Right.....

[Dazzza]

Hitman Pro, which includes Spybot Search & Destroy.

[pauld]

Dazza may be right that Hitman Pro is better (and I'd certainly not argue with anything called that!) but Sypot S&D is the nuts.

[Dazzza]

Hitman Pro is a composite of programs that includes Spybot S&D and a few others so it ticks all of the boxes and ensures everything is picked up.  Plus it’s free!

[Power to people]

Excellent Thanks I will give this a go when I get home in a bit, anything to get rid of those annoying pop up web page ads !

[Power to people]

Well run it last night and it found about 20 instances, took something like 3 hours to complete so tried IE and still getting adware - will run again tonight, failing hat I may just re-build the computer (and watch what Torrent's I download next time)

[Samdy Gray]

Can't imagine that Spybot S&D would miss anything that would cause pop-ups. Might be worth trying Adaware to see if that picks up anything else. Also, did you do it in safe-mode?

I wouldn't be as drastic as re-formatting - that's worst case scenario. Try using Firefox, shouldn't get any pop-ups with that.

Unless your ISP have decided to go with that Phorm advertising thing.

[Simon Pieman]

Run a virus scan as well and you also have the pop-up blocker in your privacy settings enabled.

[Power to people]

Can't imagine that Spybot S&D would miss anything that would cause pop-ups. Might be worth trying Adaware to see if that picks up anything else. Also, did you do it in safe-mode?

I wouldn't be as drastic as re-formatting - that's worst case scenario. Try using Firefox, shouldn't get any pop-ups with that.

Unless your ISP have decided to go with that Phorm advertising thing.

I didn't tick the safe mode box ?....should I have  - although it did say about it needed to remove the desktop & taskbar while scanning which it did

I'm surprised but it did find 20 odd occurances and seemed to clear them, I am going to try tonight again though, instead of letting 2 or 3 scan the drive I'll just use Spybot S & D and see what happens.

I'm sure my isp (talktalk) isn't using Phorm as it has only been gonig since I think I downloaded a couple of dodgy torrents about a week ago

I will only re-format as a worse case though

[Simon Pieman]

If you want you could download an application called hijack this. When you run it, it gives you a log of what is running on your machine. If you paste all the text of the log into this forum I will have a look at it later and see if anything dodgy is running.

Don't reformat because you will lose all your drivers and settings and that is a pain in the arse.

http://download.hijackthis.eu/HJTInstall.exe

[Power to people]

If you want you could download an application called hijack this. When you run it, it gives you a log of what is running on your machine. If you paste all the text of the log into this forum I will have a look at it later and see if anything dodgy is running.

Don't reformat because you will lose all your drivers and settings and that is a pain in the arse.

http://download.hijackthis.eu/HJTInstall.exe

I've got a restore CD so not bothered about re-loading XP, but yeah it would be a pain having to re-install all my odd equipment and email etc (sp)

If Spybot don't fix then I'll have a look at that hijackthis and post the log see if you see anything I'm missing

[Samdy Gray]

I didn't tick the safe mode box ?....should I have  - although it did say about it needed to remove the desktop & taskbar while scanning which it did

Best thing to do is start the PC in safemode the run the scan, otherwise the Spyware gets loaded during boot-up and the scan won't be able to remove it if it's already running or hiding inside another running application.

I'm sure my isp (talktalk) isn't using Phorm

Yeah, it probably isn't - but be warned that TalkTalk have signed up to the Phorm service so they might start selling your browsing habits in future!

[Power to people]

Right, loaded Spybot in Safe mode and it found nothing, went into IE and all was fine....just slow.

After a while just all of a sudden I start getting adware (at the moment mai ones are BA & Clairvoyance !) opening up and IE is soooo slow, if I close it down and open up a page it is fine but go from 1 page to another is nigh on impossible.

I have run Hijack this here is the contents of the log file....any help appreciated, this is getting daft

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:57, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 3\HOMERunner.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swindontownfc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\PAUL&S~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\mslatest_updt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [1018c977] rundll32.exe "C:\WINDOWS\system32\vjsguqah.dll",b
O4 - HKLM\..\Run: [BM132bfaeb] Rundll32.exe "C:\WINDOWS\system32\jbedydro.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 3\HOMERunner.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196704030000
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8330 bytes

[Simon Pieman]

If you still have hijackthis open tick the follwing entries to fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O4 - HKLM\..\Run: [1018c977] rundll32.exe "C:\WINDOWS\system32\vjsguqah.dll",b

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

If not open run it again and then check the boxes to fix those entries.

[Simon Pieman]

There's possibly another couple of entries that may need fixing but sort those out first. I know for a fact the top one is buggering up your IE

[lebowski]

A lot of the shit you pick up off the internet is from those "are you a werewolf?" games on the facebooks.

That and looking at grumble on the web.