| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 59497 | 2005-07-04 05:04:00 | Internet Explorer Popups | Painted-Death (8473) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 369196 | 2005-07-04 05:04:00 | Hi there, My PC keeps getting an Internet Explorer popup about every 5 minutes, even w hen I'm not connected, nor using IE. I've run Spybot S&D twice with no result, I've run a Norton Antivirus Scan with no result. Here's a copy of my HijackThis logfile: Logfile of HijackThis v1.99.1 Scan saved at 3:57:59 p.m., on 4/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Installed Progs\WindowBlinds\wbload.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\Anvshell.exe C:\Program Files\Messenger Plus! 3\MsgPlus1.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Labtec Wireless Desktop\MagicKey.exe C:\Program Files\Labtec Wireless Desktop\MulMouse.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Labtec Wireless Desktop\OSD.EXE C:\Program Files\Mozilla Firefox\firefox.exe c:\windows\system32\gisemt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\SpywareBlaster\spywareblaster.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [anvshell] C:\WINDOWS\Anvshell.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ermbwe] c:\windows\system32\gisemt.exe r O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteajd32.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe" /WinStart O4 - HKCU\..\Run: [Handy Backup 4.1] D:\Installed Progs\Handy Backup\hbagent.exe -logon O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\SHDOCVW.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\SHDOCVW.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\INSTAL~1\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Internet Sweeper Pro\autocomp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Could anybody PLEASE help me? It gets incredibly annoying. Thanks. |
Painted-Death (8473) | ||
| 369197 | 2005-07-04 05:28:00 | Not sure what this is: c:\windows\system32\gisemt.exe This is the BIG problem. F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe ?? O4 - HKLM\..\Run: [ermbwe] c:\windows\system32\gisemt.exe r ?? O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteajd32.exe Kill this too O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing www.tek-tips.com forums.techguy.org |
pctek (84) | ||
| 369198 | 2005-07-04 06:02:00 | my comp used to have a lot of junk that was causing pop ups on it also... i owuld suggest getting something called security task manager (tells u which processes are susispicious and lets u quarintine them)url= www.neuber.com also u should get ad-aware it scans for spy ware (http://lavasoftusa.com) if u use ad aware and it finds running processes or in use files and cant delete them cuz there in use/running run windows in "safe mode with command prompt" and run ad aware from command promt with out opening explorer.exe... that should get rid of all ur problems oh and if u do get Ad Aware make sure u update the data base... |
CorbinH (37) | ||
| 369199 | 2005-07-04 06:15:00 | looks like you have the elite toolbar. you have to remove this while in safemode as it hides itself from explorer while in normall mode which is proberly why you havn't been able to remove it. | tweak'e (69) | ||
| 1 | |||||