1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

please help me here! i'm desperate! :(

Discussion in 'Virus & Other Malware Removal' started by nobir, Aug 26, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. nobir

    nobir Thread Starter

    Joined:
    Jul 31, 2003
    Messages:
    11
    please, could someone help me out here? this has been going on for 9 months now, and it's driving me nuts!!!

    ok, here's the story..

    ever since January, i've been getting these annoying pop ups! i've tried EVERYTHING ALREADY !!! :
    Ewido Security Suite, Spybot: Search and Destroy v1.3, No-Adware SE, Spy Sweeper, ................. EVERYTHING!

    any suggestions on how i might get rid of them the other way..? :(
     
  2. pedroguy

    pedroguy

    Joined:
    Jan 28, 2001
    Messages:
    6,523
    Nobir:Does everything include running Hijack this.If so,it would be helpful for security experts on this forum to review this log.
    If you do not have HJT then you can download it at

    http://dotcomsecurity.org

    Run the utility and post back with the results and one of the Security heavyweights can assist you.
    Unfortunately,no one or several spyware utilities are able to rid your system of everytrhing that ails it.
     
  3. pedroguy

    pedroguy

    Joined:
    Jan 28, 2001
    Messages:
    6,523
    Nobir:Does everything include running Hijack this.If so,it would be helpful for security experts on this forum to review this log.
    If you do not have HJT then you can download it at

    http://dotcomsecurity.org

    Save it into it's own folder,and run it from there.

    Run the utility and post back with the results and one of the Security heavyweights can assist you.
    Unfortunately,no one or several spyware utilities are able to rid your system of everytrhing that ails it.
     
  4. nobir

    nobir Thread Starter

    Joined:
    Jul 31, 2003
    Messages:
    11
    ok, here's the log file

    Logfile of HijackThis v1.97.7
    Scan saved at 22:31:41, on 26.8.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Microsoft Office\Office\1060\OLFSNT40.EXE
    C:\WINDOWS\System32\WScript.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\rsvp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Blaz K\Desktop\HijackThis.exe

    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Vrata za Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1060\OLFSNT40.EXE
    O4 - Global Startup: Search.vbs
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2AABC39C-B188-4E90-A343-966AFF556544} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sl/filesharingctrl.cab
    O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacation/MaxisVacationTeleX.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093552013031
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{406CD0CB-D42A-4A75-AFB2-9BDA11B54057}: NameServer = 193.189.160.11,193.189.160.12
    O17 - HKLM\System\CCS\Services\Tcpip\..\{837268A3-D440-4188-A16D-F365149B07E7}: NameServer = 193.189.160.11,193.189.160.12
     
  5. Afinogenov

    Afinogenov

    Joined:
    Jul 14, 2004
    Messages:
    147
    might wanna get a pop-up blocker
     
  6. nobir

    nobir Thread Starter

    Joined:
    Jul 31, 2003
    Messages:
    11
    i have one, and it doesnt do ****!
     
  7. Afinogenov

    Afinogenov

    Joined:
    Jul 14, 2004
    Messages:
    147
    or get zone alarm and mozilla firefox. you wont get 1 popup and if u get ZA u will get a fire wall
     
  8. nobir

    nobir Thread Starter

    Joined:
    Jul 31, 2003
    Messages:
    11
    have that too, lol
    and i dont really think i need ZA.. mainly cause i have a built-in firewall in my router

    like i said, i've tried EVERYTHING, except that Hijack thingy..
     
  9. nobir

    nobir Thread Starter

    Joined:
    Jul 31, 2003
    Messages:
    11
    please guys, if anyone has an idea what to do, tell me :(

    and srry for the double post
     
  10. Afinogenov

    Afinogenov

    Joined:
    Jul 14, 2004
    Messages:
    147
    zone alarm blocks pop-ups
     
  11. pedroguy

    pedroguy

    Joined:
    Jan 28, 2001
    Messages:
    6,523
    Hi:Again,I'm no HJT expert but the entry in your log for
    nwiz.exe seems to indicate,according to tasklist.org a virus.I would go look there for the removal instructions and see if we make any progress down that path.
    Also,are your popups consistantly the same subject,if so,what?Maybe some common thread there that can be synched in on.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/266725

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice