| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 69738 | 2006-06-10 21:35:00 | what is the bane of pop ups? | Dorprod (10527) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 462080 | 2006-06-10 21:35:00 | I got a problem. I just reinstalled Windows XP totally clean. I have spy bot sd and ad aware se. I just got rid of my internet explorer and use mozilla firefox. I have used adaware and spybot 10 times in the past 3 days and got pop ups and trojans and stuff. Now they wont recognize a different kind of pop up. Ill be playing world of warcraft or typing or surfing the web and all of a sudden a voice appears and congradulates me i have won. He lists off Xbox 360 cellphones, tvs , all this stuff. Now there is no window when I hear this voice. I close out all programs and hes still talking. I then use task manager and there is a list of sites made of gibberish characters and sites that i cannot access. They are invisible. But clearly there. Including creative.adsrevenue.net/default/partnerbudsinc and PlayO : Dozens of free online flash games. Fad-604. Consumerpromotioncenter.com Vacation specials. Its quite annoying. I did Hijackthis.exe and nothing appeared but then again what do i know. I hope someone can help cause i can tell you the internet sucks for that. | Dorprod (10527) | ||
| 462081 | 2006-06-10 21:43:00 | Post the HijackThis log online here. I'm sure Speedy Gonzales (sorry if I spelt your name wrong) will fix it. | pcuser42 (130) | ||
| 462082 | 2006-06-10 22:11:00 | With that much spyware and malware appearing, it suggests you are not using a properly configured firewall. What one are you using? Have you applied all the service packs and security updates to XP? Welcome to PressF1 as well :) |
Jen (38) | ||
| 462083 | 2006-06-10 22:26:00 | yeh firewall not enabled ?......or it could be windows messenger goto www.grc.com and download and run 'shoot the messenger' then install msn7.5 if you need a chat prog... | drcspy (146) | ||
| 462084 | 2006-06-11 13:33:00 | Logfile of HijackThis v1.99.1 Scan saved at 8:40:05 AM, on 6/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\LSASS.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\algetglesle.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\algetglesle.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\AIM\aim.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\algetglesle.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alex.POOPSCOO-N6UJ9H\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.vvfy.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.vvfy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.vvfy.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = www.vvfy.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ÓéÀÖÔÚÏß www.vvfy.com F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: localhost 127.0.0.1 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe O4 - HKLM\..\Run: [systwslyel] C:\WINDOWS\System32\algetglesle.exe O4 - HKLM\..\Run: [SOUNDM] winsmd.exe O4 - HKLM\..\Run: [dmaob.exe] C:\WINDOWS\System32\dmaob.exe O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE www.vvfy.com O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{174D9153-928F-432E-BA87-9ED5AC0FB89F}: NameServer = 85.255.115.83,85.255.112.206 O17 - HKLM\System\CS1\Services\Tcpip\..\{174D9153-928F-432E-BA87-9ED5AC0FB89F}: NameServer = 85.255.115.83,85.255.112.206 O17 - HKLM\System\CS2\Services\Tcpip\..\{174D9153-928F-432E-BA87-9ED5AC0FB89F}: NameServer = 85.255.115.83,85.255.112.206 O20 - AppInit_DLLs: KB608769M.LOG O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe |
Dorprod (10527) | ||
| 462085 | 2006-06-11 13:37:00 | over the night under add/remove programs there have been 27 "Security Updates for Windows XP (KB 90####) Seems suspicious seeing that I do not have automatic update or anything to do with windows securtiy . Also a good firewall? I need one. Thanks so much for your help. | Dorprod (10527) | ||
| 462086 | 2006-06-11 17:00:00 | a good firewall?Zonealarm is very popular and easy - a lot of people are quite happy with the free version. And Kerio is very good. | Greg (193) | ||
| 462087 | 2006-06-11 18:03:00 | Here's some results from your scan: C:\WINDOWS\LSASS.exe running process. (LSASS.exe) This entry is not running from the System32 folder, so it is probably nasty. According to Windows database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 To be fixed immediately! (see the space in the word "Policies"? That's a good clue!) O4 - HKLM\..\Run: [dmaob.exe] C:\WINDOWS\System32\dmaob.exe (It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.) Turn off system restore and reboot into safe mode again and click on the above entries, fix them/delete them and reboot and see if they return. This list is possibly not complete, there may be other problems that you will need to fix in the future. |
SurferJoe46 (51) | ||
| 462088 | 2006-06-12 06:03:00 | Boot into safe mode, turn system restore off, run hijackthis again, tick these entries and tick fix checked. C:\WINDOWS\LSASS.exe C:\WINDOWS\System32\algetglesle.exe C:\WINDOWS\System32\algetglesle.exe C:\WINDOWS\System32\algetglesle.exe O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe O4 - HKLM\..\Run: [systwslyel] C:\WINDOWS\System32\algetglesle.exe O4 - HKLM\..\Run: [dmaob.exe] C:\WINDOWS\System32\dmaob.exe O4 - HKCU\..\Run: [IEXPLORE.EXE] IEXPLORE.EXE www.vvfy.com 07 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O20 - AppInit_DLLs: KB608769M.LOG I would also install a AV and firewall program. |
Speedy Gonzales (78) | ||
| 462089 | 2006-06-13 03:03:00 | [QUOTE=Speedy Gonzales] C:\WINDOWS\LSASS.exe O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe O20 - AppInit_DLLs: KB608769M.LOG Its weird I go into safe mode then i have system restore off. I fix these problems and run hijack this and its back. Also the O20 cannot be fixed because of error #5 I these things. I also somehow ended up with about blank again?!? and every time i start up I have these black windows that go through process and close quickly. Thanks for help so far. |
Dorprod (10527) | ||
| 1 2 | |||||