Home > Hijackthis Log > Hijackthis Log: Adult Messenger Popups

Hijackthis Log: Adult Messenger Popups

Back to top #19 TKLF2 TKLF2 Topic Starter Members 11 posts ONLINE Local time:07:34 PM Posted Today, 09:19 PM I cannot move/delete the H:\Program Files (x86)\Baidu Security\ folder. By bumping, you buried your post. Download AnVir Task Manager. Main Menu You are Here Ozzu Webmaster Forum Microsoft Windows ForumHijackthis log: Worm.Win32 ... http://liveterrain.com/hijackthis-log/hijackthis-log-outware-and-other-popups.php

If you're not already familiar with forums, watch our Welcome Guide to get started. Removing this entry will free up some system resources. It is needed by some graphics professionals who want their monitor calibrated. This is my Hijackthis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:09:02 PM, on 7/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot

Yes, my password is: Forgot your password? Short URL to this thread: https://techguy.org/846085 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Back to top #4 iguagaby iguagaby Forum Deity Trusted Advisor* 2,220 posts Posted 07 July 2006 - 11:24 PM Hi Rainmaker,Welcome to the forum!!!Sorry for the delay!!! OK User = LL2 ...

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Staff Online Now valis Moderator Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Search Forums Recent rdave13 18:04 18 Jul 09 Should have added that some PCs use F5 to get to safemode. Win32.Trojan.WisdomEyes and possibly others, can't connect to websites Started by TKLF2 , Jan 06 2017 12:51 PM Prev Page 2 of 2 1 2 Please log in to reply 19 replies

with options Y/N. This is the lastest hijackthis logRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\system32\bcd2kcpan.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Exo Adult\ExoAdult.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Remove Advertisements Sponsored Links TechSupportForum.com Advertisement 01-09-2006, 01:46 AM #2 MicroBell TSF Security Team, Emeritus Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,962 OS: Windows 7 Click here to join today!

OK User = LL2 ... Also the "Awards" page on that site has awards from all those really Skanky download sites that get Red Flags in Web of Trust... Also installed 'pop-up blocker' v.6 which puts a yellow smiley face on the task bar...not too sure about that. Thanks for your help, Gary.

Please re-enable javascript to access full functionality. managed replied Jan 16, 2017 at 10:31 PM Sign of the times ekim68 replied Jan 16, 2017 at 10:26 PM Plug-In Not Supported & IE Tab... Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file) O2 - BHO: NP HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{745588FA-F315-471C-9ACB-7B6EC8AECFD3}C:\users\duranta\appdata\local\pokemon\app-0.1.6\pokemon go live map.exe => value not found. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 110120162

Thank you for helping us maintain CNET's great community. his comment is here OK +++++ PhysicalDrive2: ST31000524AS ATA Device +++++ --- User --- [MBR] 65da96d0b04ce4ceaf69bbb94091173c [BSP] 0b819c0c8c8745be75822cf90ccc8b76 : Linux MBR Code Partition table: 0 - [XXXXXX] Adware and Spyware and Malware..... Please help!!

Select option 1...2. Sign In Become an Icrontian Sign In · Register All Discussions Categories Categories All Discussions Activity Best Of... RK === RogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com http://liveterrain.com/hijackthis-log/hijackthis-log-winfixer-popups.php Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem:

Quite often I don't even realise there are there, they might be 'behind' the page I am using. Back to top #5 iguagaby iguagaby Forum Deity Trusted Advisor* 2,220 posts Posted 31 July 2006 - 01:24 AM Due to the lack of feedback this Topic is closed.If you need C:\Windows\System32\DRIVERS\XQHDrv.sys => moved successfully C:\Windows\System32\DRIVERS\VBoxUSBMon.sys => moved successfully C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50551B7E-2B3B-444A-9306-C3FE03DAEFE7} => value not found.

Back to top #18 Oh My!

Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. dino7 replied Jan 16, 2017 at 9:47 PM Video card not working Macboatmaster replied Jan 16, 2017 at 9:39 PM Intel RST service is not running pennilaymay replied Jan 16, 2017 It is driving me insane..every few minutes the computer freezes, and I have to manually delete this stuff. If not, remove the following entries.Quote:C:\Program Files\Exo Adult\ExoAdult.exeO4 - Startup: Adult Messenger.lnk = C:\Program Files\Exo Adult\ExoAdult.exeDid you add beatport.com into your trusted zone?

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. When option 1 completes select option 2 (It may ask you to clean... Windows XP is the operating system. navigate here Please re-enable javascript to access full functionality.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: &Yahoo! I am getting loads of pop-ups..some of them of a sexual or dating nature. Advertisements do not imply our endorsement of that product or service. It's almost impossible to do anything on our computer anymore.

Popups like Adultfriendfinder, VirusBlast, WinAntiVirus, AntiVirus Gold, Monaco Gold Casino etc etc.I ran adaware, i ran trendmicro. Post Information Total Posts in this topic: 4 postsUsers browsing this forum: No registered users and 36 guests You cannot post new topics in this forum You cannot reply to topics Hopefully it will not return. http://www.help2go.com/modules.php?name=HJTDetectiveThis site will take your HJT log and automatically tell you whats good and bad also gives tips on what to do and what to delete if needed....Good site I use

I notice in my 'title' bar, sometimes it has desktop smiley as a search engine logo. OK +++++ PhysicalDrive1: WDC WD30EFRX-68EUZN0 ATA Device +++++ --- User --- [MBR] e1b74f0304dc41dc6befba126fb1e6f1 [BSP] 716fb54ec595d2fd055f0b7f15f1e6b6 : Windows Vista/7/8 MBR Code Partition table: 0 Your PC should now be free from spyware!We suggest that you run HijackThis again, just to make sure that none of the entries that you removed suddenly reappeared. Malicious These entries have been positively identified as malicious programs.

I think this might be it? more information)O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Description: Adjusts monitor colours across all programs, including Photoshop. Loading... All rights reserved.

When you run it, AnVir shows you all startup programs and Windows processes, so you’ll find harmful file in a minute.