What's new
TerraForums Venus Flytrap, Nepenthes, Drosera and more talk

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

HELP! POPUPS!

  • Thread starter Clint
  • Start date

Clint

Stay chooned in for more!
please help me guys. i have yahoo,google, norton, and IE popup blockers. i have spybot search and destroy and ad-aware. i keep getting the same popups from ad-w-a-r-e.com/blahblahblah (it doesn't really say blahblahblah) and then that popup changes to another popup like partpoker.com or gojournalist.com or goodrumor.com. please help me! i've went into Ie and deleted my cookies, and i went to the privacy section and added the popup sights to the "restricted" sights area, hoping that it would stop them. nothing works and it's really annoying. please help me!
 
Pop ups what are they? Are they like poptarts.

Download firefox browser and you'll never have another one.
 
wrong. i just downloaded it and i'm on it now. before the homepage even loaded i got a popup for dna testing, www.cheapress.com,and one to erase porno evidence from your harddrive.
 
Logfile of HijackThis v1.99.1
Scan saved at 3:01:19 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dfndred_7.exe
C:\kybrded_7.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\d3dramp.exe
C:\WINDOWS\system32\MSAgentXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ted\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wxyeb.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hsgimfe.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [d3dramp] C:\WINDOWS\system32\d3dramp.exe
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f....Brg.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\f8j20i1oe8.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Are you using the latest update for adaware pro? I don;t get many popups and I use adwatch to prevent most of them. Sometimes I have to turn it off because it mistakes something I want to see for a popup, but its beter than getting in pooup heck. I duno some people are prone to popups for some reason. LOL
 
oh jeeze now i've got to d/l another program?

....flops over dead
 
I have the adaware pro package and it comes with adwatch in it. I can send it to you if you want.
 
nah i want to see what alvin says.


"oh i'm sorry clint, you need a new computer..."
 
  • #10
For firefox to stop popups you have to select the no popup option.

If you need to know how just let me know.
 
  • #11
Do any of these lines mention a program that sounds familiar to you?

[b said:
Quote[/b] ]

O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [defender] C:\\dfndred_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrded_7.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f....Brg.cab


Go to Add/Remove programs and try and uninstall Surf Sidekick if it's there. There's some information here about uninstalling it, as it looks like it's responsible for the Party Poker popups: Castlecops thread
 
  • #12
ozzy, i already clicked the block popups option.

alvin, i only recall seeing the surfsidekick. i didn't even know it was installed! i'll delete those lines you recommended, thanks!

it wouldn't fix the 010 ones, now what?
 
  • #13
I have been going with Earthlink's popup blocker, just because they're my ISP. It doesn't get them all. So I added something called Panicware and I rarely get any popups.
 
  • #14
I have no idea whatthe problem is. I haven't had a popup inmoths or maybe even a year. I just use the firefox browser.
 
  • #15
Same here Ozzy
biggrin.gif
biggrin.gif

Go Firefox!!!!!!!

tut tut tut.... the problem is simple. You've overlooked something Clint. Not only are Hedgehogs cute and cuddly but they also attract pop-ups in neighbouring computers at an alarming rate
smile_n_32.gif
smile_n_32.gif
.

Zac
 
  • #16
Kudos to Alvin for being on the right track here and for using hijack this. This isn't a matter of popups. This is a matter of a) hijacked home page, and a program running that is spawning popups, in many cases you only need to be connected to the internet for the popups to spawn.

I'll double check the log, but if you delete the "hijacked internet" thing using hijack this, then you should be just peachy.

Kill:

O20 - AppInit_DLLs: repairs303169590.dll

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} http://a248.e.akamai.net/f....Brg.cab

O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

C:\WINDOWS\system32\XPAgent.exe

C:\WINDOWS\system32\d3dramp.exe

C:\WINDOWS\system32\MSAgentXP.exe


Look in to:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wxyeb.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hsgimfe.exe

C:\dfndred_7.exe

C:\kybrded_7.exe

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\f8j20i1oe8.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\


Start there (and with whatever Alvin listed,) and let us know how things look.

And since we seem to be doing hijackthis logs, anyone else wanna submit theirs?
 
  • #17
[b said:
Quote[/b] ]alvin, i only recall seeing the surfsidekick. i didn't even know it was installed! i'll delete those lines you recommended, thanks!

Sorry for the double-post, but my last post is cluttered enough. What does it say when you try to delete them? What I do in cases where it tries to give me guff, I download killbox.exe. If it says that it's write protected or in use, tell killbox to delete it on startup.

That should take care of most whatever is visable!
 
  • #18
And this has to do with carnivorous plants how?
 
  • #19
[b said:
Quote[/b] ]And this has to do with carnivorous plants how?

Welcome to the General Discussion forum. What goes on here does not neccessarily pertain directly to carnivorous plants. If you really want me to pull an answer out of a dark recess: our buddy JLAP couldn't bloody stand using his computer because of these problems, no computer no TF, no TF no cp fix.

TF is about more than just plants, it's also about community. And that's one of the things that makes this place great.
 
  • #20
Holy cow I've only got like 6 running processes. You need to be more carefull, in some cases its alot easier to just reformat the hard drive and reinstall windows.
 
Back
Top