Home > Hijackthis Log > Hijackthis Log. Random Popups

Hijackthis Log. Random Popups

this Topic has been closed. Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key:****************************************************************************Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AdminDebug]"Asynchronous"=dword:00000000"DllName"="C:\\WINDOWS\\system32\\l8j8li1u18.dll""Impersonate"=dword:00000000"Logon"="WinLogon""Logoff"="WinLogoff""Shutdown"="WinShutdown"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]@="""DLLName"="igfxdev.dll""Asynchronous"=dword:00000001"Impersonate"=dword:00000001"Unlock"="WinlogonUnlockEvent"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msldr32]"LdCount"=dword:00000000"Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"="msldr32.dll""Startup"="Startup"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]"LoginDomain"="PC2405482125282"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ Extract and save the HijackThis download to the new folder you created. Anyways, heres my HijackThis log.Logfile of HijackThis v1.99.1Scan saved at 7:40:33 AM, on 7/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Symantec have a peek here

Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do Advertisements do not imply our endorsement of that product or service. Try to provide the URL of these pop-up web pages.Your HJT log looks OK, but try a specialist HJT forum. People said to disable Messenger.

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} HijackThis log LinkBack LinkBack URL About LinkBacks Thread Tools Show Printable Version Email this Page… Subscribe to this Thread… 03-17-200511:07 AM #1 KT555 Guest Getting random pop-ups...

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Of course i searched this weatherbug on the internet and found all kinds of problems with this adware program and problems it caused, and good old REALPLAYER ships it with their Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo!

How sad. You'll find discussions about fixing problems with computer hardware, computer software, Windows, viruses, security, as well as networks and the Internet.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion Internet Explorer Random Pop-Ups, Please You have a nice set of protection, but nothing that would be giving you these pop-ups. Join our site today to ask your question.

Several functions may not work. You can do this by restarting your computer and continually tapping F8 until a menu appears. Please download Ewido Anti-MalwareInstall ewido anti-malwareLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first Register now!

Once in Safe Mode, Open Ewido:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {0b40e778-2dc3-48f4-af61-2e5e7a0e9c66} - (no file)O2 - BHO: This may or may not resolve other problems you are having with your computer. To learn more and to read the lawsuit, click here.

Everyone else please begin a New Topic. 0 Back to Virus, Spyware, Malware Removal · Next Unread Topic → Similar Topics 0 user(s) are reading this topic 0 members, 0 guests, navigate here If we have ever helped you in the past, please consider helping us. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - MAXTOR STM3160815AS - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:-- Security Center -------------------------------------------------------------AUOptions is scheduled to Still in the safe mode find and delete the following: C:\Program Files\AdTools Service...folder C:\WINDOWS\farmmext.exe ...file c:\windows\system32\zmxauf.exe ...file C:\WINDOWS\wupdt.exe ...file Empty recycle bin.

Inc. - C:\WINDOWS\system32\YPCSER~1.EXE--End of file - 11705 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------S3 catchme - c:\docume~1\jonath~1\locals~1\temp\catchme.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled Anywhere on your hard drive is fine other than a Temp folder. There must be also a log on your C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click Check This Out Similar Threads - Random Popups Hijackthis Musical Note Playing Randomly on 2 PCs on Network zakatacus, Dec 26, 2016, in forum: Virus & Other Malware Removal Replies: 0 Views: 121 zakatacus

Join over 733,556 other people just like you! Not sure if these are related. Create Account How it Works Javascript Disabled Detected You currently have javascript disabled.

Seems REALPLAYER current versions 10.5 and 11 (i think) include a adware spybot program called weatherbug, and more detailed a "minibug" program.

Look2Me-Destroyer will now shutdown your computer, click OK. * Your computer will then shutdown. * Turn your computer back on. * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. I searched the internet forums about the explorer popups and found alot of info.

All rights reserved. I am also having problems shutting down window when a dialog box pops up saying that program "watchdog" failed to close properly. If you click on this in the drop-down menu you can choose Track this topic. this contact form A case like this could easily cost hundreds of thousands of dollars.

Make a new folder to put your HijackThis.exe into. L2Mfix will continue to scan your computer and when it's finished, notepad will open with a log.