Darn Pop Ups

**** Pop Ups

Everytime I open a new window of Internet Explorer (version 6), 1 or 2 more IE windows open with it. They are pop up ads. They are normally small windows and advertise places such as ebay and trafficswarm and a few others. I have downloaded a pop up stopper but I really want to clear the system in the first place.

AdAware and Norton AntiVirus didn't pick it up.

What do I do to completely rid my system of the pop up which has attached itself onto my Internet Explorer?

Thanks

 

I've run AdAware and cwShredder but that hasn't stopped the problem.


If I do what you said about checking the box for Temp Internet Files, what DISadvantages will that have?

 

humm

After that perhaps a log


Post a log from HijackThis so our forum members can see
what's going on. The current version is 1.97.7 [created by merijn bellekom]
Most of what it lists will be harmless, even essential,DON'T fix anything yet please.

Firt make a new folder, for instance C:Antispyware

Get it here http://radiosplace.com/ choose save, NOT OPEN
Save it to that new folder, double-click HijackThis.exe,
and hit "Scan ". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, It will load it in Notepad, and copy its contents here.
Close hijackthis and notepad
If you've used it before please dont have anything excluded

 

Logfile of HijackThis v1.97.7
Scan saved at 11:51:28, on 27/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Super Fax\PROGRAM\PICPMON.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\MSN Messenger\Plus\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BPK\bpk.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Documents and Settings\Amin\My Documents\Downloads\Extract\Tray It\trayit!.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Amin\My Documents\Downloads\HijackThis.exe
C:\Program Files\DAP\DAP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Sweet FA\My Documents\WH5_1843048.dll (file missing)
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: (no name) - {2436E4E5-0D13-4184-A75B-E43A8BE22C7F} - C:\WINDOWS\x2lg2A.dll (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FreeSkip] C:\PROGRA~1\spambendcurb\TitleBlue.exe
O4 - HKLM\..\Run: [m5BzMHFO3] C:\WINDOWS\pfxLgc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKCU\..\Run: [ClipCache] C:\Program Files\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
O4 - Startup: TrayIt!.lnk = Extract\Tray It\trayit!.exe
O4 - Startup: Update Visual Trading.lnk = C:\Program Files\VTrading\WiseUpdt.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Agent (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Wallpaper (HKLM)
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28bd8a64761b4344cf18/netzip/RdxIE601.cab
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://mmm.roings.com/crack.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37923.5311921296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mtina.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67A4705A-0BA1-4854-A0E7-30F351EA5856}: NameServer = 212.67.96.129 212.67.120.148

I suspect its that startnow.com

What do I do anyway?

 

problem solved. The culprit was twaintec.dll

 

Hi

First set windows to show all hidden files and folders
How to Show hidden files and folders.

Then if you dont know yet how to start to safe mode use the link below and learn how or print it out.


Start Hijackthis and place a check next to these items
Close all browser windows and shut down all other programs(even Folders)
that show in the taskbar. Then Hit fix selected
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Sweet FA\My Documents\WH5_1843048.dll (file missing)
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: (no name) - {2436E4E5-0D13-4184-A75B-E43A8BE22C7F} - C:\WINDOWS\x2lg2A.dll (file missing)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\MSN Messenger\Plus\MsgPlus.exe "
O4 - HKLM\..\Run: [FreeSkip] C:\PROGRA~1\spambendcurb\TitleBlue.exe
O4 - HKLM\..\Run: [m5BzMHFO3] C:\WINDOWS\pfxLgc.exe
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28bd8a64761b43...ip/RdxIE601.cab
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://mmm.roings.com/crack.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
==========

Then Restart into safe mode

How to start in safe mode

Uninstall messenger plus and ClockSync if there, via control panel addremove programs
More info


then delete these folders, If still there.
C:\Documents and Settings\Sweet FA
C:\PROGRAM FILES\BPK
C:\Program Files\MSN Messenger\Plus
C:\PROGRAM FILES\spambendcurb
C:\WINDOWS\pfxLgc.exe
C:\Program Files\ClockSync
========

what is this program ? >>
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe

Next reboot back to a normal windows and come back then post a fresh hijackthis log

 

You can also fix this.

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

And unless you have a noticable improvement with it, suggest you fix this, end task on it in task manager and uninstall. If not in add/remove, delete the folder Internet Optimizer.

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe "

Not needed at startup and can be fixed also.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot