![]() |
![]() |
![]() |
|||||
![]() |
![]() |
![]() |
![]() |
![]() |
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
|
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 3
OS: WinXP
|
Pop-up woes & HJT Log
For awhile now, I've been getting this annoying series of pop-ups whenever I'm online. It's the same 8 or 10 messages that look like old-style Windows error messaging.
I've run both Spybot & Ad-aware, and I've run one of the online virus checking services recommended before using HJT. I dowloaded HJT & the HJT Analyzer and ran them. I freely admit I'm a novice when it comes to back-end code, as it's mostly Greek to me, but I think I followed the instructions correctly. In any case, I sure would appreciate any help you folks could give to kill off these pop-ups. Here's the output of the HJT Log Analyzer: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:00:01 PM, on 4/10/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\NetZero\qs\exec.exe C:\Program Files\NetZero\qs\exec.exe C:\Program Files\NetZero\qsacc\x1exec.exe C:\Documents and Settings\Mark\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registrat...rk_S.&Lang=Enu R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 35;64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-spee d.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;<local> R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=041105 serial=pe02cbx-0000003-nmd lang=EN O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Show Original Image - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7265871D-C21C-4B73-9A9E-9CC16B6457F4}: NameServer = 64.136.28.120 64.136.20.120 O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) End of KRC HijackThis Analyzer Log. ==================================================================== Thanks! |
|
|
| Sponsored Links |
|
|
#2 (permalink) |
|
Analyst, Security Team
|
Welcome to TSF.
Do you still have problems now? I don't see anything wrong in the log. Make sure to update Windows and Internet Explorer at http://v5.windowsupdate.microsoft.co....aspx?ln=en-us. Your log is clean. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 3
OS: WinXP
|
Still there...
Yup, still gettin' 'em. I dunno if this helps, but the Task Manager says that, wherever the pop-ups are from, they're hiding in the "csrss.exe" file, which I understand is something the system actually needs to run properly. I had previously downloaded the XP fix, and today I switched over to the latest Firefox browser, but I still get the pop-ups.
Thanks! Mark |
|
|
|
|
#4 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
Let's see if they are Messenger pop-ups (not the IM Messenger, the one that allows computers to communicate on a network).
Please go to www.grc.com and run "Kill the Messenger", and see if that reduces the problem any. A firewall would also help,and I don't see one in your log. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools/programs provided. Having followed these steps, let us know the results. |
|
|
|
|
#5 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 3
OS: WinXP
|
Success!
I think killing the messenger did the trick. I downloaded the application and ran it, and was able to spend a few hours online without any more of the messages popping up. I feel my sanity is slowly returning. I'll beef up the protection using the options you folks advised. Thanks muchly!
|
|
|
| Thread Tools | |
|
|