KioskeaKioskeaCommentCaMarcheSign up, it's free !
Wednesday July 9, 2008 - 2:45:56 am BST
They need your help All unanswered messages
popups wont stop. Adaware wont fix it
par spy.war
 Threaded discussions
Statut : Not resolved
Tuesday March 4, 2008 04:55:05 PM
Posted: Wed Oct 24, 2007 1:11 pm Post: 2913222 - popups wont stop. Adaware wont fix it

--------------------------------------------------------------------------------
Hi,
I'm having a serious popup problem. I ran adaware it found a bunch of problems and fixed them. The popups didnt stop. I downloaded hijackthis and ran that here is the log...
Does anyone know how to fix this????

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:10:55 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\?racle\dexplore.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Documents and Settings\Des\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mirs.peoplepc.com/?offername=PeoplePC Accelerated&userName=dezkev&firstName=Billie&qs=AJOGDHPENOJGCOFEIOBIDCCNNAKJCJLNFPCOFNCJLP­PKLDGJHHMFEPCDAMFOKFEEOONPKHDDOLDFAJPDAGDBBJNNFKOLOOHANCFOPFBPJAIGAAACLCIBPAILOPKEJLLL|DKK­PINBFDGNMCNOPADEEAAGOBAFDFELJCLHGH
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {232D2677-68EE-4FA1-B988-279EBC8969ED} - C:\WINDOWS\system32\ddcbaxy.dll
O2 - BHO: (no name) - {5CFDE943-091A-4895-AB44-272DEDB3B4EB} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {87350bba-525b-4163-92d9-f130ec2dc660} - C:\WINDOWS\system32\kpycaqh.dll (file missing)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: (no name) - {9CC2018B-058A-4C7B-AAA1-B9074F07337D} - C:\Program Files\CONEXANT\vibyno83122.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E0B96C2C-AE94-8B16-BB28-F98A37F02BC7} - C:\WINDOWS\system32\iwpat.dll
O2 - BHO: (no name) - {F6BA4936-A288-4A5C-A404-06B21CC7ACBB} - C:\Program Files\CONEXANT\vibyno4444.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [{D1-18-80-0E-ZN}] c:\windows\system32\nodsrngp.exe CHD003
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [Ado] "C:\Program Files\?racle\dexplore.exe"
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://mirs.peoplepc.com/?offername=PeoplePC Accelerated&userName=dezkev&firstName=Billie&qs=AJOGDHPENOJGCOFEIOBIDCCNNAKJCJLNFPCOFNCJLP­PKLDGJHHMFEPCDAMFOKFEEOONPKHDDOLDFAJPDAGDBBJNNFKOLOOHANCFOPFBPJAIGAAACLCIBPAILOPKEJLLL|DKK­PINBFDGNMCNOPADEEAAGOBAFDFELJCLHGH
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://195.73.15.148:82/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.196.35.91/activex/AxisCamControl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://144.75.185.75/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3668AFE-EE9C-4294-83EB-C45B8AA932B1}: NameServer = 66.174.92.14 69.78.96.14
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: ddcbaxy - C:\WINDOWS\SYSTEM32\ddcbaxy.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGVz\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\divovyse.html

--
End of file - 6675 bytes
Configuration: Windows XP
Internet Explorer 6.0
Reply to spy.war  Report this message to moderators Go to last message

1


  • 1    This message seems useful, vote!
  • Ce message ne vous semble pas utile, votez !
  • Report this message to moderators
By percy8, on Tuesday March 4, 2008 05:13:36 PM Threaded discussions
Ohh godness, can't you ask a simple question without showing us all of these?
   
Reply to percy8

2


  • This message seems useful, vote!
  • Report this message to moderators
By honourister, on Thursday April 24, 2008 03:06:11 PM Threaded discussions
"My english is not good, Please forgive for any mistakes"


I am also having the same problem......
I am trying to resolve it...

Mostly that will be a Trojan.Vundo and I am not sure what you got.

Scan your system using Symantec or Mcafee Antivirus. You can get these softwares full version from rapidshare.
Mostly the Symantec or Mcafee catch it and if you see the log file or the result after scanning, you can identify the name of the virus.
If it is a Trojan.Vundo, Download Vundofix and scan your system using Vundofix. Vundofix is freeware.
What it will do is when a trojan.vundo is found or any affected file is found you can click the fix button in Vundofix software. Then it will ask for rebooting your system, you may close all the programs and allow Vundofix to reboot your system. It will delete the affected file from your system during system reboot.

And one more thing is, you can go through the virus found by the Symantec or Mcafee Antivirus.
You can see some suspicious files named rqRIAtRH.dll or uytbqetu.dll or something like that in system32 you should delete.. try deleting manually. and just before deleting check whether it is a system file or not, or just put the file name in google and search for it. If the search results found nothing, dont look back, just delete that file.

Sometime the file you found may not be deleted because it will be attached to some system programs..
To find that just download StartupList and run it.. so you can see the programs running in your system currently and the startup items also.
Just press Ctrl+F or Find the file name you which you found as the suspecious one.
you may find it is attached to some programs like explrer.exe or lsass.exe or taskmgr.exe and just like that.
Kill the process which are associated with the suspecious file and delete the file from system32 or what ever may be your file path...

If you dont understand this please reply to this post.......
_______________________________________________________________________
http://tekren.blogspot.com
   
Reply to honourister

5


  • This message seems useful, vote!
  • Report this message to moderators
By tigz54, on Thursday May 15, 2008 07:21:46 PM Threaded discussions
Okay. this thread could be a lifesaver for me. Here is my problem:
A little while ago, I was surfing the internet (google actually), and out of nowhere, I got like 6 popups, and mozilla froze up. Since I NEVER get popups, I knew somethign was wrong right away. I opened Ad-aware, and did a full scan, cleaned everything up, and was done. I tried openning Mozilla again, but it was REALLY slow, and froze every few seconds. Also, my CPU was running at 80-100% constantly. I opened up task manager and looked at my processes and I noticed I had 3 rundll32.exe running. after some reseach on another computer, I found out that rundll32.exe is a valid system file that is used to execute .dll files. This didnt seem right becasue I am familiar with my normal process list and rundll32 usually isnt on there. I tried to close them, but they just opened back up agian as soon as I had done so. I tried rebooting, with no effect. finally, I opened up the startup programs manager and found that there was a bunch of files that usually arent on there. dwjgq.dll, ljDSIbx.dll, and MSServer (which I found was a name linked to a ssQgGXNH.dll). I tired disabling and deleting said startup entries, but they just reappeared when I refreshed the list. I then found that the entries were all linked to files that are executed by rundll32.exe in my C:\Users\Sasha\AppData\Local\Temp\ folder. I did an advanced search of hidden/system files for .dll and found them. I tried to delete them manually, which didnt work beacuse they were in use by rundll32.exe, which I couldnt close. Finally, I installed and ran Kaspersky antivirus 7 Pro and ran a full scan, which found and cleaned a bunch of trojans and viruses, but it did not touch the .dll files. I manually scaned them, but kaspersky couldnt find anything wrong. Mozilla still freezes (and I get the "busy" mouse graphic", which leads me to think it is doing something) every few seconds, and I still cant fix this problem. I am at a loss. please help
browser: Mozilla Firefox 2
O.S: Vista premium
Computer: HP desktop - very fast, FIOS internet.
my email is tigz_54@yahoo.ca

thanks
   
Reply to tigz54

10


  • This message seems useful, vote!
  • Report this message to moderators
By Runner Girl, on Wednesday June 11, 2008 05:31:47 PM Threaded discussions 
I just had this the other day, I downloaded spybot from http://www.safer-networking.org/en/home/index.html ran it and it found like 90 items to remove. It had me reboot and run it again and it was fixed. Good luck!
   
Reply to Runner Girl

3


  • This message seems useful, vote!
  • Report this message to moderators
By honourister, on Thursday April 24, 2008 03:09:15 PM Threaded discussions
"My english is not good, Please forgive for any mistakes"

One thing i forgot to write.
If the suspected file is attached with lsass.exe or some other critical programs, I am not sure how do I got about that... Now I am trying to solve that problem....
   
Reply to honourister

4


  • This message seems useful, vote!
  • Report this message to moderators
By honourister, on Friday April 25, 2008 10:08:39 AM Threaded discussions
"My english is not good, Please forgive for any mistakes"

Hi I am back....
Just here my experiance...
When ever I open IE and browsing for sometime a POP is coming and telling that you should install this program and blah blah blah...

I have resolved this issue.
Here I am writing what I experianced.

As I told you have to run Antivirus from Symatec or Mcafee.
They will catch all most all the issues.
So files will be deleted only if you reboot your system and that will be decided by the Antivirus.

If you see any virus as Trojan.Vundo you have to download Vundofix and run it and fix the problems.

The very fist reason why these popups are coming is you have enabled the browser extensions for IE in your system.
It is also heard as Browser Helper Objects (BHO). This is the very first thing allows other stupid things like popups, viruses. So we have to disable that. To do that go to Start menu and click the 'run' or Press Wnows+R.
There you type regedit and press enter. Regedit will open and go to here:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Here there is a string Named Enable Browser Extensions. Double click that and the value will be yes make it as no.

Close the regedit window.

Now download the BHODemon 2.
This is a tool to find the BHOs and to disable/enable it.

Let it scan and find the BHO files. When it found all the files you may disable those by unchecking the reuslts.
Once you get into it or see you will understand what I am saying.
Don't forget to write down that bloody file path.
While you try to uncheck a message will come and you have got to read that and as per that you have to download the Spybot Search & Destroy.
Install that and run it and let it scan for the problems in you system.(To scan you have to click search ad destroy)
It will take some time to do all these things and you have got to wait. After finding the problems you have to check all and fix the problems. To fix the problems you have to click the Fix problems button.
Wait untill it fix all the problems.

Thats all you are almost done...

Now you have to take back the file path you have note down from BHODemon and go to that folder and delete that bloody file. Thats all.

To make you registry fresh and clean run Registry Mechanic.
Now your system is free of popups. (I hope).

If you did not understand anything please reply to this post.

Enjoooy.
__________________________________
http://tekren.blogspot.com
   
Reply to honourister

6


  • This message seems useful, vote!
  • Report this message to moderators
By lllll, on Sunday May 25, 2008 07:38:38 PM Threaded discussions
Ok same problem i have like 3 dll run things on it and i dont no what to do i have mcafee and avg and also windows on my computer all scanning right now



my cpu is like always 100% too

My explorer.exe is ussaully above 30k

when my explorer.exe is up i cant google....

pop-ups
   
Reply to lllll

7


  • This message seems useful, vote!
  • Report this message to moderators
By lllll, on Sunday May 25, 2008 07:42:26 PM Threaded discussions
also there is a dllhost
   
Reply to lllll

9


  • This message seems useful, vote!
  • Report this message to moderators
By tid, on Saturday May 31, 2008 06:42:04 AM Threaded discussions
Spyware Doctor and avg then install firefox
   
Reply to tid
Currently no message on this subject
Reply
Message title :
Your nick:
Your E-mail :
Message: 
  •  
  •  
Options: Get the answers by mail.
 

Help