Pop ups without doing anything

[redder]

A friend of mine has this problem:

She gets pop ups without doing anything at all, she connects her computer to the internet and gets pop ups without doing anything.

How can i fix this over remote assistance?

[warrior1109]

This could possibly be the messenger service, disable it and you shouldn't get anymore of these annoying popups.

[ripken204]

@warrior1109-i dont understand why people think its the messenger service? have any of you actually used it? because i have used it, its not popups, its a message box.

@vando2k-well why do u have to be doing something to get popups? have u ran all of ur anti spyware/virus software?

[The Rock]

go for these softwares, these all are free.

Microsoft AntiSpyware

SpyBot S&D

LavaSoft Ad-Aware

These softwares can be found at w**.download.com

download all three, Run all three (Update them first) and then ask her to use a safer Internet Browser. I prefer Opera 8.0.2 though Firefox1.0.6 and Netscape 7.2 are good too. Problem solved.

The Rock

Edited September 10, 2005 by The Rock

[redder]

go for these softwares, these all are free.

Microsoft AntiSpyware

SpyBot S&D

LavaSoft Ad-Aware

These softwares can be found at w**.download.com

download all three, Run all three (Update them first) and then ask her to use a safer Internet Browser. I prefer Opera 8.0.2 though Firefox1.0.6 and Netscape 7.2 are good too. Problem solved.

The Rock

<{POST_SNAPBACK}>

Actually I did run those three already, I ran them several times and those pop ups are still persistant, you can have your computer idle and those pop ups will pop up.

The messenger service doesn't cause pop ups but thanks for mentioning it, its disabled anyway, and I can't convince her to use Firefox.

[The Rock]

go to RUN then type CMD then type MSCONFIG and then on the STARTUP tab. check which programs are there on the start up and for sure the problem will be there too. unckeck it and give us the problems name. Maybe the PopUp is from a Software which is a Shareware. Please post her HiJack This! log here.

[redder]

Logfile of HijackThis v1.99.1

Scan saved at 3:16:57 PM, on 9/10/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\GWMDMMSG.exe

C:\Program Files\PhoneTools\CapFax.EXE

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\system32\exevox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\elsgrcoi.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\PROGRA~1\NORTON~1\navapsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

c:\progra~1\intern~1\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yaukvmirmn.com/1ApIB4jUQInJZjPv...6fkaRB3d4w.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchant.com/r=6&s=%s

R3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\WINDOWS\System32\sh.dll

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: (no name) - {925F9020-BF21-75E4-1F25-2B8B893A2566} - C:\DOCUME~1\Owner\APPLIC~1\ACTIVE~1\Itch Ace.exe

O2 - BHO: (no name) - {C99C6586-22FF-71BC-491C-306D4DEFBDAA} - C:\DOCUME~1\Owner\APPLIC~1\ACTIVE~1\Itch Ace.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MapQuest - {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} - C:\WINDOWS\DOWNLO~1\mqgold1.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll

O3 - Toolbar: Free Popup Stopper - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\WINDOWS\System32\ietoolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Pop Free License Close] C:\Documents and Settings\All Users\Application Data\Software keep pop free\Balm admin.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [Eac_Download] C:\PROGRA~1\COMMON~1\EACCEL~1\download.exe -k

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [real internet hold rect] C:\Documents and Settings\All Users\Application Data\axisliesrealinternet\sign ball.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [sF2V32W] exevox.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [refbias] C:\DOCUME~1\Owner\APPLIC~1\showroad\ANTESECT.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe

O4 - HKCU\..\Run: [iridiumTimeWizard] C:\Documents and Settings\Owner\Desktop\iridium.exe

O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe"

O4 - HKCU\..\Run: [dot9RSa7h] elsgrcoi.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Progra~1\whistlesoftware\WselServices\webband.dll (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_5.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AC3CCB9-E93D-418B-AEA5-A2EB0BB65139}: NameServer = 66.63.192.2 66.63.192.3

O18 - Protocol hijack: mhtml -

O19 - User stylesheet: (file missing)

O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\PROGRA~1\NORTON~1\navapsvc.exe

O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[mark]

Hi vando2k,

Try posting your logfile here MSFN Forum: Malware Prevention. Tarun might be able to help you.

DL

[The Rock]

Suspicions

C:\WINDOWS\system32\elsgrcoi.exe

C:\WINDOWS\system32\exevox.exe

i dont know for sure, but apart from these i dont see anyother Malware being run at the time the log was taken

[redder]

Thank you DL and thank you The Rock, I will take those two you mentioned off, I'll submit the log to the category I didn't even know it existed lol, thank you guys!

[ripken204]

well u may have to reinstall windows if u want to really fix the problem, also use firefox. and dont use norton, i like nod32.

[redder]

well u may have to reinstall windows if u want to really fix the problem, also use firefox. and dont use norton, i like nod32.

<{POST_SNAPBACK}>

ripken204 I would do that... but she's kind of far, about 6000 miles far, with a ocean in the middle of it, also she's a normal computer user, she won't understand why she would have to use Firefox.

[Andromeda43]

she won't understand why she would have to use Firefox.

Because Firefox is "SAFE" and I.E Isn't!!!! It's just that simple. NO BS!

Besides, that little red fox is 'cuter' than a big blue "E".

She needs, at the least, AdAware SE/Personal, Spybot Search & Destroy 1.4 and Spyware Blaster. If you have access to her 'puter, you should have no problem installing those for her.

Then she needs a good, user friendly, AV program like AVG 7 FREE. It can easily be set to update and scan once every day.

Then she needs to be taught how to get her updates on a regular (daily, if possible) basis. With all the really good (FREE) security software that's easily available, there's no reason in the world for someone to have a computer screwed up by viruses or spyware. Well, actually there are two reasons....ignorance or lazyness.

Cheers,

Andromeda43

[MHz]

Centuries ago, people used to be told to spin around 3 times, jump on one foot 25 times, and then stand on their head for 2 days. Just to cure a headache. Seems times have not changed too much.

I am certainly not ignorant or lazy to install FireFox. I just do not want the sh*t. Thankyou.

I think this thread has gone way off topic with alot of hounding of what software to use...

[redder]

Well its not about ignorance or lazyness andromeda, some people just dont care that much about computers it may come as a shock to all of us geeks lol but its true. Besides she has dial up, so it would be kind of difficult having her to install all those things by herself, and it would be impossible to do that over remote assistance when i would have to download them all. i just wish i could be there to do it in person, nothing solves these problems more than a format c:

I will try to do these things when I get her online since all of this fixing will be done over remote assistance, now im having another problem cuz remote assistance isnt working, but ill fix that in the morning.

once again i wanna thank you guys for the support and everything, you really helped a lot