| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63530 | 2005-11-12 23:36:00 | Lots of Internet explorer pop ups... | Naruto28 (7236) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 403889 | 2005-11-13 22:30:00 | Go here (http://www.hijackthis.de/) and post a copy of your logfile in the box there and it will tell you what to get rid off :thumbs: | Overdrive_5000 (4950) | ||
| 403890 | 2005-11-13 22:38:00 | Can I trust this. If it says its nasty, can I trust it? | Naruto28 (7236) | ||
| 403891 | 2005-11-13 22:41:00 | You did it right :) Tick the following. Close browser/s. Tick fix checked. Reboot. If this doesnt remove the following, boot into safe mode, and do the same thing. (and turn system restore off, just in case). This entry maybe spyware/adware. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = bfc.myway.com See if Myway/Mysearchbar is in add/remove programs. If it is uninstall it. O2 - BHO: (no name) - B{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - B{4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - B{5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: (no name) - B{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: (no name) - B{AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - B{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) These maybe spyware/adware O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: BHOPopupSmasher Class - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - C:\WINDOWS\system32\BlockActivex.dll If this is in add/remove programs uninstall it. O4 - HKLM\..\Run: [SystemTraySR] C:\WINDOWS\system32\SRSystemTray.exe Post another log, after you tick the above and reboot. |
Speedy Gonzales (78) | ||
| 403892 | 2005-11-14 20:17:00 | I went to control panel and add/remove programs and I found 'Myway search assisstance' is it the same? Shall i uninstall it? Coz, some viruses, when u uninstall it, that activates the virus. And, when u say tick, do u mean tick on Hijackthis rite? And then clik: Fix Checked. rite? Am I asking too many questions? U see, I dont want anything to be wrong coz, this is a brand new Laptop. kindof. So when I check these and then fix them, everything SHOULD be fine, rite? Thnx :D |
Naruto28 (7236) | ||
| 403893 | 2005-11-14 21:00:00 | Ive done wat u sed speedy, and i scanned my pc again: Logfile of HijackThis v1.99.1 Scan saved at 20:54:10, on 14/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.co.uk R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.dell.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.dell.co.uk R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: BHOPopupSmasher Class - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - C:\WINDOWS\system32\BlockActivex.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [SystemTraySR] C:\WINDOWS\system32\SRSystemTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\ Yahoo! \Common\yhexbmesuk.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\ Yahoo! \Common\yhexbmesuk.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe But... I used Overdrive_5000's site and now it says that the one i highlighted in bold and underlined to be nasty. It wernt there b4: R3 - Default URLSearchHook is missing Shall I get rid of this as well? And after, will there be ANOTHER nasty one? Thnx |
Naruto28 (7236) | ||
| 403894 | 2005-11-14 23:18:00 | No, looks like Myway Search assistance is part of the PC / part of Dell . What it does I wouldnt have a clue . So, leave it in add/remove programs . Thats right, I meant tick the entries in Hijackthis and click on fix checked Tick the following . Tick fixed checked . Do this in safe mode . And turn system restore off . Then turn system back on, after u tick these entries and click on fix checked . And reboot . R3 - Default URLSearchHook is missing O2 - BHO: BHOPopupSmasher Class - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - C:\WINDOWS\system32\BlockActivex . dll O4 - HKLM\ . . \Run: [SystemTraySR] C:\WINDOWS\system32\SRSystemTray . exe - Delete this file - SRSystemTray . exe in safe mode, once, u have tick fix checked . |
Speedy Gonzales (78) | ||
| 403895 | 2005-11-15 16:10:00 | Ahh man, I uninstalled it already, but, I couldnt get rid of : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = bfc.myway.com without uninstalling myway search assisstance, whenever i try to clik fix checked, it comes back, but now i uninstalled it, its gone, I guess its a bad thing then. Anyways, do I have to turn off system restore? coz then all my restore points will be gone, wont they? Thnx :D |
Naruto28 (7236) | ||
| 403896 | 2005-11-15 16:40:00 | I turned off system restore and done wat speedy told me. Now I saved the new llog file and checked it on Overdrive_5000's site...Everything's SAFE! yay. Thnx Speedy :thumbs: I think everything is fine now rite? Thnx :thumbs: |
Naruto28 (7236) | ||
| 403897 | 2005-11-15 17:35:00 | No worries. Good to hear everything's back to normal :) | Speedy Gonzales (78) | ||
| 1 2 | |||||