1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: So Many Ads!!!!!!

Discussion in 'Windows XP' started by SolidSnake85, Jul 7, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    When I left my computer on (like usually I do) to eat lunch and watch a movie. When I came back to my computer I got a lot of ads like Aurora. But that's a city in CO. I got pop ups from my computer saying it has pop ups. Does anyone know a really good pop blocker I can use? Also I get The Web Search, Yellow Pages on my desktop and it's very annoying. I would like to get rid of it.
     
  2. Cerviperus

    Cerviperus

    Joined:
    Nov 17, 2004
    Messages:
    94
    Download and install Spybot Search & Destroy, Ad-Aware SE Personal (both found in my sig), and Microsoft's Anti-Spyware (found on www.microsoft.com). Once you have downloaded each of these programs, run their respective updates and run a full scan. Once you've deleted everything they find, download HijackThis. This will install itself into C:\Program Files\HijackThis. Run HijackThis.exe but don't fix anything yet. Save the log to a text file, then copy and paste its results here.
     
  3. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    Two more things. Spyware guard won't open and kinda like I said the search for thing is really annoying and has Yellow Pages and stuff. I know 3/4 programs what you said and the only thing I don't know is Spyware guard and won't open.
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Forget spyware guard for now, do the rest of what was said

    Do this before you post a log

    http://www.noidea.us/easyfile/index.php?folder=2

    download Nailfix.zip
    Unzip it to the desktop but do NOT run it yet.

    Restart in safe mode

    Now in Safe Mode:
    Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
     
  5. Hemant

    Hemant

    Joined:
    Nov 7, 2004
    Messages:
    74
    Just a quick add here, the pop up u got saying that there were pop-ups on your computer, was in itself an infection that needs to be removed
     
  6. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    Yeah I know.
     
  7. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    Oh my gosh! They are back and more vicious than ever!
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    They won't go away until you run the fixes and then post the HiJack log
     
  9. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    Results:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:46:53 AM, on 8/8/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\lnraqr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=1.20030
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=1.20030
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINNT\System32\nsr18.dll
    O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\lnraqr.exe reg_run
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ttupt] C:\WINNT\ttupt.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,[email protected]
    O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka62.exe
    O4 - HKLM\..\Run: [Rebate Retriever] C:\Program Files\Rebate Retriever\RebateRetriever.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - HKCU\..\Run: [connsc] C:\WINNT\System32\connsc.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O20 - Winlogon Notify: MSSYCLM - C:\WINNT\system32\pbisdecd.dll
    O20 - Winlogon Notify: PFW - C:\WINNT\SYSTEM32\UmxWnp.Dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
    O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall\UmxAgent.exe
    O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
    O23 - Service: FW User-Mode Helper (UmxFwHlp) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall\UmxFwHlp.exe
    O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
    O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINNT\System32\UAService7.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:


    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Post that log and a new HiJack log – If the log is too large attach it.
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You also do not have an active AntiVirus

    Run ActiveScan online virus scan

    http://www.pandasoftware.com/activescan/

    When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
    - Save the results from the scan!

    Post that log also

    Then get the free AVG 7 install it, check for updates and run a full scan

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
     
  12. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    Since when I let it scan and I needed to read a book, it shows that it scanned 175,940 known threats in database. And the infected objects found was 454.
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You will have to attach the Ewido log rather than posting it. Now you can see why so many ads
     
  14. SolidSnake85

    SolidSnake85 Account Closed Thread Starter

    Joined:
    Apr 22, 2005
    Messages:
    502
    Well I think right now I get a system privileges alert which pop ups every time. I open a program which it can't recognize.
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/378859

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice