parrotplay
Thread Starter
- Joined
- Apr 13, 2003
- Messages
- 1,299
Hi. I suddenly started being inundated with pop-up ads, some taking up the entire screen and cannot find a way you, unless I use the Task Manager in my XP, which then takes me out of everything, not just that ad closes. Many of these ads say Microsoft on them. Am sure you know...this is one ad right after the next and is so annoying. Can you see anything that may be the problem for this, on my Hijack This Log I just ran? Prior to running this, I ran Spybot and also Adaware 6, both found items that I took care. I usually have none. Not 10, 20 or more. I have Spyware Guard running in the background, Browser HiJack Blaster, X-Cleaner, Spyware Blaster and the Google Pop-up stopper toolbar. AND I just kicked AOL to the curb, finding a much more satisfactory ISP, deleting and uninstalling as much as I could find on AOL. I am not able to uninstall this game control that was installed without me realizing it, just wanted to play a game, it is Wild Tangent. That may be the problem, I don't know. Also, while browsing in Windows to change an icon, I found an item, with a bear, named, "Set De Bug". Is this a problem, what is it?
Seems to me that with all these tools on my side, so many ads and the like would not be able to get through to me, somehow they are. Please let me know if you found any problems on the HijackThis list. And..any suggestions to what i can do, more than I already am, to keep my computer secure. Thank you for your advice and help with this, it is very much appreciated. parrotplay
Logfile of HijackThis v1.97.7
Scan saved at 3:59:23 AM, on 4/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\RAMfreer\RAMfreer.exe
C:\Program Files\Turbo\arteraui.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Turbo\artera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\LEEANN MILLER\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotjjo.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hotjjo.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by hotjjo
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8081;http=localhost:8081
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hotjjo.net
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire46.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke02.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks06.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit25.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet03.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo07.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D3D3F2-A5E0-440D-A51F-2C3A062D7A98}: NameServer = 66.81.0.251 66.81.0.252
Seems to me that with all these tools on my side, so many ads and the like would not be able to get through to me, somehow they are. Please let me know if you found any problems on the HijackThis list. And..any suggestions to what i can do, more than I already am, to keep my computer secure. Thank you for your advice and help with this, it is very much appreciated. parrotplay
Logfile of HijackThis v1.97.7
Scan saved at 3:59:23 AM, on 4/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\RAMfreer\RAMfreer.exe
C:\Program Files\Turbo\arteraui.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Turbo\artera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\LEEANN MILLER\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotjjo.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hotjjo.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by hotjjo
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8081;http=localhost:8081
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hotjjo.net
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire46.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke02.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong.pogo.com/applet/mahjong/mahjong-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks06.pogo.com/applet/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit25.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet03.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: The Sims Pinball by pogo - http://simball02.pogo.com/applet/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo07.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass/worldclass-ob-assets.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D3D3F2-A5E0-440D-A51F-2C3A062D7A98}: NameServer = 66.81.0.251 66.81.0.252