Pop-up ads, and low system resources

[Mark Tawfik]

Hi, i have been getting random pop-up ads lately, and i have not figured out a way to fix them yet. I ran ad-aware SE, and Spybot 1.3, but the problems still keep coming up.

At some point i thought it could have been a virus, so i ran AVG free edition in safe mode, which eliminated several trojans, however, i still am recieving the pop up ads, and the low system resources warning.


Anyone want to help me? Here is a hijack this log just in case anyone wants to look at it.


Logfile of HijackThis v1.98.2
Scan saved at 12:05:46 AM, on 10/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: The Proxomitron.lnk = C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

[habib5885]

...

[guestolo]

Not much too wrong with your log

Have you cleaned out your temp folder
This is a great little utility to aid with it called Windows Cleanup!

After you have it installed
Simply open it, Select Cleanup
Restart your computer afterwards

This will also remove your cookies, if you prefer not to remove them and manually add
signins and passwords later---Open the options and uncheck cookies
This won't remove them forever, just till the next time you sign in
I would recommend the Standard Cleanup for troubleshooting purposes

I do notice this in your log
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

This tells me you may have Norton's installed or not completely uninstalled
Their site has complete removal instructions
Having more than one AV on Startup can cause slower bootup times and conflicts

Optionally, you can have hijackthis fix this entry
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Fix checked only when ALL other windows are closed, including this one
and then Restart

Can you let me know where these popups are directed from
Some kind of name even...

If your not running a popup blocker, you may consider installing the
Free Google Toolbar
If you don't have your own popup blocker

Post back with a fresh hijackthis log after you have done the above, and let me know
some info on the popups
Don't fix anything with hijackthis after you have done the above, let me see the whole log

[habib5885]

....

[habib5885]

....

[guestolo]

Good move on getting Spybot and Ad-Aware
You may want to add this one too you arsenal  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />

This is a different program than the above 2
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html


Your hijackthis log still looks clean
but the addresses you gave me for the popups suspect a culprit

Could you please download and save to desktop
VX2 Finder

Double click to open VX2 and then
"Click the Find VX2.BetterInternet"
Then press "Make a Log" and post that log back here

[habib5885]

........

[habib5885]

...

[guestolo]

SpywareBlaster is a great tool, it doesn't run in the background
It adds reg entries to add bad sites to your Restricted Sites setting so those sites must follow those rules
It also block bad cookies from setting on your computer

It's not 100% full proof, but it sure helps
Hold onto Ad-Aware---Spybot---Avg--and spywareblaster
Keep them updated
AVG---I check everyday for updates---make sure you check a couple times a week
By the way--AVG's free version will be updating shortly, a better scanning engine
Don't get the beta version but wait for the final release
Just keep checking they're website
http://free.grisoft.com/freeweb.php/doc/1/

Ad-Adaware---Check for updates weekly--There is an update today
Spybot---Check every couple of weeks---there was an update yesterday
Run scans after an update
Ad-Aware===You can probably just run Smart System Scan after you are clean
Run a full system scan once a month

SpywareBlaster--Check every couple of weeks---
When there's an update---Simply download the updates and Enable all protection

Don't forget about Spybot's Immunization feature
Simply open Spybot--Click "Immunize" >>>OK>>Click on Immunize at the top

OK--Let's try and get you clean--VX2 finder found some files that are probably causing this

Follow these instructions carefully
Important
Sign off and stay off the internet until the entire procedure is complete

Open VX2 Finder
Press "Click to Find VX2.BetterInternet"
Select all the files found
Press 'Delete These Files'

The program will delete all files.

Once deleted:
a. Press 'User Agent$'
b. 'Press 'Import Reg'
c. 'Restore Desktop'

RESTART your computer

Post back one more hijackthis log and post a new VX2 finder log and let me know how everythings going

[habib5885]

....

[habib5885]

....

[guestolo]

Looks good habib
If everything is running better, you should disable system restore---Restart your computer---enable system restore
This will create a fresh restore point and eliminate the possibility of reinfection from any
nasties in your restore folder
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[habib5885]

.....

[habib5885]

.....

[guestolo]

No problems keeping System Restore disabled, but it may help in times that you feel like fooling around in the registry and you muck things up

You may want to manually backup---up to you
http://www.geekgirls.com/windows_restore_registry.htm

Stay safe http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />