Home > Hijackthis Log > Hijackthis Log. Random Popups

Hijackthis Log. Random Popups

Thanks, please tell me what to do next.Malwarebytes' Anti-Malware 1.31Database version: 1456Windows 5.1.2600 Service Pack 312/3/2008 10:18:23 PMmbam-log-2008-12-03 (22-18-23).txtScan type: Quick ScanObjects scanned: 67812Time elapsed: 25 minute(s), 30 second(s)Memory Processes Infected: This program INSTANTLY found my problem. Random popups really irritating (HijackThis log included)[RESOLV Started by Terror Train , Jul 26 2006 05:47 AM Page 1 of 2 1 2 Next This topic is locked #1 Terror Train or read our Welcome Guide to learn how to use this site. http://exomatik.net/hijackthis-log/hijackthis-log-random-ie-popups.php

here is my most recent hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:22:07 PM, on 6/6/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot Post another log if you are still having problems. Please download Ewido Anti-MalwareInstall ewido anti-malwareLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything.

Please re-enable javascript to access full functionality. Advertisement AntonChigur Thread Starter Joined: Jun 6, 2008 Messages: 3 I am on vista, Ive been having some random popups in both ie and firefox. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 11705 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------S3 catchme - c:\docume~1\jonath~1\locals~1\temp\catchme.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

Also, try running GMER in Safe Mode.**Caution**Rootkit scans often produce false positives. How is it running ?Please use the following suggestion to help prevent reinfectionDownload the following program, For keeping crap off your system to begin withPrevent the installation of ActiveX-based spyware, adware, Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context In this modern day there are a large number of files that hide from conventional scanners. Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exeAV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}Call of Duty 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033 ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXECreative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield After you have run "Option #5", use the instructions above run "Option #1" again. 0 #3 Terror Train Posted 26 July 2006 - 06:44 PM Terror Train New Member Topic Starter

Now may I please see the VundoFix log I asked for in post #3 go have a look on how to go about running this tool. Anyways run this tool show me it's logfile along with a new HijackThis log.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, Circle us on Google+ Back to top #3 Blade Blade Strong in the Bleepforce Site Admin 12,673 posts OFFLINE Gender:Male Location:US Local time:06:20 PM Posted 22 July 2010 - 10:19 Click here to join today!

Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odlO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exeO9 - Extra button: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and

No more pop-ups. check my blog Nothing. Not sure if these are related. Please re-enable javascript to access full functionality.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged If a piece of the infection is left, it can regenerate and reinfect your machine. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. http://exomatik.net/hijackthis-log/hijackthis-log-ie7-random-popups-for-virus-protection.php I have run vundofix, ad-aware, norton 08, and spybot search and destroy with no results.

Then, please go to Start > My Computer and navigate to the C:\BFU folder. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - MAXTOR STM3160815AS - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:-- Security Center -------------------------------------------------------------AUOptions is scheduled to successful Scanning First Pass.

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump

Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 11942 bytes Back to top #2 riffejl riffejl Member Members 18 posts Posted 20 November 2007 - 04:15 AM I tried to upload the ad-aware Do not run the fix portion without fixing this first. Please download Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Additionally, some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. Inc.; YPCService Module>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Universal Serial Bus (USB) ControllerDevice ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_26021019&REV_A3\3&2411E6FE&0&11Manufacturer: Name: Universal Serial Bus (USB) ControllerPNP Device ID: PCI\VEN_10DE&DEV_03F2&SUBSYS_26021019&REV_A3\3&2411E6FE&0&11Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Ethernet ControllerDevice ID: Loading... have a peek at these guys The bad news therefore is that there is something else on your computer that is causing them.

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Log Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: Messenger LegalCopyright : © 1998-2006 Yahoo! Register now!

Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). random popups and hung windows shut down Started by riffejl , Nov 20 2007 04:14 AM Page 1 of 2 1 2 Next Please log in to reply 32 replies to

If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that Please re-enable javascript to access full functionality. Please try again now or at a later time. When the scan is complete, two text files will open - Main.txt and Extra.txtExtra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet -

C:\Documents and Settings\John Page\Desktop\l2mfix\dlls\g0lmla311d.dllAttempting to delete infected files...Attempting to delete: C:\Documents and Settings\John Page\Desktop\l2mfix\dlls\g0lmla311d.dllC:\Documents and Settings\John Page\Desktop\l2mfix\dlls\g0lmla311d.dll Deleted successfully!Making registry repairs.Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9EC7C591-3817-4FEE-95BC-29BF308E8067}"HKCR\Clsid\{9EC7C591-3817-4FEE-95BC-29BF308E8067}Restoring Windows certificates.Replaced hosts file with default windows Of course i searched this weatherbug on the internet and found all kinds of problems with this adware program and problems it caused, and good old REALPLAYER ships it with their Thanks! *** Logfile of HijackThis v1.99.0 Scan saved at 11:11:23 AM, on 3/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Yahoo!

Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!Reboot your computer into Safe Mode.