Help plz, with popup's :-(

morfeumorfeu Lisbon, Portugal
edited June 2004 in Science & Tech
Hi guys, i need ur help, anyone knows how to uninstall "gator" auto-download or anykind of this annoying popups? Yes, i have installed Spybot, Ad-aware and Spyware-blaster, BUT this doesnt help me much on this stuff, per ex: when playing games this popups appears (random time) and just minimize the game... yes, this is extremely annoying.

all this progs detects stuff and delete them, or i believe so, cuz even after i do this, this (auto popups) still show up... when just connected to internet and not browsing.

Never had this prob... very weird... i dont remember to install anything like this... and damn... ad-aware and spybot should repair this...

help? ideias?

Thx.

edit: when i write this thread, one of those anoyings popups appeared, i runned Spyware and detected anything... everything is updated.

Comments

  • shwaipshwaip bluffin' with my muffin Icrontian
    edited June 2004
    can you run hijackthis and post a copy of your log? There's a link in my sig :)
  • morfeumorfeu Lisbon, Portugal
    edited June 2004
    shwaip wrote:
    can you run hijackthis and post a copy of your log? There's a link in my sig :)

    Sure, here it is:

    __

    Logfile of HijackThis v1.97.7
    Scan saved at 23:43:49, on 19-06-2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ISS\BlackICE\blackd.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\lmoo.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\dzquxp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\util\rato\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\ISS\BlackICE\blackice.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Winamp5\winamp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    G:\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\util\rivatunner\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [ebrbjlsk] C:\WINDOWS\lmoo.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ytbfwv] C:\WINDOWS\System32\dzquxp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Descarregas (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D5BCC5B-2A08-493C-8DEE-50D5DF12047C}: NameServer = 194.65.100.117 194.65.5.2

    __


    Thx for the help! :)
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited June 2004
    kill these entries:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O4 - HKLM\..\Run: [ebrbjlsk] C:\WINDOWS\lmoo.exe
    O4 - HKLM\..\Run: [ytbfwv] C:\WINDOWS\System32\dzquxp.exe

    also, could you describe the popups? Do they look like regular IE windows?
  • morfeumorfeu Lisbon, Portugal
    edited June 2004
    will do that!

    Well, they dont really like like regular IE windows, its IE windows but with no "File.." stuff, "buttons" and "adress" just clear windows.
Sign In or Register to comment.