Popups

About Moya's forum, for site-related issues. Please start your site-related issue as a new topic and one of us will come along and advise.

Moderator: All Moderators

Popups

Postby Killiney » Wed Jan 30, 2008 9:10 pm

Dear Admin and Technical Staff,

Whenever I click any of the links on the moyabrennan forum, I receive a notification telling me that popus are blocked, but that is the setting I have, for those that do not have popups blocked, I just thought I'd warn you all.
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Grania » Wed Jan 30, 2008 9:21 pm

You'll be recieving popus on the forum for pms when you change page here or refresh your pages - it's not adverts or anything like that :)
Music and friendship - the answer to life's problems.

I heard Your voice
Whisper to the wild water
Step By Step
Slowly I turn - Máire Brennan
User avatar
Grania
Moderator
 
Posts: 11209
Joined: Tue Aug 31, 2004 2:26 pm
Location: England

Postby Killiney » Wed Jan 30, 2008 9:25 pm

Grania wrote:You'll be recieving popus on the forum for pms when you change page here or refresh your pages - it's not adverts or anything like that :)


Its not PMs. They come up, its whenever I refresh the page or even log on to the forum, last time the *click* sounded to alert me that there are popups blocked, there were 23 popus blocked.
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Angoid » Thu Jan 31, 2008 8:40 am

This could have one of two main causes:

1. You received a PM, but you only get the notification by pop-up when you first visit the forum. It doesn't persist when you surf from page to page, and it stops once you visit your Inbox.

2. You have some "malware" on your computer, and if you get pop-ups on other sites that don't usually give pop-ups, then this will almost certainly be the cause.

Free pop-up blockers such as the Google toolbar and the Yahoo one will block those from bad sites as a general rule, but you'll still get the notification from the pop-up blocker.

Let us know .... we may need to take a closer look at that system using a diagnostic program from the Internet.
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Postby Killiney » Thu Jan 31, 2008 10:43 am

Angoid wrote:This could have one of two main causes:

1. You received a PM, but you only get the notification by pop-up when you first visit the forum. It doesn't persist when you surf from page to page, and it stops once you visit your Inbox.

2. You have some "malware" on your computer, and if you get pop-ups on other sites that don't usually give pop-ups, then this will almost certainly be the cause.

Free pop-up blockers such as the Google toolbar and the Yahoo one will block those from bad sites as a general rule, but you'll still get the notification from the pop-up blocker.

Let us know .... we may need to take a closer look at that system using a diagnostic program from the Internet.


I have the Google toolbar popup blocker, but I think it tells me how many have been blocked over a given period of time, not just in one session, that may be why it says 26 blocked. It continues to count the popups, even on sites that do not send out advertisements. Well, that's what I think any way. I might be wrong though.
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Angoid » Thu Jan 31, 2008 11:03 am

You're right, it does :)

But are you getting pop-ups on other sites, especially sites you use that do not normally deliver pop-ups?

I'm trying to ascertain whether there could be something nasty on your computer - in which case we need to look at removing it :)
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Postby Killiney » Thu Jan 31, 2008 11:28 am

Angoid wrote:You're right, it does :)

But are you getting pop-ups on other sites, especially sites you use that do not normally deliver pop-ups?

I'm trying to ascertain whether there could be something nasty on your computer - in which case we need to look at removing it :)


I don't think that there have been pop-ups on other sites, but I have been using the laptop for several months, and it started of with like 2 pop-ups blocked, and the Google toolbar thing has slowly increased to say 26, some of which are the PMs for this forum, I've only just realised that.

I have or had a virus on my other MSN thing, and it kept sending out links to my contacts telling them that I have found there picutres on some website (hyperlink) and other stuff like 'this is the computer that I want', it was even doing it while the laptop was switched off, and I kind of don't know how to rid the computer of it.
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Angoid » Thu Jan 31, 2008 12:13 pm

I may be able to help you with this, Killiney :)

Take a look at this here and follow th instructions for posting a HijackThis log. That should give us some clues as to what's causing this. Let's do one computer at a time to save on confusion.
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Postby Killiney » Thu Jan 31, 2008 2:39 pm

Angoid wrote:I may be able to help you with this, Killiney :)

Take a look at this here and follow th instructions for posting a HijackThis log. That should give us some clues as to what's causing this. Let's do one computer at a time to save on confusion.


I can't find the download button.

Is it 'download latest version'
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Angoid » Thu Jan 31, 2008 3:02 pm

Go here:
http://filehippo.com/download_hijackthis/

and click on "Download latest version" at the top of the green right-hand section, just next to the green downarrow.

If you get the InformationBar trying to prevent downloads, then allow it through by clicking on it and then on "Download file". Save it to your Desktop and run it from there.
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Postby Killiney » Thu Jan 31, 2008 3:37 pm

Do I 'run' or do I 'save'?

I ran it.

I have folowed the instructions in the tutorial, however, when it comes to renaming, I renamed it to 'HijackCheck', however, the icon shows as:

HijackCheck
HijackThis
Trend Micro Inc.


with the icon at the side of the text, how do I change it?
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Angoid » Thu Jan 31, 2008 4:46 pm

That's OK. That's because some of the newer nasties hide from it, and renaming it gets over that little hurdle.

Click the button that says "Run and save a logfile" or words to that effect. When the log has been produced (it should only take a few seconds), copy everything and paste into your next reply. DO NOT CHECK ANY OF THE CHECKBOXES THAT WILL APPEAR for now - just exit the program.
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Postby Killiney » Thu Jan 31, 2008 4:58 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:09, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\rvr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackCheck\HijackCheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [rvr] C:\WINDOWS\system32\rvr.exe
O4 - HKLM\..\Run: [uvese] C:\WINDOWS\system32\uvese.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm491YYGB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Print Spooler Service (hej7rla5aqambc) - Unknown owner - C:\WINDOWS\system32\rvr.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe

--
End of file - 8779 bytes
Behind the innocent,
the last, the least and the lost
will be found in the storm

Northern Skyline - a fansite for Clannad/Moya/Enya get the latest news as soon as we get it
User avatar
Killiney
Addicted to Moya
 
Posts: 1986
Joined: Sat Aug 25, 2007 11:45 am
Location: Dover, England

Postby Angoid » Fri Feb 01, 2008 8:30 am

It's almost certainly MyWebSearch that's doing it, Killiney. I don't have time to do a full analysis right now, but I'll come back to it over my lunchtime and propose a fix.

Also, WinAntiVirus Pro is serious bad news. That indicates the presence of a problem we know as Smitfraud, which can cause untold problems.

We will need more tools from the Internet to help you get clear of this, but as I said, unfortunately no time right now. Watch this space!
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Postby Angoid » Fri Feb 01, 2008 1:27 pm

OK Killiney, this is going to be fun. You'll need to follow these instructions exactly to the letter; if there is anything you don't understand, then please ask.

You have installed a rogue anti-virus program called WinAntiVirus Pro 2007. You probably picked it up after visiting a website that tried to push it onto you, telling you that your system was not protected and that you need it to keep yourself clear from viruses.

Unfortunately, that program is an infection, and once it's on board, it calls the lads in to cause you more problems than you bargained for.

It must be removed. We'll get you a legitimate anti-virus package for free afterwards.

OK, now to get rid of it. The full reference for this fix is taken from this article here and this fix is based on that article.

Step 1. Download, install, and update the tools required:

Click here to download a little program called SmitfraudFix. Save it to your Desktop.

Download AVG Anti-Spyware Free. Don't get this confused with AVG Anti-virus; they're different programs!
Run it, and update it but do NOT get it to scan your system just yet. If this confuses you, then see below as there is more info on it further down in my post.

Download Piriform CCleaner and save it to your Dekstop. Install it, and run it.
On the left-hand side, click on the box marked Options, and then to the right of that, click on the box marked Advanced. UNcheck the box marked Only delete files in Windows temp folders older than 48 hours, and then exit the program using the X box in the top right hand corner of the program window.

Do you have Spybot Search and Destroy on board? If not, then download it from here. Download the program - version 1.5.2 - and run it. Follow the on-screen instructions, but do not install the realtime protection module (called 'teatimer') and do not scan your system just yet.

Update Ad-Aware 2007, which you already have.

2. Preparing for the Fix:

Print these instructions out; you're going to have to do some of this in what we call Safe Mode where you will not have any Internet access.

3. Performing the Fix:

Click here and scoll down to the section marked "Removal Instructions"; print it off as recommended, and follow those instructions - all of them.

When you get to stage 11:
Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen

I don't expect you to understand that log, but please post that into your next reply. For now, save it as a text file so you can get to it later.

Now to run AVG Anti-Spyware, the program you downloaded earlier. Please see here for a tutorial on this. Follow the instructions there.

Reboot your system, and run Ccleaner. Click the "Run Cleaner" button in the bottom right hand corner of the program's window, and let it do its stuff. At the end, exit the program (using the X in the top right hand corner) and reboot your system again.

Run Ad-Aware 2007 and let it fix all the problems it finds. Reboot afterwards if it has fixed anything.

Run updated Spybot Search and Destroy. If it finds something it cannot remove and asks if it can continue after a reboot, then say yes. Reboot again if that's the case and it will scan again.

Run HijackThis (HijackCheck) again and this time, do a system scan only (no need to save a log file). When the scan is complete, find the checkboxes corresponding to the following entries and check them off (some may no longer exist, and that's fine):

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [rvr] C:\WINDOWS\system32\rvr.exe
O4 - HKLM\..\Run: [uvese] C:\WINDOWS\system32\uvese.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm491YYGB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab


It is important that you do not get any others by mistake. When you have done this, click on Fix Checked. If you get any questions about it being OK for the program to remove a "BHO" then say Yes or OK - you want it to do that.

At the end, exit HijackThis and reboot again.

Post the logs from AVG Anti-Spyware, SmitfraudFix, and a new HijackThis log.
If you don't know what eschatology is then don't worry; it's not the end of the world.
Purveyor of fine sarcasm since 1966.
Angoid
Technical Administrator
 
Posts: 3674
Joined: Tue Mar 02, 2004 10:08 pm
Location: In the cave

Next

Return to Administrator

Who is online

Users browsing this forum: No registered users and 1 guest

cron