CastleCops® Pop-ups plus a constant htm download request

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Pop-ups plus a constant htm download request

This topic is locked you cannot edit posts or make replies

All -> FavForums -> Catch All - Guests

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Chris

Guest
IP: 71.249.*.*

Posted: Wed Sep 19, 2007 4:02 am Post subject: Pop-ups plus a constant htm download request

It seems like every 1/2 hour I get this download request prompt you are downloading the file drf1189618804.htm from 222.133.3.210 Would you like to open the file or save it to your computer Its been almost a week and its getting very annoying. The pop ups are annoying too. Here is my Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:39 AM, on 9/19/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Safe mode with network support Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\WINXP\Explorer.EXE C:\Documents and Settings\Administrator\Desktop\Resolution Changer\Resolution Changer\Resolution.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINXP\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.13.2.4:8080 O2 - BHO: (no name) - {14E7A667-56E0-2F66-A34D-1EE34C90FD9C} - C:\WINXP\System32\qlqsrls.dll O2 - BHO: 100% Free Spades Toolbar Helper - {17DF7D60-3575-497F-8D11-F8882E3E1CE9} - C:\Program Files\100% Free Spades Toolbar\v3.2.0.0\100%_Free_Spades_Toolbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINXP\WebAssist.dll O2 - BHO: (no name) - {EC4BE332-A9F1-491A-A651-8D658E3D4F0b} - C:\WINXP\System32\arcwodii.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: 100% Free Spades Toolbar - {02F7A7EB-89F8-47FF-A75C-52C1060EC144} - C:\Program Files\100% Free Spades Toolbar\v3.2.0.0\100%_Free_Spades_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O20 - AppInit_DLLs: O23 - Service: GEARSecurity - GEAR Software - C:\WINXP\SYSTEM32\GEARSEC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 3319 bytes Thanks in advance P.S. I registered but forgot my password. I sent a request for another one but I never got the e-mail [E-mail address deleted]

k027

Special Response Team
Guest Forums Host

Joined: Aug 25, 2003
Posts: 8481

Posted: Wed Sep 19, 2007 7:00 am Post subject:

HiJackThis logs must be posted in the HJT forum. If you suspect that your computer is infected, try working through this: http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview Your pop ups may be related to Windows messenger Service: http://www.grc.com/stm/shootthemessenger.htm Resubmit your password request. Do not post your E-mail message address - forums like this are routinely viited by E-mail message address harvesting bots.

	All -> FavForums -> Catch All - Guests	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 84ppm 0.187s (0.034s) Making cybercriminals unhappy since 2002*