Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ads constantly popping up and slow machine...limewire!

Status
Not open for further replies.
CTaylor1968

CTaylor1968

Vendor
Aug 5, 2005
35
GB
HELP!
I installed Limewire (some friends had been using it & swore that it was fine!) and I've had nothing but problems since then with lots of ads popping up all over my screen. I've downloaded all types of programs from the internet to try to cure it but even though they all founds lots of viruses etc, I'm still having problems. I'm now running Avast and I tried AVG but they're still coming along. I'm also running pop-up stopper. One of the ads I get tells me that I have blackworm virus and must download this specific software.
My machine is horrendously slow.
After six and a half hours I even tried the recovery disk to see if I could revert to original factory settings, only to get an error when running it.
I am now so fed up with it all that I just want to get a hammer!!! PLEASE - WHAT CAN I DO?
 
Sort by date Sort by votes
See: thread760-1184923

first, especially Pechenegs Post, follow that, and then POST a HiJackThis Log here so that we can clear ya from all stuff that may be present...

btw. Limewire is normally safe to use, but I suggest to switch to Azureus...

Also a Spyware Guard proggy, like MS AntiSpyware, TeaTimer, or Spysweeper Guard should be in use along side of any AntiVirus Program...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Thanks for this. I'm at work today but when I get home this evening I will do this. Grateful for your help.
 
Upvote 0 Downvote
Definately a malware issue. Read the above and also the following below to ensure proper removal.

Webroot Spysweeper

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:


Update it and run a complete scan.

Finally, check for viral issues:



Regards,

Erik
 
Upvote 0 Downvote
Thanks for all your help. Please see the log from Hijack This below:-

Logfile of HijackThis v1.99.1
Scan saved at 18:18:06, on 05/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\ch_utility.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\windows\mousepad7.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided By Wanadoo
O4 - HKLM\..\Run: [Chrontel TV] C:\WINDOWS\System32\ch_utility.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gremlin] C:\WINDOWS\System32\intrenat.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DELETE ME] worm.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O17 - HKLM\System\CCS\Services\Tcpip\..\{D08F3825-6D20-4172-B96B-66E2FE19BE55}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\k4pm0e71eh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
 
Upvote 0 Downvote
Remove the following:

C:\windows\mousepad7.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [Gremlin] C:\WINDOWS\System32\intrenat.exe

O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe

O4 - HKCU\..\Run: [DELETE ME] worm.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT! 7.5:80/dexGB298.exe

O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\k4pm0e71eh.dll

O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)

Once fixed...


Webroot Spysweeper

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:


Update it and run a complete scan.

Finally, check for viral issues:



Regards,

Erik
 
Upvote 0 Downvote
I hope you don't mind but I need a bit more help as I really don't want to mess up. What do you mean by remove using HOT?
 
Upvote 0 Downvote
When I tried to delete mousepad 7 it says "access denied"?
 
Upvote 0 Downvote
Using Hijack this, remove all the items that are listed above. Then, run the tools listed above.

Don't worry about your mousepad 7 for now. We will take care of it later.

Erik
 
Upvote 0 Downvote
THANK YOU A MILLION TIMES!!! I followed your instructions and Hijack This removed 49 infected files. I've downloaded Avast Anti-Virus, Avast Scanner and Spysweeper and everything now seems fine.....touch wood.
Thank you for all your help - it's much appreciated and I have banished the hammer back into the cupboard!
 
Upvote 0 Downvote
Glad to have helped...

btw. WHAT Happened to my POSTS?????

Erik do you know what happened to them???

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Ben,

I have no idea what happened to them. I have seen this before with my own posts in the past just up and disappear. This is really strange???

Erik
 
Upvote 0 Downvote
Ben,

I got to thinking about it. Some of mine are gone too. It is probably because we were off topic in talking about the weather and such. We need to be more careful about that.

Regards.

Erik
 
Upvote 0 Downvote
Members who want to talk about the weather or anything else for that matter should look at :-
forum1091 if you are a UK person
or
forum1229 For everyone else.

Steve: Delphi a feersum engin indeed.
 
Upvote 0 Downvote
Thanks for the INFO...

and 'bout the OffTopic sorry about that, 'twas just a friendly conversation ans should not happen too often...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Thanks sggaunt...

Sorry about that Ben. I might have started that friendly short conversation about the weather. Thanks for your great insight on this forum.


Regards.

Erik
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
161
2ffat
2ffat
2ffat
  • Locked
  • News
CNET/Download.com have cleaned up their act! 4
Replies
5
Views
122
kjv1611
kjv1611
goombawaho
  • Locked
  • Question
Stop Microsoft Security Essentials pop-up on XP machines 1
Replies
9
Views
131
goombawaho
goombawaho
2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
88
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Crytowall 3.0 and How I dealt with it 2
Replies
7
Views
146
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top