Grr Popups....

[lootit]

Here is my HIjack this log i cant seem to find it or a program that will Find it But When iclick on Ie I get a popup ever few secs its a diff popup.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:00 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\WLTRYSVC.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\WLTRAY.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] D:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [STYLEXP] "D:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - D:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 2696 bytes



I wentv a dl trojan remover and it cant access this file to remove it any clue what it is?

D:\WINDOWS\System32\drivers\nulll.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nulll\"ImagePath"

 

[Redmo0n]

I don't see anything wrong.

Do the following

Start > Run > Msconfig > Startup Tab > Disable Everything But your anti-virus and anything you may need (like StyleXp or something)

Restart

Then download CCleaner and Run it (make sure to tick all the boxes so that it cleans everything): Download CCleaner 2.04.543 - filehippo.com

After that if you still have problems post back a new hijackthis log

 

[Eric1]

Mozilla.org - Home of the Mozilla Project That is all I have to say.

 

[lootit]

Mozilla.org - Home of the Mozilla Project That is all I have to say.

i use firefox and ie -.- and even f i use firefoxIe loads popups on me -.- Ill Do what he said and post a new log soon



KK Here a new log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:30 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\WLTRYSVC.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techist.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - D:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 3175 bytes

 

[Ste]

What other anti virus programs do you use?

I use Spywareblaster and Spy Bot search And destroy.
The immunization function is great.

Oh and,
Opera>Firefox>>>>>>> IE

 

[Redmo0n]

Try using an anti spyware cause i can't see anything bad there.

Maybe wait for Osiris

 

[Osiris]

Follow this guide below:
A guide and tutorial on using ComboFix

Then post a new log and the combofix log.

What you can also try it uninstalling IE before this is ran and then when finished, install a fresh copy and see if you still get those popups.

IE 7

Internet Explorer: Get It Now

 

[Eric1]

Ad-Aware it's free and might help. Good Luck.

 

[lootit]

Thanks man i Found what it is cCleaner removed... what ever it was lol 0.0 thanks guys lots

 

[Osiris]

From my guide?