Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Wasted 2 Days Already


  • This topic is locked This topic is locked
123 replies to this topic

#46 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 04:32 PM

Not sure if you wanted me to uncheck Hide Standard NTFS Metadata files under Options but I did. Here is the report:

can you run that again and leave Hide Standard NTFS Metadata files checked


aslo make sure you update firefox

Edited by LDTate, 06 June 2006 - 04:34 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#47 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 07:01 PM

When I scan with network unplugged, there was only one discrepancy on the D drive. I plugged the network cable back on and it found 6 more. Should I wait till the pop ups appear and then scan again? BTW, I am already using the newest version of Mozilla Firefox. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory 6/6/2006 4:43 PM 168 bytes Windows API length not consistent with raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath 6/6/2006 4:43 PM 182 bytes Windows API length not consistent with raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath 6/6/2006 4:43 PM 182 bytes Windows API length not consistent with raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath 6/6/2006 4:43 PM 182 bytes Windows API length not consistent with raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath 6/6/2006 4:43 PM 182 bytes Windows API length not consistent with raw hive data. D: 0 bytes Error mounting volume

Edited by MLL, 06 June 2006 - 07:02 PM.


#48 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 07:07 PM

Disabling the Messenger Service To remove the ability for anyone in the world to pop up messages on your computer, you can disable the Messenger service. Its easy to reverse at a later time if you wish to do so. Windows XP Home Click Start->Settings ->Control Panel Click Performance and Maintenance Click Administrative Tools Double click Services Scroll down and highlight "Messenger" Right-click the highlighted line and choose Properties. Click the STOP button. Select Disable or Manual in the Startup Type scroll bar Click OK Windows XP Professional Click Start->Settings ->Control Panel Click Administrative Tools Click Services Double click Services Scroll down and highlight "Messenger" Right-click the highlighted line and choose Properties. Click the STOP button. Select Disable or Manual in the Startup Type scroll bar Click OK

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#49 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 07:12 PM

After my last reboot, I have not opened any browsers and it has been quiet for more than 15 minutes. If it remains quiet, it must have something to do with the browsers. After I open Firefox, something is changed and the popups reappear. Does this help? I think I rebooted without the network connected the last time. If I reboot with the network connected, MSN Messenger will try to log in and then the popups will reappear. Still no popups yet.

Edited by MLL, 06 June 2006 - 07:16 PM.


#50 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 07:14 PM

Try my last post and see if that works. Did you update FireFox?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#51 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 07:26 PM

I have disabled Messenger. By updating Firefox, do you mean downloading and reinstalling? I am already using the latest version 1.5.0.4 Shall I reboot and see what happens? Or simply open a browser?

#52 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 07:28 PM

I am already using the latest version 1.5.0.4

OK.

Try opening a browser. If no popups, then reboot nd see what happens.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#53 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 07:37 PM

Ewido updated itself and is on guard. SpySweeper is on. Opened Firebox browser and navigated a little. Still no popups. Will continue to wait and navigate for a few more minutes. If no popups, I will restart and see what happens.

#54 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 07:39 PM

Fingers are crossed :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#55 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 07:51 PM

Just rebooted, MSN Messenger came up with the log on screen. I did not sign in. Checked Services and still see it disabled. Opened Firefox and navigated around to other sites such as MSN.com, Google.com, Amazon.com....still NO POP UPS!!! So far so good!! ***Still no pop ups! I will continue to play around tonight. Will stay away from MSN Messenger! Do we need to clean up some files? What about other programs such as Mediaplayer and ITunes? Shall I stay away from them for now?

Edited by MLL, 06 June 2006 - 07:57 PM.

    Advertisements

Register to Remove


#56 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 08:03 PM

Lets see what happens. If all goes well, :thumbup: post a new HijackThis log and we'll do some cleaning

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#57 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 09:09 PM

All seemed to be working well UNTIL I logged on to Yahoo Messenger! Pop ups reappear. Wonder if it has to do with that. It was not automatically started. 1. Checked Services..do not see any place to disable it. 2. Rebooted computer with network connected. Pop ups reappeared. 3. Rebooted computer with cable unplugged. 4. Reconnected cable. 5. Opened browsers. Quiet again. Must be something attached to those programs when I use them to communicate. 6. Rebooted computer with cable plugged in this time. 7. Opened Browsers.....let's see what happens...nothing yet.....

Edited by MLL, 06 June 2006 - 09:11 PM.


#58 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 09:35 PM

Pop ups came back after a half hour. Now what? Talk to you tomorrow!

Edited by MLL, 06 June 2006 - 09:36 PM.


#59 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 June 2006 - 02:45 PM

If it's Inside Yahoo, you can set settings to no popups

Messenger/Preferences/General.
uncheck Show Inside Yahoo!.

Lets also do this:

Please download hoster from the link below.

http://www.funkytoad...load/hoster.zip

Unzip Hoster.zip
Open Hoster.exe.

Then click on "Restore Original Hosts"

Close program when complete.


Download this file from the link to your desktop.
http://www.mvps.org/.../DelDomains.inf

Click "Save" and save it to your desktop.

Right-click on the deldomains.inf file and select 'install'

Once it is finished your Zones should be reset.

Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

Edited by LDTate, 07 June 2006 - 03:25 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#60 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 07 June 2006 - 03:42 PM

Thanks, I'll try that and post the log. BTW, I opened Task Manager and checked Processes. I then did a search on the .exe files listed. I noticed some of the files for e.g. explorer.exe, spoolsv.exe, lsass.exe, services.exe, taskmgr.exe, alg.exe etc are located in C:\Windows\System32 and also C:\Windows\Software Distribution\Download\16b2c96a0c414dfdb4d3cc288a4f819 Shouldn't they be located in just the System32 folder?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users