pop ups?

[BladeRunner Profile]

Tommy, close down the IE browser and run the hijackthis
program.
1. hit the scan button
2. now hit the save log button
3. this should open notepad with your saved log
4. hilite, copy/paste the entire log into this thread

maybe some of the experts here can spot the problem.
good luck

[Rocky Dennis]

I was tired of shelling out the 30 bucks every year for Norton and it seemed it never really did anything. I came across a free antivirus like AVG. http://www.avast.com/ I had this problem when going to major retail sites like dell and home depot a coupon window would pop up. I had tried most of the programs people have listed and this new antivirus took it away and also found a bunch of other stuff that no other program found. I highly recommend it if you are looking for a free antivirus. I also shut it down while playing to give me a boost

[RCglider Profile]

Tommy,
Listen to Blade and use Hijackthis. Post the results in the forum, and here as well; I've had the pleasure of cleaning out my share of trashed pc's.. You will be chasing your tail otherwise.

A very simple app called Winpatrol http://www.winpatrol.com will tell you what's loading at startup and you can then prevent it. It's free unless you get Plus.

Oh, and stop using Exploder.......security swiss cheese.


edit: cwshredder is another little utility that removes things Spybot and others don't.
http://www.merijn.org/index.html


Another thing to do is download Spysweeper at http://www.webroot.com/. Install and do the one time update, scan and remove what it finds. You can uninstall it thereafter.

Also, get Trojan Hunter evaluation 'full' version. Use it for the allotted time, then uninstall if you wish. It is one of the best out there.

Rarely is one utility or application sufficient depending how bad the system is infected. I've yet to see one program find everything.

[ANTONIUS Profile]

try restore

[Tommy Boy Profile]

Here you go, thanks for any help you can give me:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:55 PM, on 19/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\LiquidView\lviewj.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HiJack This!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe -nogui
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Uperror] C:\DOCUME~1\CHADSC~1\APPLIC~1\ShimJoy\CASH TRUST.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: ActiveGS.cab - http://www.portune.net/gs/activegs.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[BladeRunner Profile]

Tommy, I don't see any thing that sticks out as spyware/
pop up causing software.

Maybe some one else can see some problems in the log.

You might try joining the forums and posting the log at
the forums:
http://forums.tomcoyote.org/
http://www.net-integration.net/tools/procedure.html
i hope they can help you fix the problem.
good luck

[Chacal Profile Website]

What's this:
O4 - HKCU\..\Run: [Uperror] C:\DOCUME~1\CHADSC~1\APPLIC~1\ShimJoy\CASH TRUST.exe

[residue Profile]

i can probably help you if you cannot figure it out. pm me if it's still an issue and you wish to renounce your citizenship

[cavalierlwt Profile]

This may sound like the cowardly way out, but I recommend this. Partition your hard drive or have more than one hard drive. Copy personal files, documents, backup of your email etc, to this other partition or hard drive, or back it up onto cdrom or dvdrom. Either way, back up just your personal stuff, not your OS.
Get a fresh install of the very basics, Windows, Office perhaps, a few games you know you can't live without. Don't surf the web at all, other than to update everything, service packs, etc. Then make an image of your drive. Personally I use Norton's Ghost, but there are other drive image programs out there. Don't rely on M$'s system restore or backup programs
This image should be a clean, pristine install, no cookies, no spyware, etc. Store it in at least two places, ie CD or DVDROM and maybe put a copy on another computer.

When you run into trouble, just move personal files over to other partition or hard drive, wipe out the partition with your OS on it, restore from the back up image, and then bring your personal files back to their original homes.
This is a good thing to do periodically anyway just to dump off all the crap windows accumulates, you'll usually notice an increase in system speed when you bring it back to it's pristine state.

[RCglider Profile]

There's so many events going on, it's hard for me to discern what's what, so I loaded your log at Hijackthis' Auto analyzer. It's not 100%, but definitely narrows things down.

To view your log analysis, go here:
http://hijackthis.de/logfiles/b6288e1ba67ba0666bcae2a01357046c.html

To log a Hijackthis scan, go here:
http://hijackthis.de/index.php?langselect=english


There's a whole lotta stuff goin on there!

I would still do the suggested steps in my previous post.

Can it be assumed your pc isn't exactly running the smoothest, especially during gameplay?



In addition to my previous post, seriously:
1. Run xpantispy. If you're not familiar with M$ services, xpantispy can help make it easier. Use the suggested Profile (it does turn off Windows Auto Update). When you want to update windows, load the 'Windows Update' profile.
http://xpantispy.org/

2. Use WinPatrol to control what is loading at startup. Use 'Disable' instead of 'Remove' in case you need to restart service/app. It's a nice utility. It appears to me there's so many services and background apps running, it has to be bogging you down.

3. If you run any AV or Trojan scans (Trojan Hunter), do it with System Restore OFF.


If you have exhausted all options and nothing seems to help, it's very possible one or more system files have been infected. If that is the case, it can be a royal pain to fix ( not for the faint of heart), and a fresh xp install is in order. Do what Cavalier suggested and make a backup image.

Oh, and whoever questioned if Norton is bloatware, I think it's pretty safe to say....YES it is BTW, I used AVG on my work pc and it found 14 items that got by NAV.

[Tommy Boy Profile]

thanks for all of this help guys...I will see what I can do and get back to you!

Cheers to all of you for your help!

[Tommy Boy Profile]

Originally posted by Chacal
What's this:
O4 - HKCU\..\Run: [Uperror] C:\DOCUME~1\CHADSC~1\APPLIC~1\ShimJoy\CASH TRUST.exe

I think that this was my problem....but we will see what happens.

Thanks again everyone!

[Tommy Boy Profile]

Originally posted by cavalierlwt
This may sound like the cowardly way out, but I recommend this. Partition your hard drive or have more than one hard drive. Copy personal files, documents, backup of your email etc, to this other partition or hard drive, or back it up onto cdrom or dvdrom. Either way, back up just your personal stuff, not your OS.
Get a fresh install of the very basics, Windows, Office perhaps, a few games you know you can't live without. Don't surf the web at all, other than to update everything, service packs, etc. Then make an image of your drive. Personally I use Norton's Ghost, but there are other drive image programs out there. Don't rely on M$'s system restore or backup programs
This image should be a clean, pristine install, no cookies, no spyware, etc. Store it in at least two places, ie CD or DVDROM and maybe put a copy on another computer.

When you run into trouble, just move personal files over to other partition or hard drive, wipe out the partition with your OS on it, restore from the back up image, and then bring your personal files back to their original homes.
This is a good thing to do periodically anyway just to dump off all the crap windows accumulates, you'll usually notice an increase in system speed when you bring it back to it's pristine state.

This is what I will do, I was hoping not to do this, but it has to be done I think. I too use Norton Ghost so it should be OK. Thanks.

[MeatHead_NJ]

Tommy, did you ever try running any of the spy utilitys in safemode? Give your wife her own profile and make her a user.

Im not going to defend IE and i use both, as for Mozilla/firefox, if they had more then 1% of the market, all the security flaws they have would be evident too. Just cause they dont post security flaws the way IE does and realease "update/fixes" doesnt mean they dont have them. Kinda like using a Mac. Your immune cause hackers want the bang.

[EZC Profile Website]

Tommy my solution to u. Stop watching all the PORN!!