ie poping up while on firefox
-
Re: ie poping up while on firefox
I ran the proseses as surgested in the prevous link and am still haveing problems so heres the cog file mentioned :
Logfile of HijackThis v1.99.1
Scan saved at 18:53:28, on 07/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Seticon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Maven\mavenAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPodder\iPodder.exe
C:\Program Files\Maven\mavenUpdater.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\other stuff\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.2.1:1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SetIcon] Seticon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: VNIStartup.lnk = C:\WINDOWS\system32\correc16.exe
O4 - Startup: iPodder.lnk = C:\Program Files\iPodder\iPodder.exe
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ebay.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02abf886...p/RdxIE601.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: WICEGKO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\alex\LOCALS~1\Temp\WICEGKO.exe
If any of that helps if it cant be solved how do i go about completly removeing I.e. and geting everything to use firefox cos all ie is doing at the min is giveing me popups .
-
Welcome to DAL,
Did you install Messengerplus3 with sponsors?
If so might want to uninstall thru add/remove program and reinstall with out the sponsors.
Make sure you can see hidden files/folders
In Windows XP
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
After you're cleaned, please "rehide" them again.
Scan with HJT again and put a check next to these items, making sure all browser windows are closed includeing this one so print this or create a new text document on desktop by right clicking an open area select new text document and save it to what ever you like. Now put a check next to these:
O4 - Startup: VNIStartup.lnk = C:\WINDOWS\system32\correc16.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02abf88...ip/RdxIE601.cab
Again make sure all browser windows are closed and click FIX
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
C:\WINDOWS\system32\correc16.exe < delete this file
Reboot normal mode
Internet Explorer required
Run these two online virus scanners (Panda Activescan) following these instructions below:
http://www.pandasoftware.com/product..._principal.htm
Internet Explorer required
Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html
These scans will take more than an hour to complete, so make sure you have time to let them run thru. Save the Panda scan log and the BitDefender log and post them back here please with a new Hijackthis log.
Thanks.
-
hi still getting ocasionl instances of ie poping up with adds even after running the proseses surgested
here is the bit defender and hjack this logs
bit defender
BitDefender Online Scanner
Scan report generated at: Wed, Nov 09, 2005 - 21:26:52
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
02:27:55
Files
254330
Folders
5799
Boot Sectors
3
Archives
6767
Packed Files
19903
Results
Identified Viruses
5
Infected Files
12
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
20
Engines Info
Virus Definitions
232948
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll
Detected with: Adware.Winad.J
C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll
Disinfection failed
C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll
Deleted
C:\WINDOWS\pk_zip1.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip1.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip2.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip2.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip3.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip3.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip4.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip4.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip5.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip5.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip6.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip6.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip7.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip7.log=>(BASE64)
Deleted
C:\WINDOWS\pk_zip8.log=>(BASE64)
Infected with: Win32.Netsky.AA@mm
C:\WINDOWS\pk_zip8.log=>(BASE64)
Deleted
C:\Documents and Settings\family\My Documents\cj docs\Cliprexdsfree.exe=>(NSIS o)=>bzip2_nsis0011
Detected with: Application.Adware.180solutions.A
C:\Documents and Settings\family\My Documents\cj docs\Cliprexdsfree.exe=>(NSIS o)=>bzip2_nsis0011
Disinfection failed
C:\Documents and Settings\family\My Documents\cj docs\Cliprexdsfree.exe=>(NSIS o)=>bzip2_nsis0011
Deleted
C:\Documents and Settings\family\My Documents\cj docs\Cliprexdsfree.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{1FBC0A82-C85E-4E0A-82FD-1FC90AAB36F9}\RP469\A0188790.exe
Detected with: Application.SurfAccuracy.A
C:\System Volume Information\_restore{1FBC0A82-C85E-4E0A-82FD-1FC90AAB36F9}\RP469\A0188790.exe
Disinfection failed
C:\System Volume Information\_restore{1FBC0A82-C85E-4E0A-82FD-1FC90AAB36F9}\RP469\A0188790.exe
Deleted
D:\System Volume Information\_restore{C549968A-FD0B-4CFF-B5C4-E6728DD9BADC}\RP335\A0146209.exe=>(NSIS o)=>bzip2_nsis0011
Detected with: Application.Adware.180solutions.A
D:\System Volume Information\_restore{C549968A-FD0B-4CFF-B5C4-E6728DD9BADC}\RP335\A0146209.exe=>(NSIS o)=>bzip2_nsis0011
Disinfection failed
D:\System Volume Information\_restore{C549968A-FD0B-4CFF-B5C4-E6728DD9BADC}\RP335\A0146209.exe=>(NSIS o)=>bzip2_nsis0011
Deleted
D:\System Volume Information\_restore{C549968A-FD0B-4CFF-B5C4-E6728DD9BADC}\RP335\A0146209.exe=>(NSIS o)
Update failed
-
Hi,
Please post a new hijackthis log and the panda scan log please. Thanks.
Also what do the popups say, what site are they coming from?
-
hi soory i dint repply thanx for the help, the proplem seems to have gone away so im asuming one of my ainti spyware things got it.
