Pop ups not going away ,did about everything

Status
Not open for further replies.
S

smazz

Posts: 17   +0
Ok, This is what I did to get rid of the pop ups ,I ran spy bot ,adware,trojan remover,anti malware,virus scans,xoftspy.I ran them in normal and in safe mode.They all found plenty of infections or problems .But I still have annoying pop ups about 1 every couple of minutes.I nevr had this problem until about 2 weeks ago.I use slimbrowser ,or Ie and I still get the pop ups in slimbrowser.
But they pop up as IE browser .I also get wierd pop ups that just look like a small picture all advertisments.I did a system restore .Here is the log from Hijack this.If anyone can read this and let me know what is what ,and what to look for,or fix .Hope someone can help
Thanks, Sal,

Logfile of HijackThis v1.99.1
Scan saved at 4:40:10 PM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Weather Watcher\ww.exe
C:\SABRE\Apps\ATS\SSSClnt.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\wspan\swgw\FilterAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Linda M\My Documents\downsave\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmailb.netzero.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmailb.netzero.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Sabre Site Services] C:\SABRE\Apps\ATS\SSSClnt.EXE
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: Html To Image - C:\Program Files\Html To Image\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PopStop - {20988EDF-4CB5-4083-9829-262BBFD0CD52} - E:\programs reinstall\PopStop\PopStop.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: .worldspan.com[/url]
O15 - Trusted Zone: .wspan.com[/url]
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132339616323
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.82.downloads.esta...9.25.47.82_58102&=&req=1136841166250OneCC.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - http://go.worldspan.com/Dlls/WSFileIO3.cab
O16 - DPF: {8D33B6F0-1E74-419C-BBEF-D00E976A3A5D} (WSFileIO Class 2) - https://go10f.wspan.com/secure/DLLs/WSFileIO2.cab
O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://go10f.wspan.com/secure/DLLs/WSBrowserConfig.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D4233B6D-88A0-11D3-BC29-400011500032} (WspGoCal Class) - https://gopublic.wspan.com/scripts/us/bin/WSCAL.CAB
O16 - DPF: {F2C74EB6-1E7C-44A1-8EBA-CEDB52D47108} - https://gopublic.wspan.com/Secure/Dlls/WSClient.cab
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\ir0ul5d91.dll
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back