Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up Problems


  • Please log in to reply
1 reply to this topic

#1 Ken Graham

Ken Graham

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 27 November 2005 - 03:52 PM

Hello, first time here and thanks in advance for any assistance.

I recently downloaded brute forcer because i wanted to see if it would actually worked. Anyway since i loaded the program i have been having trouble with IExplore windows poping up at random. Before I installed brute forcer i was good to go. I have removed it (i hope) from my system.

I have zone alarm pro set for highest settings. I had google tool bar runing as well (recently uninstalled thought there might have been a virus in toolbar). I have run hijackthis and searched google for known problems but to no avail. I have hijackthis in my program files on my main drive.

The pages that are loading are:
www.starware.com
www.cooldiscount.com
www.virtualdiscount.com
www.jamster.com
www.searc-h.com/normal/yyy65.html
www.megacheap.com
www212.paypopup.com
www.ez-cheap.com/normal/yyy65.html.

Luckily none of it is porn for my yound daughters sake. Some of them don't actually fully load unless I refresh.

Please see my hijackthis log file below:

Logfile of HijackThis v1.99.1
Scan saved at 1:29:38 PM, on 11/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\cisvc.exe
E:\PROGRA~3\SYMANT~1\SYMANT~1\DefWatch.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~3\SYMANT~1\SYMANT~1\Rtvscan.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINNT\system32\rundll32.exe
E:\PROGRA~3\SYMANT~1\SYMANT~1\vptray.exe
E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINNT\system32\rundll32.exe
E:\WINNT\System32\cidaemon.exe
E:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] E:\PROGRA~3\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DSS] E:\WINNT\system32\wintcpmod.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {028518E1-9FA8-44FC-92D7-5C54244B5F36} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132783384765
O20 - Winlogon Notify: BITS - E:\WINNT\system32\nv2029fmg.dll
O20 - Winlogon Notify: NavLogon - E:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - E:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~3\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~3\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe

Thanks again for any assistance.

Ken G

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:51 AM

Posted 27 November 2005 - 05:46 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users