A sudden onslaught of pop up windwos!

[QuickSilver]

This would probably tick anybody off. I pride myself on keeping my computer clean and well guarded against this kind of thing, but in this case, something got through. I have been getting a huge ammount of popup windows all of the sudden. I never see the contents of the windows, and usually they are confined to the tool bar and never come up, thanks to my blockers. It still can be annoying however, as you will often end up with twice as many cubes on the tool bar as you have web sites that you are actually veiwing. I assume that I have an exe file hiding on my computer that is causing this, but finding it has proven difficult. Any ideas?

[glc]

Standard solution - virus scan, Spybot, and Ad-Aware. If no joy, post a HJT log.

[QuickSilver]

HJT? Please elaborate.

[Hi Ho]

HJT = Hijack This.

[mikeL]

Also use something other than IE

[QuickSilver]

Thanks much!

[QuickSilver]

Ok, here is my HJT:

Logfile of HijackThis v1.97.7
Scan saved at 8:48:32 PM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Programs\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Programs\Logitech\MouseWare\system\em_exec.exe
E:\Programs\Security\NAV03\navapsvc.exe
E:\Programs\Security\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
E:\Programs\Security\Proxomitron Naoko-4\Proxomitron.exe
E:\Programs\Sharing\KaZaA Lite\Kazaa.exe
E:\Programs\Sharing\KaZaA Lite\Speed Up.exe
E:\Programs\Utilities\Motherboard Monitor 5\MBM5.EXE
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Gman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programs\FileReading\AdobeReader6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programs\Security\NAV03\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programs\Security\NAV03\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Programs\Utilities\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Outpost Firewall] E:\Programs\Security\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8029.696400463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

[ghost2003]

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

[trulad]

I see Kazaa in there and I had several people with that that had the same problem. One lady's machine was ulmost unusable untill she got rid of Kazaa.(Broke her teenager's heart).
trulad

[Blue_Gundam2002]

Quote:

Originally posted by trulad I see Kazaa in there and I had several people with that that had the same problem. One lady's machine was ulmost unusable untill she got rid of Kazaa.(Broke her teenager's heart). trulad

I don't think its kazaa thats causing the problems, he's useing kazaa lite which is kazaa without the adware.

[Lobos]

this is your problem
Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll


-----------------------------------------------------------------------------------------------------------------------------------

To enable the viewing of Hidden files follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and shutdown My Computer.
9. Now your computer is configured to show all hidden files.


reboot into safe mode
How to boot into safe mode

delete these file
C:\WINDOWS\twaintec.dl

[Lobos]

or you can go here

http://www.pchell.com/support/twaintec.shtml

[Lobos]

sorry ghost you called it looking over the posts again

think i was tired and missed your post

Lobos

[QuickSilver]

Thanks guys! Problem solved. Wonder how I picked that crap up.

[Lobos]

get spyblaster if you have it update it

spyblaster has it in it's database

Try spyware blaster
spyware blaster will block spyware from comming in when you surf the net(compatible with IE, mozilla and firefox)

Lobos