Popups?

Energize · 15 Jun 2006 at 16:05

For some reason I keep getting bloody pop ups advertising stuff, the thing is though I have spybot and adaware fully updated, and there is no spyware, I have nod32 which has detected no viruses and I have a hardware firewall and am using firefox. It just doesnt make sense, even after I formatted Im still getting them.

hp7909 · 15 Jun 2006 at 16:10

Energize said:
For some reason I keep getting bloody pop ups advertising stuff, the thing is though I have spybot and adaware fully updated, and there is no spyware, I have nod32 which has detected no viruses and I have a hardware firewall and am using firefox. It just doesnt make sense, even after I formatted Im still getting them.

Need to turn off Messenger Service, though shouldn't be an issue if running Windows XP SP2

Seek Baddass' sticky at top of forum :cool:

The_KiD · 15 Jun 2006 at 16:10

Start > run > services.msc > OK

Scroll and find Messenger Server (nothing to do with MSN). Right click on it and choose properties, the in the startup type drop down box, select disabled.

Now click Stop, when it is stoppped close all your windows and you shouldnt get those messages any more.

hp7909 · 15 Jun 2006 at 16:12

Wait, or do you mean normal web page pop-ups?

Energize · 15 Jun 2006 at 18:58

hp7909 said:
Wait, or do you mean normal web page pop-ups?

A firefox window pops up with an advert can happen on any website even ocuk.

hp7909 · 15 Jun 2006 at 19:53

Energize said:
A firefox window pops up with an advert can happen on any website even ocuk.

Is 'Block Popup Windows' enabled in the Contents tab in Tools>Options?

Then recommend getting Adblock & Adblock Filterset.G Updater Extensions/Addons from here

Also, do you have a firewall? If not recommend enabling Windows Firewall or getting ZoneAlarm Free (here) :cool:

hp7909 · 15 Jun 2006 at 19:57

Energize said:
{snip}I have a hardware firewall{snip}

You still need a software firewall - I believe blocking pop ups is its area of expertise. Hardware prevents more serious attacks

Energize · 15 Jun 2006 at 20:30

hp7909 said:
You still need a software firewall - I believe blocking pop ups is its area of expertise. Hardware prevents more serious attacks

A hardware firewall is just the same as a software one but better, they do essentially the same thing, hardware firewalls don't use rescources either.

Ill try those extensions, thanks.

hp7909 · 15 Jun 2006 at 21:14

Energize said:
A hardware firewall is just the same as a software one but better{snip}

Really? Also :cool:

Energize · 15 Jun 2006 at 21:21

That article is out of date, good hardware firewalls allow you to configure outgoing traffic making that a non issue. They do the same job as each other, block traffic since hardware firewalls dont use resources and can deal better with large attacks imo they are better.

The_KiD · 15 Jun 2006 at 21:48

If your still having the popup problem, then please paste a HiJackThis log here and i will take a look for you.

It is important that you dont fix anything with HJT unless advised what to do by myself or someone else with HJT experience.

You can find people to trust in the ASAP link in my signature if you would prefer someone else's opinion.

Energize · 15 Jun 2006 at 22:11

Logfile of HijackThis v1.99.1
Scan saved at 22:09:11, on 15/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Ash\Desktop\VirtualDub-MPEG2\VirtualDub.exe
C:\Documents and Settings\Ash\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.overclockers.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149895203109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149895192187
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

The_KiD · 16 Jun 2006 at 08:08

Well the good news is that there is nothing suspicious in that log.

So hopefully the popups have now gone.