Ads/Pop-Ups On My Computer, Need Help!

**osteez** · 03-26-2007, 06:28 PM

My computer is acting sluggish and keeps getting pop-ups/ads every now and then...this has happend before and i have posted here and everything went fine, this was about a year ago. And i just reformated my computer because of it the other day...my computer was actually not even starting, it would just come up with a blue screen saying i have a BIOS and driver problem, so i reformatted and now im having this problem.

I have AVG & Lavasoft ad-aware both found trojans but my AVG will not completely remove a few of them.

Logfile of HijackThis v1.99.1
Scan saved at 6:21:13 PM, on 3/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\winamp.exe
C:\WINDOWS\System32\firewall.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\bljsgiyl.exe
C:\WINDOWS\System32\dqfpfp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [USB Electronic Scale] C:\Program Files\USB Electronic Scale\scale.exe /s
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\uwmyachd.dll",setvm
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\bljsgiyl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thanks in advance!

**pheonix73** · 03-26-2007, 07:25 PM

First off I would like you to follow all of the steps in the "read me" sticky.After you have completed the steps,post another HJT log here for the pros to look at.Also after they have looked at your log and decided where to go from there,I would update your system to XP SP2,and possibly IE7.Also it would not hurt you to download one of the free firewalls PP has mentioned in his protect yourself from malware section and disable your XP firewall.This would give you a bit more security.I am sure that Judy will plug the other programs that will give you peace of mind in the future.So for now follow the read me first section and they will get back to you as to a solution.

**osteez** · 03-26-2007, 10:06 PM

Heres the log after i have done everything that was told in the Read Me Topic :

Logfile of HijackThis v1.99.1
Scan saved at 10:02:16 PM, on 3/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\kvkh.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HiJackThis\hjtscan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C1CC116-7FC9-4024-AF30-C2D01E0F3A85} - C:\WINDOWS\System32\xxyxyax.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\hmwdbsvx.dll (file missing)
O2 - BHO: (no name) - {CAD08EF4-8BE4-473E-B553-D1A0280746B1} - C:\WINDOWS\System32\mllmk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\kvkh.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmk - C:\WINDOWS\System32\mllmk.dll
O20 - Winlogon Notify: xxyxyax - C:\WINDOWS\SYSTEM32\xxyxyax.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

How do i disable the XP Firewall? I downloaded the ZoneAlarm Firewall. Also im having trouble finding the download for the XP Service Pack 2...
Thanks for the help!

**Noob334** · 03-26-2007, 11:28 PM

Do not worry about SP2 until one of the better malware fighters comes along and says that your computer is clean and ready to go. when they do say it is good to go, this should help you with SP2:
Are you on the windows update site and cant find SP2? If you arent then go to Start, then control panel, on the left should be the link to the Windows update site. On the left of the screen is a button that says "restore hidden updates" this should bring up SP2 if you chose to ignore it in the past. If you cant get on the windows update site becuase Mozilla firefox is your defalt browser then try the following link http://update.microsoft.com/windowsu....aspx?ln=en-us this should get you there i hope....its what gets me there but i have SP2 already. if this doesnt work then someone else will have to help you.

As for the firewall. If you again go to Start, control panel, and then you should see Security Center (depending on configuration) click on it and that will get you to the screen to turn off the windows firewall. DO NOT turn off this firewall unless you have another firewall up and running/ready to get up and running. Only have one anti-virus and one firewall at a time.

**osteez** · 03-27-2007, 10:05 AM

Great thanks! I installed the SP2...NVM I now see the security center under my control panel settings. I have turned off the windows firewall and the Zone Alarm one is stilll on.
I dont think i had a firewall right after i reformatted cause i didnt have the security center until after i downloaded SP2.

**pheonix73** · 03-27-2007, 09:12 PM

The one thing I saw in your last log is that you have 2 anti-virus programs running.
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"

As well as AVG.
You should decide which one you want to run with,because having 2 programs of that nature running at the same time decreases your security and does not enhance it as some might think.

**TurcoLoco** · 03-27-2007, 11:37 PM

Good call Pheonix. Osteez, as Pheonix mentioned it is not wise to have more than 1 anti-virus/spyware and firewall type utilities installed and in active status on the same system. Windows Firewall that was upgraded with ServicePack 2 is much better than its earlier version however still inferior in many experts opinion compared to any of the other 3rd party utilities of the same kind such as ZoneAlarm, Kerio, Outpost, TinyFirewall, etc. Check out the free firewalls listed on this page. Also check out Comodo which was also listed in our Software/Freeware tidbits section, it is another really nice free firewall.

Also if you are still having pop-ups on your system, let us know. I will try to check back but by then jholland might be back too!

**osteez** · 03-28-2007, 02:16 PM

Yeah i have the ZoneAlarm firewall currently and I have the AVG Anti Virus program on my computer & Ad-Aware Personal. But yeah im still experiencing pop-ups.

Thanks

**TurcoLoco** · 03-28-2007, 09:18 PM

Originally Posted by osteez

Yeah i have the ZoneAlarm firewall currently and I have the AVG Anti Virus program on my computer & Ad-Aware Personal. But yeah im still experiencing pop-ups.

Thanks

What type of pop-ups exactly? When using IE? If so, well yeah since you got SP1 only and using IE pop-ups are bound to come up while surfing depending on the site!

If that is the case and you can't install SP2 for whatever reasons then you don't have any other choice to use a 3rd party pop-up stopper or a different browser that blocks pop-ups such as Firefox.

If that is not the case then let us know.

~TL

**osteez** · 03-28-2007, 10:09 PM

Its not those types of pop-ups. A pop-up blocker wouldnt stop them because they are from viruses on my computer, as long as the virus remains the pop-ups will continue. And also the pop-ups sometimes ask me to download things or sometimes everything will freeze for a few seconds and then there are times where im on a webpage and then it closes all of a sudden. Also it makes my internet and overall computer performance quite slow.

But when i disconnect my internet, i will not have any pop-ups, however my computer will remain sluggish.

I actually have SP2 already, that direct link noob gave me worked out.

Thread: Ads/Pop-Ups On My Computer, Need Help!

Thread Tools

Display

Ads/Pop-Ups On My Computer, Need Help!

Thread Information

Users Browsing this Thread

Posting Permissions