pc troubles (1 Viewer)

Previous Next
Jayden

Jayden

Guest
Joined
May 10, 2006
Messages
947
Reaction score
2
Age
53
Location
Funroe
Offline
Hey, I am having these weird pop-ups that are not really pop ups they come up with there are no pages opened at all. I think its some sort of bug. I ran ad-aware and delt with that, but I have ran it several times today, and things keep returning.

I ran "hijack this" and these were my results. I am not sure what I should check to delete.

Logfile of HijackThis v1.99.1
Scan saved at 4:45:57 PM, on 12/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\htpatch.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Sierra\Planner\PLNRnote.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\lxcrcoms.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\Documents and Settings\Jayden\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - D:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - D:\WINDOWS\system32\mscoriezz.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - D:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "D:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] D:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CommuniGate Pro Messaging Server - Unknown owner - D:\WINDOWS\CommuniGatePro\CGStarter.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - D:\WINDOWS\System32\lxcrcoms.exe



Can anyone help me please?
 
Last edited:
sounds like the microsoft Messenger service is running.Im not talking about the instant messanger type thing either.click start-run and type "services.msc" without the quotes.

Look under Messenger and disable it.
 
I will do that now. I just got this though...

ipwins.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

szAppName : ipwins.exe szAppVer : 0.0.0.0 szModName : hungapp


szModVer : 0.0.0.0 offset : 00000000
 
Determination: Bad
sred.gif

IPWINS.EXE has been determined by the Prevx database as Bad. Therefore this file is unsafe to run and should be removed using Prevx1.
We Recommend you do not delete the files listed above manually. As Malware can use the same name as a genuine file, you could inadvertantly delete a file which is genuine. Prevx1 can analyze the actual malware file on your computer so it can identify and clean up malware and protect your computer from future malware infections.
It's very easy to remove these infections just click the button below to download and run Prevx1

http://fileinfo.prevx.com/QQe40518491950-IPWI14714762/IPWINS.EXE.html
 
ktulu909 said:
sounds like the microsoft Messenger service is running.Im not talking about the instant messanger type thing either.click start-run and type "services.msc" without the quotes.

Look under Messenger and disable it.
Click to expand...

I did that, thanks. We'll see how that goes. :)
 
<!--webbot bot="HTMLMarkup" startspan --><table id="table1" border="0" width="100%"> <tbody><tr> <td align="center" width="8%">
IMGShieldRed.gif



</td> <td valign="top" width="92%"> IPWINS.EXE Application/Process Description
Below is a description of IPWINS.EXE. This application may not be safe to have on your computer. If this application is running on your computer, it is advised that you scan your computer for both viruses and spyware/adware immediately.

Click here to download SUPERAntiSpyware to block and remove IPWINS.EXE and thousands of harmful applications.</td> </tr> </tbody></table><!--webbot bot="HTMLMarkup" endspan --><table id="table1" class="cpagetext" border="0" width="100%"> <tbody><tr> <td align="left" valign="top" width="8%"> </td> <td align="left" valign="top" width="95%">Summary of <!--webbot bot="HTMLMarkup" startspan -->IPWINS.EXE
<!--webbot bot="HTMLMarkup" endspan --><!--webbot bot="HTMLMarkup" startspan -->Adware.IPWins.Process<!--webbot bot="HTMLMarkup" endspan --></td> </tr> <tr> <td align="left" height="8" valign="top" width="8%">
</td> <td align="left" height="8" valign="top" width="95%">
</td> </tr> <tr> <td align="left" valign="top" width="8%"> </td> <td align="left" valign="top" width="95%">Company Information
<!--webbot bot="HTMLMarkup" startspan -->Unknown<!--webbot bot="HTMLMarkup" endspan --></td> </tr> <tr> <td align="left" height="8" valign="top" width="8%">
</td> <td align="left" height="8" valign="top" width="95%">
</td> </tr> <tr> <td align="left" valign="top" width="8%"> </td> <td align="left" valign="top" width="95%">Description of <!--webbot bot="HTMLMarkup" startspan -->IPWINS.EXE<!--webbot bot="HTMLMarkup" endspan -->
<!--webbot bot="HTMLMarkup" startspan -->ClickSpring/PurityScan-related adware threat

Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet.

This application may serve various types of advertising, not limited to pop-up ads.<!--webbot bot="HTMLMarkup" endspan --></td> </tr> <tr> <td align="left" height="8" valign="top" width="8%">
</td> <td align="left" height="8" valign="top" width="95%">
</td> </tr> <tr> <td align="left" valign="top" width="8%"> </td> <td align="left" valign="top" width="95%">Threat Level (1-10)
<!--webbot bot="HTMLMarkup" startspan -->6<!--webbot bot="HTMLMarkup" endspan --></td> </tr> <tr> <td align="left" height="8" valign="top" width="8%">
</td> <td align="left" height="8" valign="top" width="95%">
</td> </tr> <tr> <td align="left" valign="top" width="8%"> </td> <td align="left" valign="top" width="95%">Processes
<!--webbot bot="HTMLMarkup" startspan -->IPWINS.EXE<!--webbot bot="HTMLMarkup" endspan --></td> </tr> <tr> <td align="left" height="8" valign="top" width="8%">
</td> <td align="left" height="8" valign="top" width="95%">
</td> </tr> <tr> <td align="left" valign="top" width="8%"> </td> <td align="left" valign="top" width="95%">CLSID List
<!--webbot bot="HTMLMarkup" startspan --><!--webbot bot="HTMLMarkup" endspan --></td> </tr> </tbody></table> http://www.superantispyware.com/definition/ipwins/
 
I am downloading and installing this now.

Thanks again!!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Previous Next

Users who are viewing this thread

    Total: 2 (members: 0, guests: 2)

    Share this page

     

    Twitter

    Back
    Top Bottom