Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove pop-ups!

Started by smawpaws , Aug 20 2006 04:54 AM

  • Please log in to reply

#61
Metallica
Posted 22 September 2006 - 05:10 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Nice startpage. Yours?

Run HijackThis and put a checkmark before these items:

R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk31886US

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.sxload.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{82CD4EC1-2E5F-4ED9-84C0-0DC75C0CA10B}: NameServer = 85.255.115.4,85.255.112.14

Click Fix checked and reboot when HijackTHis is done.

After the reboot make a new log and post it.

Regards,
  • 0

Advertisements

#62
smawpaws
Posted 22 September 2006 - 04:46 PM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
LOL!!! No, not mine. I am just a member. Hubby is a Moderator so he has it as his start page. :whistling:



Logfile of HijackThis v1.99.1
Scan saved at 4:43:08 PM, on 9/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\BJ\Desktop\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4horsemensite.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\BJ\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120340141859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 205.171.2.65,205.171.3.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

#63
Metallica
Posted 23 September 2006 - 02:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Sigh of relief. :lol:

*Metallica puts on party hat. :whistling: :) :blink: :help:

Your log is clean now.

Let me know if this also solved the problems.
  • 0

#64
smawpaws
Posted 25 September 2006 - 02:56 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Well crap. Still having problenms on his desktop. I think I'm just gonna have him save his stuff, delete it, and make another.
I do have a couple of questions about the security stuff I run, if you don't mind. :whistling:

Edited by smawpaws, 25 September 2006 - 02:56 AM.

  • 0

#65
Metallica
Posted 25 September 2006 - 03:17 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Ask away.

I'll answer the ones I can. :whistling:

What problems does he have?
  • 0

#66
smawpaws
Posted 25 September 2006 - 03:24 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
He is still having the same problems. Can't change his background, can access pages, but can't log-in to anything.

I run ewido, adaware, and spybot. And I also have win patrol. Is there anything else you can recommend to keep everthing clean? (I am also looking to get a laptop, so I want to know what's best to install on it.)
  • 0

#67
Metallica
Posted 25 September 2006 - 04:41 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
WinPatrol as resident and AdAware, Spybot and Ewido to scan sounds just about perfect.
But have a look at my site. The link is in my siganture.
There are some more precautions you can take.

The HijackThis log you posted, is that from yours or his account?
  • 0

#68
smawpaws
Posted 25 September 2006 - 04:05 PM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
The last one I posted was from his.
  • 0

#69
Metallica
Posted 26 September 2006 - 12:33 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Our lovely Michelle has written a tutorial for renewing User-accounts.

It might help you.


1.)Go to Start > Control Panel

Double-Click User Accounts
Choose Create a new Account
Type any name for the account then click Next
Choose Computer Administrator then click Create Account

Log off your current account.

2.) Reboot your computer, then log-in to the new account you just created.
or log-off your account and log-in to the third account.

3.) Go into Windows Explorer. You can get to Windows Explorer by going to Start > Run and typing: explorer
Once in Windows Explorer, go up to View > Explorer Bar and put a check next to "Folders".

4.) Then go up to Tools > Folder Options. Click the "View" tab and click "Show Hidden Files and Folders". UNcheck "Hide File Extensions for known file types" and UNcheck "Hide protected operating system files"

5.) Navigate to this folder:

C:\Documents and Settings\Old Username

Old Username is not the actual name of that folder. The name of this folder is whatever name you have for the account with problems.

Once inside that folder, PRESS and HOLD the Ctrl key. Then use your mouse and LEFT-click ALL files and folders to highlight them EXCEPT the following:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

Do NOT highlight those 3 files.

Once all files and folders are highlighted (except the above three!) go up to "Edit > Copy"

Now, navigate to this folder:

C:\Documents and Settings\New Username

New Username is whatever the name of your second account (make sure it's NOT the 3rd account!)

Once inside that folder, go up to "Edit > Paste"

Now, log-off the third account and log-in into the second account and your data will be there now. :whistling:

If you use Outlook Express for your e-mails, please follow the instructions in this topic to move the e-mails/address book to your new profile:

http://support.micro....com/kb/313055/


Hope it helps,
  • 0

#70
smawpaws
Posted 26 September 2006 - 03:02 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Wow! Okay. This one may take a bit. So, I won't have to save anything to disk, right?
  • 0

Advertisements

#71
Metallica
Posted 26 September 2006 - 03:54 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
It wouldn't hurt to have backups, but if all goes well, they won't be necessary.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP