Help I have popups that I can't get rid of !

Tracy,

Hi and welcome to the Daniweb forums :).

===============

Please download Kill2Me from here & run it to remove Look2Me from your computer.

===============

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.
When it completes, post back the full filename of any files that cannot be cleaned or deleted.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

===============

Go to Add/Remove programs and remove(uninstall) the following, if present:

MyWebSearch

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...(Unless you've set these with an anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk04640US

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Hi and thanks so much for your help :)

I did as you asked kill2me found nothing so maybe with all the scans I have been doing finally got rid of it ,as yesterday I had 32 Look2me files found by McAfee virus scan :eek: I did the TrendMicro which found nothing and etrust web scanner found nothing also :confused: which I thought was strange as up until I followed your advice I was still getting loadingweb and paypopups .

I uninstalled my google toolbar and updated it to a newer version also.I deleted those things in Highjackthis .

here is my new log ,so far I haven't had a popup .YAY

Logfile of HijackThis v1.99.1
Scan saved at 10:37:12 PM, on 22/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\HJT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.essentialbaby.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-au/4,0,0,84/mcinsctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca06.rightnowtech.com/6020-b432h/rnl/java/RntX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-au/1,0,0,21/mcgdmgr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au

Hi Tracy. I am not seeing anything in your log to indicate any infections. You can try this if you wish and I can see what else may be on your PC that hijackthis cannot pick up.

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

===========

Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.

cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit

Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.

Here it is will be back in a minute with the other thing :p

ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Acrobat 4.0
Ahead NeroMediaPlayer
Alcatel SpeedTouch USB Software
CCleaner (remove only)
CleanUp!
Delete Windows 98 Second Edition uninstall information
Google Toolbar for Internet Explorer
greenstreet Draw 3.0
greenstreet PhotoFX
greenstreet PowerText3D 2.0
greenstreet Publisher 3.13
greenstreet Utilities
HijackThis 1.99.1
Icatch(IV) Camera Driver
Intel® 810 Chipset Graphic Driver End User Diagnostics Software
Internet Explorer Q903235
Java 2 Runtime Environment, SE v1.4.2_05
Lexmark X1100 Series
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft Chat 2.5
Microsoft Data Access Components KB870669
Microsoft FrontPage Express
Microsoft Interactive CD Sampler 7.0
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft VGX Q833989
Microsoft Wallet
Microsoft Web Publishing Wizard 1.6
Microsoft Windows Critical Update Notification
MSN Messenger 7.0
Nero - Burning ROM
NetMeeting 3.01
Outlook Express Q837009
PCI Fax Modem
Picasa 2
QuickTime
Shockwave
Spybot - Search & Destroy 1.2
StarOffice 5.2
Triscape FxFoto
Uninstall Windows 98 Second Edition
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows Media Player system update (9 Series)
WinMX
WinZip

ok did that but it said under the cd program files - To many parameters-Files?

Looks like the bat file doesn't run under 98. I see nothing in your uninstall programs either.
How is your PC at the moment?

Hi thanks for your help ,I haven't had any popups and my computer seems to be running faster since I gave it a good clean out ,but since all this started my sound has gone ,which section would I best get advice on how to get it back?

Thanks Tracy

It may just be a case of reinstalling the drivers for the sound card. Will move you on over to the 98 forum.

I spoke to soon :mad: the same popups are back as soon as I finished my post I went to my favourite parenting site and bam first popup and now they have been popping up regulary .I have done an Ad-Aware SE scan which only had some cookies which i deleted I ran a Highjack this log and its the same three I deleted last night 06 HKCU\software\policies\microsoft\internet explorer\restrictions present and the same first bit with control panel present and 08 extra content & search bar my websearch.com/menusear.....?p=ZNxmk0460US.

Please help I am going mad here ,I have done scan after scan and nothing is showing it runs good and then when I shut it down and start it up the next day its all back again .........plus I have lost my sound ............I might take to it with an axe soon.

Tracy..........who isn't gonna let these pesky popup thingies get the best of her :cheesy:

ok did that but it said under the cd program files - To many parameters-Files?

You have to put Program Files in quotes, so that line should say:
cd "Program Files"

Well I seem to have fixed my popups ,I followed the steps that crunchie gave me again and have been online for the last few hours with not a single popup :D .

I have been having trouble with my sound though two weeks ago it was fine ,went to use Media player and said something about my sound card ,had a read up on some forums to find out if I could fix it myself and givin myself a HUGE migraine trying to figure it out I thought I was on the right track but then I developed computer issue's with trojens and popups so now I am to scared to download anything like drivers unless some tells me which ones I need lol.

When I start my computer up it says it has found new PCI multimedia and to wait while windows searches ,then it says do you want to download the drivers for it.I say yes and then it says it can't verify the ? I have it set for Microsoft site which finds nothing .I have taken the top off my puter but I have know idea what I am looking for .I think it is soundMAX intergrated audio .I only have a windows 98 Se CD and my computer was bought ex lease ,I am buying a new computer eventually but still want this one for my kids as it has all the music on here so would like to be able to fix the sound on this one .

Please can anyone give me advice on what to do :confused:

Sorry about the mini novel :mrgreen:

Tracy

I just wanted to say thanks ......since I found this site I have learnt how to fix my popup problem ,How to properly defrag my computer and now just reading through this site I have also fixed my sound YAY ,you guys have saved me heaps in $$$$ as normally I would just take it in to be fixed .

You guys are the best ...if I ever have a problem with my computer in the future this is the site I will visit first .

Cheers
Tracy

I spoke to soon :mad: the same popups are back as soon as I finished my post I went to my favourite parenting site and bam first popup and now they have been popping up regulary .I have done an Ad-Aware SE scan which only had some cookies which i deleted I ran a Highjack this log and its the same three I deleted last night 06 HKCU\software\policies\microsoft\internet explorer\restrictions present and the same first bit with control panel present and 08 extra content & search bar my websearch.com/menusear.....?p=ZNxmk0460US.

Please help I am going mad here ,I have done scan after scan and nothing is showing it runs good and then when I shut it down and start it up the next day its all back again .........plus I have lost my sound ............I might take to it with an axe soon.

Tracy..........who isn't gonna let these pesky popup thingies get the best of her :cheesy:

Hi Tracy,

To help prevent this, check out the links for Protecting and Cleaning below.

Also, please let us know how you fixed it and what the problem was :)