[jessmar86]

Ok so me and my wife sometimes go one streaming video sites to watch old movies. and since we been to either on of these sites cannot tell which either milledrive or some watch-movies site we been getting pop ups even when the internet is not opened we will come to the screen and there will be 6 different pop ups. Now these are mostly for a game but the other day some porn sites popped up and i closed it before it opened fully so we can watch our movie and now my wife thinks that they are on our computer because i went there which i really honestly did not and she is really pissed at me for something i did not do. I did not go to that site Please can someone explain to me and my wife why these pop ups happened and that its noton our computer from going to that porn site. If so you would save me a great deal.

[Phantom010]

I'd say your computer is infected. But, first post a HijackThis log and if malware is indeed obvious in your log, you will be moved to the Malware Removal forum.

Please download and install HijackThis.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything.

If we indeed find malware, print the whole thread and show it to your wife!

I remember a few years ago, the same thing happened to me. You should have seen what was popping-up on screen, in my wife's face!!!

[blitzkreig]

I would also recommend running a spyware scan.

[jessmar86]

Thank you i will do that tonight. This is such a head ache with this woman shes convinced yet theres grose sites about she males and **** absolutly nothing to do with me anyways thanks again and i will later on tonight check my computer and post it

[Phantom010]

Hurry up with the feedback before she divorces you!

Note: be careful with the **** words...

[jessmar86]

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTF\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\topi\LOCALS~1\Temp\12587.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system32\CTF\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\topi\LOCALS~1\Temp\12587.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 3080 bytes

[Phantom010]

Yup, your computer is indeed infected.

O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\topi\LOCALS~1\Temp\12587.exe

Please click on the Report button and ask to be moved to the Malware Removal forum.

[Phantom010]

After your computer is cleaned up, please install an antivirus, if you want to save your marriage...

[jessmar86]

HAHA yes thank you so much I knew i was right. ONe more question how is it possible for these things to come on our computer when its off. We looked at our temp files and they say it was looked at at like 1am or 340 am when we both were in bed non the less thank you for helping me.

Jesse

[jessmar86]

Wife here hi,

i havent seen any pop ups of porn. Just from a site called wixawin, and those are game sites.

The way i found out about this, is that they were on our browser when i went to write an address on it, two of them, and both were teen porn sites.

Then i looked at our temporary internet files, and found that there were over 20 porn sites visited, BUT mostly when we were either sleeping, and the computer has been turned off. We live alone, so no one else here to do it.

They were not in our page history, which puzzels me, and makes me wonder, someone must of deleted them.

I see some of the game pop ups in the temp. internet files, but, they all have shorter addresses, these porn sites are the whole address (www...etc...).

[Phantom010]

Quote:

Originally Posted by jessmar86

HAHA yes thank you so much I knew i was right. ONe more question how is it possible for these things to come on our computer when its off. We looked at our temp files and they say it was looked at at like 1am or 340 am when we both were in bed non the less thank you for helping me.

Jesse

Perhaps one of you was sleepwalking...

[jessmar86]

yeah the times on our internet files is wrong could this be because of the virus?

[Phantom010]

I honestly don't know.

[jessmar86]

thank you anyways its from the virus for sure no other way

[cybertech]

What you posted is not an entire log.

I am going to close this thread.

Please post a new log, the entire log, in the Malware Removal forum.