• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

unwanted pop ups!!!!

Joined
Apr 20, 2008
Messages
27
Location
Wrexham
PC Experience
Some Experience
Operating System
Windows Vista - Home Basic
#1
i had problems on my net about 10 threts and 95 viruses!!! took me 4 hours to sort it all out. now i have none. yay. however when im online web pages keep opening themselves in a new window all the time (about 10 a minute) they range from advertising, you have won, casinos and ****. i dont no what to do its driving me mad please help. i have norton internet security and also spybot search and distroy and glary pc clean up but none of these programs detect what ever it is.:mad:
 
W

Wolfeymole

#2
Hello Matthew

Welcome to Free PC Help

You are using the most useless AV and Anti-Spyware programs going and you are still infested with malware.


Malware is the term used to describe computer infections such as Adware, Spyware, Viruses, and Trojan Horses.
You will need to run at least two malware scanners as well as an Antivirus scanner that are listed in the following instructions.
Anti-Malware and Anti-Virus scanners perform different tasks.
The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection.
Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 30 and 90 minutes.
The Eset online scan should take between 1 and 3 hours.
In most cases, these scans will suffice to clean and disinfect your computer.

For best results print the following instructions and bookmark this Web page
To keep this guide printer-friendly, use your cursor to highlight the contents below.
From your browser select File - Print and in the printer dialog box under "Print range"
click the Selection choice to print out these instructions for removal of malware.




----------------------------------------------------------------------------------------------------------------------
  • Follow these instructions carefully.
  • Download ATF-Cleaner from Snapfiles.com to remove "junk" files from your computer that may contain malware.
  • You can also download it from Majorgeeks.com
  • When you run ATF-Cleaner, check the items as shown below for Main.
  • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  • NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  • Then click on "Empty Selected".
.



----------------------------------------------------------------------------------------------------------------------
  • Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
    • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    • You do not have to send them your e-mail address, just click next.
    • You can leave the automated check for updates on.
    • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    • DO NOT allow SUPERAntiSpyware to protect your Home Page settings.
    • On the Top Left select the Scan your computer button.
    • Make sure there is a CHECK MARK on all Fixed Drives.
    • Click "Perform a Complete Scan". Click "Next" and reboot the computer when prompted to do so.
    ----------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------
  • Disable your internet security by right clicking on its icon (usually located in the system tray next to the time display) and choosing "Exit", "Disable", or "Shut Down".
  • Run an online scan with Eset from Free Virus Scan: Use ESET's Online Antivirus Scanner
  • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
  • Accept the terms and click "Start".
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
  • Click "Start" to begin the scan.
  • When completed restart your computer
Make sure your internet security is enabled, and then please return to Free PC Help and tell us how the computer seems to be operating.
At that time, you will receive instructions to ***ist you in removing malicious programs from your Add/Remove program list if warranted.
 
Joined
Apr 20, 2008
Messages
27
Location
Wrexham
PC Experience
Some Experience
Operating System
Windows Vista - Home Basic
#3
pop up

i ran ATF all was ok but i cannot install SUPERAntiSpyware it comes up installation prematurley stoped due to an error!?!
 
Joined
Apr 20, 2008
Messages
27
Location
Wrexham
PC Experience
Some Experience
Operating System
Windows Vista - Home Basic
#5
pop ups

the eset online scanner says ERROR cannot initilize online scanner administrator rights required. But i am the adminitsrator on my laptop
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#6
The infections are likely the cause of the issue when trying to install a scanner or run a scan.

Please click here to download the HijackThis installer so we can see what's running on your computer and do some preliminary removal of infections. Run the program and choose "Do a system scan and save a logfile". When the log appears, highlight it, then copy and paste it back into this thread.
 
Joined
Apr 20, 2008
Messages
27
Location
Wrexham
PC Experience
Some Experience
Operating System
Windows Vista - Home Basic
#7
hijak log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:21, on 20/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Free Email, News & Weather, Sport, Shopping and celebrity gossip on AOL UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP for Small Business
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP for Small Business
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = AOL Search results for "%s"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S69FB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9454 bytes
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#8
First go to Add/Remove programs and remove Spybot Search and Destroy, as it may interfere with the changes I'm about to suggest. (We'll talk about SB later". Also remove AOL if you're not using it.

Run HT again and choose Scan Only. Now put a check in the following entries and then click Fix Checked:

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = blank.htm

Restart the computer, open IE7 and perform a Reset:

1.Click the Tools menu, and then click Internet Options.
2.On the Advanced tab, click Reset.
3.In the Reset Internet Explorer Settings dialog box, click Reset.
4.When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5.Close Internet Explorer 7.
The changes take effect the next time that you open Internet Explorer 7.

Go through the few steps to set up Internet Explorer 7, then close all of IE7's Windows.

Right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu. You should now be able to use the Eset online scanner.

Once the Eset scan is complete, restart the computer and attempt to download and run SuperAntiSpyware and MalwareBytes exactly as instructed in the prior post.

In theory:), if you can get all that done successfully, the popups should be gone.
 
Joined
Apr 20, 2008
Messages
27
Location
Wrexham
PC Experience
Some Experience
Operating System
Windows Vista - Home Basic
#9
looking good

im online doing eset looks to be working and i have had no unwanted pop ups for about half an hour. should i delete norton internet security it is only a free trail and just keep the ones you told me to use
 
Joined
Apr 20, 2008
Messages
27
Location
Wrexham
PC Experience
Some Experience
Operating System
Windows Vista - Home Basic
#10
Thank you all

everything seems to be working perfectly i have tried about 10 diffrentprograms this week to sort out all the problems but none of them worked. but by asking you you have helped my out no end. i will definatley be coming back to you in the future and will recomend you to all. cannot put a value on you technical knowledge. so thanks again. Thank you

much appreciated a very happy customer(although you dont even have to pay!!! but you can make a donation which i would advise Just to say thanks):cool:
 
W

Wolfeymole

#11
Get shut of Norton immediately Matthew and obtain NOD32 Security Suite from ESET.
Buy the program as it is most excellent.
This is not a plug for ESET but advice offered with regard to the most proficient AV and Malware killer on the market today.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#12
Thank you for the compliments Mathew. FPCH maintains a well versed and well refined staff.

If you haven't already, run SuperAntiSpyware and MalwareBytes.

After that, you will want to create a new System Restore point, as your current SR points will be corrupt due to the malware. To do so: Right click on My Computer from the Start Menu and choose Properties. Click on the SR tab and uncheck the SR option. Restart the computer and recheck that option.

If you decide to remove Norton, do not use the Add/Remove programs to do so. Use this tool instead. BTW-Ignore the registry cleaner from the site, and I recommend you discontinue any use of registry cleaners as they usually cause more harm than good.

Please read this post and feel free to ask for any further ***istance or recommendations.