Pop-up/Ad Help

I had spyware about a month ago and it went away but i guess i went away when i used Ad-Aware but i think it is back now. i keep on getting pop-ups every hour or so and they are the same thing. Ad aware and Spy-Bot detect some stuff and delete them but every time i restart the computer they come back. Here is my Hijack-This Log:

Logfile of HijackThis v1.99.0
Scan saved at 8:27:52 PM, on 12/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2479.0006)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
D:\AVG7\AVGCC.EXE
D:\AVG7\AVGEMC.EXE
D:\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\IPCFG.EXE
C:\WINDOWS\SYSTEM\SCANDS32.EXE
C:\WINDOWS\SYSTEM\SNNPAPI.EXE
D:\FREE SURFER\FS20.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\MY DOWNLOAD\SPY-AD BLOCKER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] D:\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ipcfg.exe] C:\WINDOWS\SYSTEM\IPCFG.EXE
O4 - HKLM\..\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE
O4 - HKLM\..\Run: [SysTray] C:\WINDOWS\SYSTEM\SNNPAPI.EXE
O4 - HKLM\..\Run: [freesurfer] D:\FREE SURFER\fs20.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\AIM.EXE
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Free Surfer\FS20.exe

Comments

  • shwaipshwaip bluffin' with my muffin Icrontian
    edited December 2004
    Hi, run hijackthis, place a check in the boxes next to these entries, and click "fix checked":
    O4 - HKLM\..\Run: [ipcfg.exe] C:\WINDOWS\SYSTEM\IPCFG.EXE
    O4 - HKLM\..\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE
    O4 - HKLM\..\Run: [SysTray] C:\WINDOWS\SYSTEM\SNNPAPI.EXE
    O4 - HKLM\..\Run: [freesurfer] D:\FREE SURFER\fs20.exe
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Free Surfer\FS20.exe

    then, delete the files:
    C:\WINDOWS\SYSTEM\IPCFG.EXE
    C:\WINDOWS\SYSTEM\SCANDS32.EXE
    C:\WINDOWS\SYSTEM\SNNPAPI.EXE

    and the folder d:\free surfer
  • edited December 2004
    thanks, :)
    I think its working fine now. here is the Hijack This Log now:


    Logfile of HijackThis v1.99.0
    Scan saved at 6:35:36 PM, on 12/26/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2479.0006)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    D:\AVG7\AVGCC.EXE
    D:\AVG7\AVGEMC.EXE
    D:\AVG7\AVGAMSVR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\NZSEARCH\NZSPC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    D:\MY DOWNLOAD\SPY-AD BLOCKER\HIJACKTHIS.EXE

    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\AVG7\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] D:\AVG7\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] D:\AVG7\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\AIM.EXE
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited December 2004
    Looks good. May I suggest an alternative browser:

    www.mozilla.org/firefox
  • edited December 2004
    Ya I have it installed, but i rarely use it
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited December 2004
    It is less prone to spyware infections, and has some cool features that IE doesn't...tabbed browsing, for one. I would reccomend that you use it instead.
This discussion has been closed.