and attached 2 logs. 1 after a fresh boot...and the other after i opened IE and a couple other programs and browsed a lil to get the popups to come out.
when i get one of the popups, i click properties and the first part says:
"click.aspx?"...something something then "epilot" ...other stuff then "productresearch.info"...blah
below that in the properties window still...for address (url) it shows:
"adchannel.contextplus.net/services/adclickserver/ccid_eql_11251_amp_requestid_eql_b32298B4"...blah blah blah "productresearch.info"...blah
i also get www.888.com casino popups
and also an antivirus ad popup with this url:
http://www.pcsecurityshield.com/webApp/90023a.asp?trk=WTK&affid=571
your help is greatly appreciated.
thanks!
chip
RealBlackStuff
Posts: 6,450 +3
First Read: Only use these HJT-instructions when asked!
NO /P/S/U/R/ FUNCTIONS FOR YOU.
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
...................................................................................................
I would advise to get rid of AOL, incl. the AOL-toolbar and AIM
And stop using that crappy IE, go to www.getfirefox.com
NO /P/S/U/R/ FUNCTIONS FOR YOU.
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
...................................................................................................
I would advise to get rid of AOL, incl. the AOL-toolbar and AIM
And stop using that crappy IE, go to www.getfirefox.com
still having the same issues
i followed the directions...turned off restore, allowed viewing of all files, etc...
1 thing i had to do was actually open IE instead of just right click and properties when i had to delete cookies and files. would that screw it up?
also...i ran spyware doctor and i typed a list of a buncha stuff it found below. lemme know if you have any other ideas. i'm fine with using regedit.
i've attached the hjt log from when i rebooted a few minutes ago. (date and time are in the file name, not that it matters, but i i'll be able to review them and compare them if need be.)
please help me get this crap off my system.
thanks for your help...
chip
2nd-thought.com
2o7.net
epilot.com
888.com
exact advertising -trafficmp.com
istbar - sfxwiz32-gcc.exe
deal helper- gjoocbk2, gjoocbk1, gjoocbk
ads.pointroll.com
adknowledge.com
media.adrevolver.com
adrevolver.com
maxserving.com
tickle.com
tradedoubler.com
citi.bridgetrack.com
ads.cc214142.com
tribalfusion.com
atwola.com
revenue.net
perf.overture.com
centrport.net
casalemedia.com
statcounter.com
pcsecurityshield.com
overpro.com - swf studio\pulgins2\inifile.dll
tradedoubler.com
i followed the directions...turned off restore, allowed viewing of all files, etc...
1 thing i had to do was actually open IE instead of just right click and properties when i had to delete cookies and files. would that screw it up?
also...i ran spyware doctor and i typed a list of a buncha stuff it found below. lemme know if you have any other ideas. i'm fine with using regedit.
i've attached the hjt log from when i rebooted a few minutes ago. (date and time are in the file name, not that it matters, but i i'll be able to review them and compare them if need be.)
please help me get this crap off my system.
thanks for your help...
chip
2nd-thought.com
2o7.net
epilot.com
888.com
exact advertising -trafficmp.com
istbar - sfxwiz32-gcc.exe
deal helper- gjoocbk2, gjoocbk1, gjoocbk
ads.pointroll.com
adknowledge.com
media.adrevolver.com
adrevolver.com
maxserving.com
tickle.com
tradedoubler.com
citi.bridgetrack.com
ads.cc214142.com
tribalfusion.com
atwola.com
revenue.net
perf.overture.com
centrport.net
casalemedia.com
statcounter.com
pcsecurityshield.com
overpro.com - swf studio\pulgins2\inifile.dll
tradedoubler.com
RealBlackStuff
Posts: 6,450 +3
What HJT-log?
Without an indication WHERE you found those websites, your info is useless.
Without an indication WHERE you found those websites, your info is useless.
sorry, forgot the attachment
I just ran hjt a few minutes ago after I ran the apropos fix. logs are attached.
in the previous response, I simply listed that spyware doctor had found that stuff. I didn't notice anything before, but I will look again to see if it gives details about where the files are. I figured it might give you more info on what exactly we're dealing with here.
thanks a lot.
chip
I just ran hjt a few minutes ago after I ran the apropos fix. logs are attached.
in the previous response, I simply listed that spyware doctor had found that stuff. I didn't notice anything before, but I will look again to see if it gives details about where the files are. I figured it might give you more info on what exactly we're dealing with here.
thanks a lot.
chip
RealBlackStuff
Posts: 6,450 +3
Apart from this
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
the log is clean (if you overlook that crap-junk from AOL and Symantec...)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
the log is clean (if you overlook that crap-junk from AOL and Symantec...)
