redder Posted September 10, 2005 Share Posted September 10, 2005 A friend of mine has this problem:She gets pop ups without doing anything at all, she connects her computer to the internet and gets pop ups without doing anything.How can i fix this over remote assistance? Link to comment Share on other sites More sharing options...
warrior1109 Posted September 10, 2005 Share Posted September 10, 2005 This could possibly be the messenger service, disable it and you shouldn't get anymore of these annoying popups. Link to comment Share on other sites More sharing options...
ripken204 Posted September 10, 2005 Share Posted September 10, 2005 @warrior1109-i dont understand why people think its the messenger service? have any of you actually used it? because i have used it, its not popups, its a message box.@vando2k-well why do u have to be doing something to get popups? have u ran all of ur anti spyware/virus software? Link to comment Share on other sites More sharing options...
The Rock Posted September 10, 2005 Share Posted September 10, 2005 (edited) go for these softwares, these all are free.Microsoft AntiSpywareSpyBot S&DLavaSoft Ad-AwareThese softwares can be found at w**.download.comdownload all three, Run all three (Update them first) and then ask her to use a safer Internet Browser. I prefer Opera 8.0.2 though Firefox1.0.6 and Netscape 7.2 are good too. Problem solved.The Rock Edited September 10, 2005 by The Rock Link to comment Share on other sites More sharing options...
redder Posted September 10, 2005 Author Share Posted September 10, 2005 go for these softwares, these all are free.Microsoft AntiSpywareSpyBot S&DLavaSoft Ad-AwareThese softwares can be found at w**.download.comdownload all three, Run all three (Update them first) and then ask her to use a safer Internet Browser. I prefer Opera 8.0.2 though Firefox1.0.6 and Netscape 7.2 are good too. Problem solved.The Rock<{POST_SNAPBACK}>Actually I did run those three already, I ran them several times and those pop ups are still persistant, you can have your computer idle and those pop ups will pop up.The messenger service doesn't cause pop ups but thanks for mentioning it, its disabled anyway, and I can't convince her to use Firefox. Link to comment Share on other sites More sharing options...
The Rock Posted September 10, 2005 Share Posted September 10, 2005 go to RUN then type CMD then type MSCONFIG and then on the STARTUP tab. check which programs are there on the start up and for sure the problem will be there too. unckeck it and give us the problems name. Maybe the PopUp is from a Software which is a Shareware. Please post her HiJack This! log here. Link to comment Share on other sites More sharing options...
redder Posted September 10, 2005 Author Share Posted September 10, 2005 Logfile of HijackThis v1.99.1Scan saved at 3:16:57 PM, on 9/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\GWMDMMSG.exeC:\Program Files\PhoneTools\CapFax.EXEC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Real\Update_OB\evntsvc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\AutoUpdate\AutoUpdate.exeC:\WINDOWS\system32\exevox.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\elsgrcoi.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\PROGRA~1\NORTON~1\navapsvc.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exec:\progra~1\intern~1\iexplore.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Yahoo!\Messenger\YPager.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Owner\My Documents\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yaukvmirmn.com/1ApIB4jUQInJZjPv...6fkaRB3d4w.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchant.com/r=6&s=%sR3 - URLSearchHook: URL Search Hook - {AA460422-2CEF-400f-AA05-F63368E04706} - C:\WINDOWS\System32\sh.dllO2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dllO2 - BHO: (no name) - {925F9020-BF21-75E4-1F25-2B8B893A2566} - C:\DOCUME~1\Owner\APPLIC~1\ACTIVE~1\Itch Ace.exeO2 - BHO: (no name) - {C99C6586-22FF-71BC-491C-306D4DEFBDAA} - C:\DOCUME~1\Owner\APPLIC~1\ACTIVE~1\Itch Ace.exeO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: MapQuest - {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} - C:\WINDOWS\DOWNLO~1\mqgold1.dllO3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dllO3 - Toolbar: Free Popup Stopper - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\WINDOWS\System32\ietoolbar.dllO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exeO4 - HKLM\..\Run: [Pop Free License Close] C:\Documents and Settings\All Users\Application Data\Software keep pop free\Balm admin.exeO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exeO4 - HKLM\..\Run: [Eac_Download] C:\PROGRA~1\COMMON~1\EACCEL~1\download.exe -kO4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXEO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [real internet hold rect] C:\Documents and Settings\All Users\Application Data\axisliesrealinternet\sign ball.exeO4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"O4 - HKLM\..\Run: [sF2V32W] exevox.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quietO4 - HKCU\..\Run: [refbias] C:\DOCUME~1\Owner\APPLIC~1\showroad\ANTESECT.exeO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exeO4 - HKCU\..\Run: [iridiumTimeWizard] C:\Documents and Settings\Owner\Desktop\iridium.exeO4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe"O4 - HKCU\..\Run: [dot9RSa7h] elsgrcoi.exeO4 - Startup: PowerReg SchedulerV2.exeO4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXEO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Progra~1\whistlesoftware\WselServices\webband.dll (file missing)O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cabO16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exeO16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} (MapQuest) - http://cdn.mapquest.com/mqtoolbar/mqgold1.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CABO16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cabO16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CABO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dllO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_5.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{4AC3CCB9-E93D-418B-AEA5-A2EB0BB65139}: NameServer = 66.63.192.2 66.63.192.3O18 - Protocol hijack: mhtml - O19 - User stylesheet: (file missing)O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\PROGRA~1\NORTON~1\navapsvc.exeO23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYSO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Link to comment Share on other sites More sharing options...
mark Posted September 10, 2005 Share Posted September 10, 2005 Hi vando2k,Try posting your logfile here MSFN Forum: Malware Prevention. Tarun might be able to help you.DL Link to comment Share on other sites More sharing options...
The Rock Posted September 10, 2005 Share Posted September 10, 2005 SuspicionsC:\WINDOWS\system32\elsgrcoi.exeC:\WINDOWS\system32\exevox.exei dont know for sure, but apart from these i dont see anyother Malware being run at the time the log was taken Link to comment Share on other sites More sharing options...
redder Posted September 10, 2005 Author Share Posted September 10, 2005 Thank you DL and thank you The Rock, I will take those two you mentioned off, I'll submit the log to the category I didn't even know it existed lol, thank you guys! Link to comment Share on other sites More sharing options...
ripken204 Posted September 10, 2005 Share Posted September 10, 2005 well u may have to reinstall windows if u want to really fix the problem, also use firefox. and dont use norton, i like nod32. Link to comment Share on other sites More sharing options...
redder Posted September 10, 2005 Author Share Posted September 10, 2005 well u may have to reinstall windows if u want to really fix the problem, also use firefox. and dont use norton, i like nod32.<{POST_SNAPBACK}>ripken204 I would do that... but she's kind of far, about 6000 miles far, with a ocean in the middle of it, also she's a normal computer user, she won't understand why she would have to use Firefox. Link to comment Share on other sites More sharing options...
Andromeda43 Posted September 10, 2005 Share Posted September 10, 2005 she won't understand why she would have to use Firefox.Because Firefox is "SAFE" and I.E Isn't!!!! It's just that simple. NO BS!Besides, that little red fox is 'cuter' than a big blue "E".She needs, at the least, AdAware SE/Personal, Spybot Search & Destroy 1.4 and Spyware Blaster. If you have access to her 'puter, you should have no problem installing those for her.Then she needs a good, user friendly, AV program like AVG 7 FREE. It can easily be set to update and scan once every day.Then she needs to be taught how to get her updates on a regular (daily, if possible) basis. With all the really good (FREE) security software that's easily available, there's no reason in the world for someone to have a computer screwed up by viruses or spyware. Well, actually there are two reasons....ignorance or lazyness.Cheers,Andromeda43 Link to comment Share on other sites More sharing options...
MHz Posted September 11, 2005 Share Posted September 11, 2005 Centuries ago, people used to be told to spin around 3 times, jump on one foot 25 times, and then stand on their head for 2 days. Just to cure a headache. Seems times have not changed too much.I am certainly not ignorant or lazy to install FireFox. I just do not want the sh*t. Thankyou.I think this thread has gone way off topic with alot of hounding of what software to use... Link to comment Share on other sites More sharing options...
redder Posted September 11, 2005 Author Share Posted September 11, 2005 Well its not about ignorance or lazyness andromeda, some people just dont care that much about computers it may come as a shock to all of us geeks lol but its true. Besides she has dial up, so it would be kind of difficult having her to install all those things by herself, and it would be impossible to do that over remote assistance when i would have to download them all. i just wish i could be there to do it in person, nothing solves these problems more than a format c: I will try to do these things when I get her online since all of this fixing will be done over remote assistance, now im having another problem cuz remote assistance isnt working, but ill fix that in the morning.once again i wanna thank you guys for the support and everything, you really helped a lot Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now