IP ad blocker

[Guest]

before you say anythin i use ad-aware, spybot s+d, windows defender and
mcafee virus scan to check for ad ware. i'm still getting a huge amount of
pop-ups whiich i can only assume are IP related pop ups sent over the net?
any ideas or help??
cheers
dave

 

[Galen]

In spoondriver had this to say:

My reply is at the bottom of your sent message:

before you say anythin i use ad-aware, spybot s+d, windows defender
and mcafee virus scan to check for ad ware. i'm still getting a huge
amount of pop-ups whiich i can only assume are IP related pop ups
sent over the net? any ideas or help??
cheers
dave

What sort of popups? Are they messenger service spam or do they load in a
browser?

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"At present I am, as you know, fairly busy, but I propose to devote my
declining years to the composition of a textbook which shall focus the
whole art of detection into one volume." - Sherlock Holmes

 

[Guest]

they're loading in IE but in a new window everytime, i dont even have to have
my browser open for them to appear. i could be using messenger with no
browser window then suddenly a window will appear. you can imagine how
annoying this is

 

[tlviewer]

before you say anythin i use ad-aware, spybot s+d, windows defender and
mcafee virus scan to check for ad ware. i'm still getting a huge amount of
pop-ups whiich i can only assume are IP related pop ups sent over the net?
any ideas or help??
cheers
dave

try scanning with HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

it will detect any BHO objects. It can fix/repair most problems.

good luck,
tlviewer

 

[Plato]

before you say anythin i use ad-aware, spybot s+d, windows defender and
mcafee virus scan to check for ad ware. i'm still getting a huge amount of
pop-ups whiich i can only assume are IP related pop ups sent over the net?
any ideas or help??
cheers
dave

Before
Anything
I
I'm

 

[Gospel]

Perhaps it's time for a break from windowsxp.general?

 

[Guest]

Ok so from the only helpful reply I received then...I used HijackThis and
received this logfile from the first scan:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Karl Hunter\KH Blocker\khb.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Documents and Settings\Dave\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dave's PC
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program
Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KH Blocker] C:\Program Files\Karl Hunter\KH Blocker\khb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download
Manager\fdm.exe -autorun
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar
Control, version 5.0 (SP2)) -
http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138736417138
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138736408545
O17 -
HKLM\System\CCS\Services\Tcpip\..\{52F85B9F-9AB7-4C53-82F1-40C2CC827572}:
NameServer = 194.72.9.34 194.72.0.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\s0pula791d.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

anything suspect in there??

 

[Malke]

Ok so from the only helpful reply I received then...I used HijackThis
and received this logfile from the first scan:

(snip HijackThis log)

We ask that you not post HJT logs in these newsgroups. Analyzing HJT
logs takes a great deal of time and expertise, and you will not get the
attention you need here. Instead, post to one of these forums:

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

Malke

 

[Gospel]

A quick perusal and I don't see anything. I checked your headers and noticed
you were running Windows 2000. I'm wondering if you are using IE 5.5 or IE6
SP1 ??

There are two kinds of problematic pop-ups. One type generated by the
Messenger SERVICE (not Windows nor MSN Messenger) and the other generated
through the browser.

To get rid of the ones through the service, simply turn off the service
through Computer Management \ Services.

MSIE 6.1 has a pop-up blocking feature that 5.5 does not have. It catches a
lot of them .. but not necessarily all. If you are on Windows 2000 and have
not moved to 6.1, then do so. Make sure to visit Windows update right after
upgrading to patch for security holes before going anywhere else on the Net.

Regardless, you might want to consider adjusting your Internet Zone's
security level. By default on Windows XP it is pretty low .. convenient ..
but low.

Almost all this pop-up business depends on scripting. Scripting is a type of
programming that runs within a supportive environment. The scritpting that
generates popups are supported by the browser. Turn off scripting in the
browser and you turn off the pop-ups. If you look carefully at the Internet
Zone's security settings you will notice that there are settings that allow
script initiated Windows etc. etc.

You might raise the Internet Zone from the default Medium up to High .. and
raise the Trusted Zone to Medium. Then when you want the everything in a
site to run you add it to your Trusted Zone .. if not, you just make do and
leave it.

Get this little utility from Microsoft which enables easy adding to the
Trusted Zone:

http://www.microsoft.com/windows/ie/previous/webaccess/pwrtwks.mspx

It works with IE 6.

If this is too inconvenient - to have everything off -you could backtrack a
little: after raising the Internet Zone level to High, go back and re-enable
just the simple scripting (found near the bottom of the list) and a few
other things such as enable Meta Refresh and prompt for the downloading of
files. This would make naviagating etc. easier yet block a lot of the extras
that every second site wants you to run, but which you don't need. You can
make adjustments until you are comfortable. Make sure to raise Trusted Zone
to at least a Medium level though [and you can adjust it too].

Also replace your hosts file with the one found here:

http://www.mvps.org/winhelp2002/hosts.txt

Rename it hosts [without the .txt extension] and place it in the:

%systemroot%\system32\drivers\etc\

usually

C:\WINDOWS\system32\drivers\etc

folder. Then reboot. Your spyware scanner might call you on it but just tell
it to ignore the change. This will block all those ad sites by sending them
to a "Page cannot be displayed" message right on your local computer. Ha ha!

Go here for more explanation:

http://www.mvps.org/winhelp2002/hosts.htm


This reply is under Copyright.

 

[Plato]

Perhaps it's time for a break from windowsxp.general?

Agreed. I took 3 days off. Now I'm back.

 

[Gospel]