3800 Pop ups...how are they still happening?

[dole21]

Ok..

I have

spybot
adaware
and i ran both.

cleaned the computer and have updated both of them. YET I still am getting popups.

I ran symantec virus scan and had no viruses. and i updated taht as well.

yet...with NO explorer windows open pop ups are still happening. I had just turned the computer on and got on before even doing anything.

HELP please

Click to read more...

 

[syP]

use opera or mozilla

 

[dole21]

I can't.


Its a work laptop and am only able to use internet explorer

i went to a car domain webpage via a link from clubgp and its when it all started. symantec popped up someithing about a threat, I chose to delete the threat

and now I get popups when no explorer windows are open....

 

[GTPj]

i know there is a port you can close that stops ads....but i for got how to do it....sorry

 

[jk99gtp]

Dole,

Give this anti-spyware software a try, works really good.

http://www.microsoft.com/downloads/details...=en&Hash=MRV6QL

Make sure to update the pattern file to the latest after installing..

Thanks,

Joel

 

[frankenstinesy]

why can't you use mozilla. it's the same basically as internet explorer but without the popups

 

[dole21]

its my work laptop.


I am not allowed to install ANYTHING on it. Technically its for my installs and service calls and used to capture signatures. But when we're traveling like now when I'm stuck in indiana for a week in the snow we are allowed to have web access.

 

[dole21]

and thanks for that other spyware program, but my company only approces spybot and adaware currently.

 

[Kustomkid54]

I run Norton Internet Security. Never had any pop ups. :lolsign:

Originally posted by dole21@Jan 22 2005, 08:56 PM
and thanks for that other spyware program, but my company only approces spybot and adaware currently.

[snapback]68543[/snapback]​

 

[dole21]

What the heck is something called

Ceres?


I am getting lots of popups that say that...then switch to something else.


I search for the file and keep deleting it....yet it keeps coming back....

anyone know?

 

[ThaLord]

download hijackthis.exe

it doesn't install.. just runs (perfect for corp laptops) report your results here.

 

[jk99gtp]

Originally posted by dole21@Jan 23 2005, 09:36 PM
What the heck is something called

Ceres?


I am getting lots of popups that say that...then switch to something else.


I search for the file and keep deleting it....yet it keeps coming back....

anyone know?

[snapback]68617[/snapback]​

Dole,

Give this link a try.

http://www.bullguard.com/forum/12/ceresdll...-back_5673.html

Thanks.

 

[dole21]

Originally posted by ThaLord@Jan 23 2005, 09:39 PM
download hijackthis.exe

it doesn't install.. just runs (perfect for corp laptops) report your results here.

[snapback]68618[/snapback]​

Logfile of HijackThis v1.99.0
Scan saved at 10:35:02 PM, on 1/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cusrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SysCheckBop32.exe
C:\Program Files\dlsmgr\dlsmgr.exe
C:\WINDOWS\system32\adl_zeno.exe
C:\Program Files\hpdll\hpdll.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\Omugpq.exe
C:\WINDOWS\win32070751550417.exe
C:\WINDOWS\mmups.exe
C:\Documents and Settings\DELLTEST\Application Data\osoa.exe
C:\WINDOWS\system32\r?gedit.exe
C:\WINDOWS\SYSfit.exe
C:\WINDOWS\system32\rac230mt.exe
C:\WINDOWS\system32\prutlct.exe
C:\WINDOWS\system32\ctfmon.exe
C:\MOBILECLIENT\WebToGo\webtogo.exe
C:\WINDOWS\system32\prutlct.exe
C:\WINDOWS\system32\winejbe32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DELLTEST\Local Settings\Temporary Internet Files\Content.IE5\Y8AHZPK0\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://checkpointsystems.com/default.aspx?page=default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Checkpoint Systems, Inc.
R3 - Default URLSearchHook is missing
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [suthhc] C:\WINDOWS\system32\suthhc.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [dlsmgr] C:\Program Files\dlsmgr\dlsmgr.exe
O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\system32\adl_zeno.exe 0
O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Omugpq.exe
O4 - HKLM\..\Run: [win32070751550417] C:\WINDOWS\win32070751550417.exe
O4 - HKLM\..\Run: [C:\WINDOWS\fyqtw.exe] C:\WINDOWS\fyqtw.exe
O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\DELLTEST\Application Data\osoa.exe
O4 - HKCU\..\Run: [Dakg] C:\WINDOWS\system32\r?gedit.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [SYSfit] C:\WINDOWS\SYSfit.exe
O4 - HKCU\..\Run: [dBvERQHtV] rac230mt.exe
O4 - HKCU\..\Run: [prutlct] C:\WINDOWS\system32\prutlct.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Oracle Web-to-Go.lnk = C:\MOBILECLIENT\WebToGo\webtogo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Sametime Meeting Room Client ST25 - http://usathormail1/sametime/stmeetingroom...gRoomClient.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://usathormail1/sametime/MSJavX86.exe
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = checkpt.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = checkpt.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = checkpt.com
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Multi-user Cleanup Service - Unknown - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing)



THere ya go....

and If I had a clue what all that meant...

 

[dole21]

and a FYI


I've run spybot on startup

then adaware

restarted

same process 4 times without connecting to the internet.

and i quarantined stuff every time....about 10 things via spybot a time and 50 or so on adaware, yet the names were different on each scan.

BUt on my 5th log both said the system is clean, but I'm still getting random popups, not as many as I was though

Thanks everyone for the help

 

[ThaLord]

those spyware programs don't get certain types of programs...

There are a couple of things in your log, that shouldn't be there.

If you would like me to try and help walk you through getting rid of them, call me.

John

 

[neto_d]

HEY WHATS UP MY NAME OR WHAT THEY CALL ME IS NETO D , SORRY ABOUT YOUR CAR IT LOOKS BAD ASS. I AM A NEW MEMBER , AND HOPING I CAN SEE YOU GUYS SOON, I HAVE A RED 98 GTP.

 

[Fish]

Alright dude, unless your running AS400 or some other program that requires caps lock, please turn off caps lock. It looks like this.

 

[hueygt]

I have maxthon or MYIE2
its cool i had the same problmes i have spybot and adaware and i dont have any problems anymore.