Pop Up Blocker

Until Microsoft came out with theirs, Spybot was my #2 behind Ad-Aware. I like Microsoft because it updates itself, and the run-time protection isn't a pain in the ass. Spybot's a good scanner, though, when its updated.

 

First things first: go to Add/Remove Programs and uninstall anything you know you didn't install or you don't think you need. I'll qualify that by saying it's a good idea to keep any installation CD's handy in case you have to reinstall software. Anything that says 'Microsoft' in front of it, I'd leave it alone. You'll be surprised how much you can get rid of that isn't spyware but it uses up memory.

 

Thank you so much Harry . I did the Clt+Alt+Del button and it managed to shut everything down ( ). There was no option of a processes tab...I'm thinking it's because I have an old girl of a machine and nothing flash. Nevertheless, I did the Hijack This! scan and found this -
It then prompted me to spent $US 79.95 and that's where my relationship with Hijack This! ended. I'm sorry - I'm a cheap arse *sad*.
Brain - thank you too lovey. I'm afraid the link didn't work because I didn't have winzip to unzip it.
Math - I did the full AdAware `deep scan' last night - and it identified and quarentined loads of files. I did it again tonight - and here's what it found...
That's 40 New Critical Objects from last night. Here are the objects and their bits and AND . Again, I've quarentined and deleted the files, but I don't reckon I've got it all. I can't even download a f*cking file from my e-mail - it restricts that sort of pop up. I'm going to keep trying and scanning and restarting. Again, thank you all so much for helping me with this - I'd be lost without you and your wonderful contributions! I mean it - I'm completely screwed here .

 

I did another scan and found 5 new critical things. Here's the log - I'm sorry this is long, but I don't know if it's helpful?

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, 19 July 2005 1949
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


19-07-05 1949 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293866151
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952475
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294963595
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [BDSS.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\
ProcessID : 4294942471
Threads : 6
Priority : Normal


#:5 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294938459
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:6 [XCOMMSVR.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\
ProcessID : 4294940687
Threads : 2
Priority : Normal
FileVersion : 1, 7, 0, 4
ProductVersion : 1, 7, 0, 4
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:7 [KB891711.EXE]
FilePath : c:\windows\SYSTEM\KB891711\
ProcessID : 4294945643
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294943763
Threads : 46
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:9 [AUTOCHK.EXE]
FilePath : C:\CFGSAFE\
ProcessID : 4294782087
Threads : 1
Priority : Normal
FileVersion : 3.06.01
CompanyName : imagine LAN, Inc.
FileDescription : ConfigSafe Auto Check Program
InternalName : AUTOCHK
LegalCopyright : Copyright © 1995-2000
OriginalFilename : AUTOCHK.EXE

#:10 [BDMCON.EXE]
FilePath : C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\
ProcessID : 4294821083
Threads : 2
Priority : Normal
FileVersion : 7.0
ProductVersion : 7.0
ProductName : BitDefender Desktop 7
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
LegalCopyright : Copyright (C) 2002 SOFTWIN S.R.L.
OriginalFilename : bdmcon.exe

#:11 [MSMSGS.EXE]
FilePath : C:\PROGRAM FILES\MESSENGER\
ProcessID : 4294810123
Threads : 3
Priority : Normal
FileVersion : 4.6.0077
ProductVersion : Version 4.6
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:12 [PRSTECT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294812943
Threads : 5
Priority : Normal
FileVersion : 1.00.0111
ProductVersion : 1.00.0111
CompanyName : PTech
InternalName : prstect
OriginalFilename : prstect.exe

Cont...

 

#:13 [LEXBCES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294706519
Threads : 7
Priority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:14 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294715451
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:15 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294669535
Threads : 6
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:16 [LEXPPS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294646603
Threads : 10
Priority : Normal


#:17 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294381755
Threads : 5
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:18 [I_VIEW32.EXE]
FilePath : C:\PROGRAM FILES\IRFANVIEW\
ProcessID : 4294501815
Threads : 2
Priority : Normal
FileVersion : 3.85
ProductVersion : 3.85
ProductName : IrfanView
CompanyName : Irfan Skiljan
FileDescription : IrfanView
InternalName : IrfanView
LegalCopyright : Copyright © 2003 by Irfan Skiljan, Austria
OriginalFilename : i_view32.exe
Comments : IrfanView for Win9x, WinNT, Win2000, WinXP

#:19 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294390067
Threads : 4
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:20 [PRSTECT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294757231
Threads : 2
Priority : Normal
FileVersion : 1.00.0111
ProductVersion : 1.00.0111
CompanyName : PTech
InternalName : prstect
OriginalFilename : prstect.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : .DEFAULT\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 18-08-05 20:41:14
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-01-38 12:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/
Expires : 19-07-07 20:41:12
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 19-07-06 20:40:30
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 18-07-10 2052
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 8



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

1940 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:50.890
Objects scanned:82364
Objects identified:11
Objects ignored:6
New critical objects:0 It said there were 5? .

Also - I've never been to these webpages - .

 

I think I caught it!

I've rebooted and I could do stuff that I couldn't before.

Touch wood.

What if it comes back though? .

I'm gonna leave all this guff in here in case it does.

Spanks in advance! *Prays*.

 

The Microsoft Antispyware has a process that warns you when stuff tries to install. If you have Windows 2000 or Windows XP, you can get it from microsoft.com. It's a piece of cake to install.

If you have Win98 or WinMe or whatever, you'll have to stick with the Ad-Aware.

 

In case it hasn't been mentioned on here before, a good site with tons of info on spyware and hijacking, as well as how to clean it out is...

SpywareWarrior

It even gives a long list of "Anti-Spyware" programs you'll want to avoid like the plague.

 

I kept getting hijacked in much the same manner and no amount of deleting files and scanning with Spyware did any good until I did two things:
1st - I did a system restore to a previously known good configuration (pre-hijack)
2nd - I installed Firefox

Worked like a champ...that was around six months ago and the problem is completely eliminated. Don't get spyware anymore either.

 

I've NEVER gotten spyware, and I've NEVER used Firefox. I'm still amazed that people think IE was the problem, it's their browsing and random software installation behavior...you go to asian porn palace web sites, you're gonna get spiked occasionally. You don't patch your system, you're gonna get slammed. Firefox is the same as IE, as shown by the rash of updates for it as soon as it had enough market share for hackers/spyware-ers to care.