2 Pop up Killers Arghhh, cant get rid of them help

  mulva42 13:53 30 Dec 04
Locked

Hi all,
I got 2 pop ups I cant get rid of: a.as-eu.fakag.net & search.offeroptimizer, enough is enough its got that bad they hit my screen by the dozen, seems to be only these two i cant get rid of, heres my spec's.
Win xp pro,running Norton anti virus,I also have spybot S&D,No adware,Cw shredder,Goggle pop up blocker and yahoo blocker all have been updated.
I would love to meet the people responsable for these and shove them were the sun dont shine...

Thanks for your help and support.

  VoG II 13:54 30 Dec 04

Are these Messenger Service pop-ups click here

  AndySD 13:59 30 Dec 04

First look in Add/Remove programs.

Then get Hijack This click here use the forums there or here and click here may help

  mulva42 14:02 30 Dec 04

no VoG they dont seem to be messenger service pop up's, my services are disable already as ur link says to do.

  mulva42 14:30 30 Dec 04

Thanks AndySD, I checked my add and remove programs and found nothing apart from bullseye yesterday which i got rid of and seems to staying away.I have downloaded and made a log file from Hijack this but it says in the forums not to paste or send any log files unless somone asks for it, so me stuck between a rock and a hard place.

  VoG II 14:33 30 Dec 04

Post it here. You may need to do this in two or more sections because of the 800 word limit here. Be sure to include the header information at the top which lists your operating system etc. Please double space it by adding a blank line every other line.

Then wait for Nellie2 to weave her magic.

  mulva42 14:45 30 Dec 04

Logfile of HijackThis v1.99.0
Scan saved at 14:06:37, on 30/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\SLClient.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\tp4mon.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\ltmsg.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\seyapw.exe

C:\Program Files\Parallel Tasking\ptask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\lotus\organize\easyclip.exe

C:\lotus\smartctr\SUITEST.EXE

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

  mulva42 14:46 30 Dec 04

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = click here

O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9

O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dgpmlewxd] C:\WINDOWS\System32\seyapw.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?

O4 - Global Startup: Lotus QuickStart.lnk = ?

O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\SMARTCTR.EXE

O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\SUITEST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

  mulva42 14:48 30 Dec 04

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - click here (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - click here (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - click here

O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - click here

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uk.emea.slr.com

O17 - HKLM\Software\..\Telephony: DomainName = uk.emea.slr.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{73B29DD0-0750-43B7-B591-6238D33A7601}: NameServer = 10.226.200.2,10.226.200.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{770B0C19-EC30-461B-AED5-1D89C1E95E93}: NameServer = 195.40.1.36 193.131.248.36

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uk.emea.slr.com

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: Contivity VPN Service - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe

O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: ScriptLogic Service - Unknown - SLClient.exe (file missing)

Go Neille Go...>>>

  CurlyWhirly 17:30 30 Dec 04

bump. Added to my postings as I am interested in this thread!

  Nellie2 19:19 30 Dec 04

Hello mulva42

Download Adaware click here Next: (after installing) with Ad-Aware SE open, click "check for updates"

Do not run Ad-Aware yet, just install and update.

configure windows to show hidden files and folders, see here for instructions click here

Bring up task manager by pressing Ctrl-Alt-Del and end these processes if they are there

seyapw.exe
ptask.exe

Now close all programs and browsers and run hijackthis, put a tick against the following and click 'fix checked'

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://defaulthomepage.co.uk/

O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O4 - HKLM\..\Run: [dgpmlewxd] C:\WINDOWS\System32\seyapw.exe

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

Then reboot into safe mode, by tapping F8 as the computer boots up

Search for and delete the following;

C:\WINDOWS\System32\seyapw.exe
C:\WINDOWS\satmat.exe
C:\Program Files\Parallel Tasking <-- folder
c:\program files\180solutions <--- folder
C:\Program Files\SideFind\ <-- folder

Empty your temp files by running disk cleanup

Go to Start>Programs>Acccessories>System Tools> Disk Cleanup and put a check mark beside all the entries in the disk cleanup window that ask you what you want to clean. Clean all hard drives and all files. This will get rid of any malware that is hiding in the temporary folders.

Then still in safe mode, run Adaware and let it fix everything that it finds. Reboot back to normal mode and post a fresh log please.

This thread is now locked and can not be replied to.

What is Amazon Go and will it come to the UK? The store without checkouts or queues

1995-2015: How technology has changed the world in 20 years

Why ecommerce hasn't taken off on social media

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…