«

I'm being pestered by popups. Some adware installed on my PC launches
an Advertising_Loading_Window and this launches ads at a regular
interval. Running Adsgone popup software only works partially. Adaware
and Spybot S&D don't work.

Below is my HijackThis log.

Can anyone here help? Thank you!

Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
Advertising_Loading_Window en deze lanceert reclame popups zo nu en
dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
alle. Adaware en Spybot S&D helpen totaal niet.

Onderstaand staat mijn HijackThis log.

Kan iemand helpen? Bij voorbaat dank!

Logfile of HijackThis v1.97.7
Scan saved at 1:57:12 AM, on 11/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
C:\WINNT\iexplore.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tinus\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 24.232.241.94:80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
Mouse\5.3\MOUSE32A.EXE
O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
Files\Picasa\PicasaMediaDetector.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program
Files\AdsGone\adsgone.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
(download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
NameServer = 194.109.104.104,194.109.6.66

Yeah? You seem to have a virus too...
http://securityresponse.symantec.com...r.exploit.html

>| I'm being pestered by popups. Some adware installed on my PC launches
>| an Advertising_Loading_Window and this launches ads at a regular
>| interval. Running Adsgone popup software only works partially.
>| Adaware
>| and Spybot S&D don't work.
>|
>| Below is my HijackThis log.
>|
>| Can anyone here help? Thank you!
>|
>| Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
>| Advertising_Loading_Window en deze lanceert reclame popups zo nu en
>| dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
>| alle. Adaware en Spybot S&D helpen totaal niet.
>|
>| Onderstaand staat mijn HijackThis log.
>|
>| Kan iemand helpen? Bij voorbaat dank!
>|
>| Logfile of HijackThis v1.97.7
>| Scan saved at 1:57:12 AM, on 11/1/2004
>| Platform: Windows 2000 SP4 (WinNT 5.00.2195)
>| MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>|
>| Running processes:
>| C:\WINNT\System32\smss.exe
>| C:\WINNT\system32\winlogon.exe
>| C:\WINNT\system32\services.exe
>| C:\WINNT\system32\lsass.exe
>| C:\WINNT\system32\svchost.exe
>| C:\WINNT\system32\spoolsv.exe
>| C:\WINNT\System32\svchost.exe
>| C:\Program Files\Ahead\InCD\InCDsrv.exe
>| C:\WINNT\system32\nvsvc32.exe
>| C:\WINNT\system32\regsvc.exe
>| C:\WINNT\system32\MSTask.exe
>| C:\WINNT\system32\slserv.exe
>| C:\WINNT\System32\WBEM\WinMgmt.exe
>| C:\WINNT\system32\svchost.exe
>| C:\WINNT\Explorer.EXE
>| C:\WINNT\system32\CTHELPER.EXE
>| C:\WINNT\anvshell.exe
>| C:\Program Files\Winamp\winampa.exe
>| C:\Program Files\Ahead\InCD\InCD.exe
>| C:\WINNT\system32\rundll32.exe
>| C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>| C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
>| C:\WINNT\iexplore.exe
>| C:\Program Files\Picasa\PicasaMediaDetector.exe
>| C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
>| C:\Program Files\AnalogX\MaxMem\maxmem.exe
>| C:\Program Files\Internet Explorer\IEXPLORE.EXE
>| C:\Documents and Settings\tinus\My Documents\HijackThis.exe
>|
>| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>| http://www.google.nl/
>| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
>| Settings,ProxyServer = 24.232.241.94:80
>| O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
>| C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
>| O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>| C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
>| O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
>| {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
>| O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
>| O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>| C:\WINNT\system32\NvCpl.dll,NvStartup
>| O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
>| O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
>| O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
>| O4 - HKLM\..\Run: [Jet Detection] "C:\Program
>| Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
>| O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
>| C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
>| O4 - HKLM\..\Run: [anvshell] anvshell.exe
>| O4 - HKLM\..\Run: [LiveNote] livenote.exe
>| O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
>| O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
>| O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
>| O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>| Files\Real\Update_OB\realsched.exe" -osboot
>| O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
>| Mouse\5.3\MOUSE32A.EXE
>| O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
>| O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
>| Files\Picasa\PicasaMediaDetector.exe
>| O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
>| O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
>| O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
>| Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
>| O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
>| Files\Adobe\Calibration\Adobe Gamma Loader.exe
>| O4 - Global Startup: AdsGone 2003.lnk = C:\Program
>| Files\AdsGone\adsgone.exe
>| O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
>| C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
>| O4 - Global Startup: Microsoft Office.lnk = C:\Program
>| Files\Microsoft Office\Office\OSA9.EXE
>| O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
>| present
>| O12 - Plugin for .spop: C:\Program Files\Internet
>| Explorer\Plugins\NPDocBox.dll
>| O16 - DPF: {10000000-1000-0000-1000-000000000000} -
>| ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
>| O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
>| (MsnMessengerSetupDownloadControl Class) -
>| http://messenger.msn.com/download/Ms...Downloader.cab
>| O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
>| (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
>| O17 -
>| HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
>| NameServer = 194.109.104.104,194.109.6.66



--
"If there are no dogs in Heaven, then when I die, I want to go where
THEY went." ~Will Rogers~

Martijn wrote:
> I'm being pestered by popups. Some adware installed on my PC launches
> an Advertising_Loading_Window and this launches ads at a regular
> interval. Running Adsgone popup software only works partially. Adaware
> and Spybot S&D don't work.
>
> Below is my HijackThis log.
>
> Can anyone here help? Thank you!
>
>

Try removing the DPF's.

The first one looks like it might do a redirect.. The POP might have
something to do with it.

The second one looks like it is for MSN messenger.. It might be ok to
leave this one.

The third one looks ok too. If you don't use online storage, then
delete it.

The last one looks fishy. It looks like it forces your computer to use
new name servers.


Update Spybot. Use the latest version and make sure you have the latest
updates.

Try AdAware 6 as well.

-Posted to 24hoursupport.helpdesk-




> O16 - DPF: {10000000-1000-0000-1000-000000000000} -
> ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/Ms...Downloader.cab
> O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
> (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
> O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
> NameServer = 194.109.104.104,194.109.6.66

Martijn typed:
> I'm being pestered by popups. Some adware installed on my PC launches
> an Advertising_Loading_Window and this launches ads at a regular
> interval. Running Adsgone popup software only works partially. Adaware
> and Spybot S&D don't work.
>
> Below is my HijackThis log.

<snip good stuff>

Pop ups come from many places.

> Logfile of HijackThis v1.97.7

Download the latest v1.98.2 version of HijackThis:
http://aumha.org/downloads/hijackthis.exe
or
http://tools.radiosplace.com/HijackThis.exe

> C:\Documents and Settings\tinus\My Documents\HijackThis.exe

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on
C: then right click and select New then Folder and name it HJT.

Move HijackThis.exe into this folder as you do not want the HijackThis
backup logs all over your My Documents folder.

When you run HijackThis from C:\HJT folder by double clicking on it and have
it "Fixed checked" it will create a backup file of modifications to use if
restore is necessary.

> Settings,ProxyServer = 24.232.241.94:80

> O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
> O4 - Global Startup: AdsGone 2003.lnk = C:\Program
> Files\AdsGone\adsgone.exe

Go to Add/Remove Programs and uninstall AdsGone.
The Google Toolbar is a much better pop up stopper and uses less system
resources.
Read further for more ad busting tips.

> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE

Big system resource waster and is un-necessary.

> O16 - DPF: {10000000-1000-0000-1000-000000000000} -
> ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
> O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
> (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

Install the prevention protection below and help your friends from being
infected on the Internet.

Empty the Recycle Bin.

The Temp folders should be cleaned out periodically as installation programs
and hijack programs leave a lot of junk there.
Index.dat Suite helps with this.
http://support.it-mate.co.uk/?mode=P...index.datsuite

Insure that Index.dat Suite is Setup to empty the Temp folders especially
C:\Documents and Settings\{user}\Local Settings\Temp
then run the Find and create the run.bat and reboot to have it remove what
it finds.

{user} is the tinus User Account ID.
Removal of infections and prevention protection should be installed on ALL
User Account IDS.

Download and install WinPatrol.
http://www.winpatrol.com

Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm

Install IE-SPYAD then run the install.bat in the ie-spyad folder and
SpywareBlaster then keep them up to date as today's Internet is full
of nasty infections.
https://netfiles.uiuc.edu/ehowes/www...ce.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html

Install an ad blocking HOSTS file. I use hpHOSTS file.
http://webpages.charter.net/hpguru/hosts/hosts.html
Review the README for installation information.
--
YoKenny

Clean the virus you have dummy
http://securityresponse.symantec.com...r.exploit.html


Martijn <> wrote:
> I'm being pestered by popups. Some adware installed on my PC launches
> an Advertising_Loading_Window and this launches ads at a regular
> interval. Running Adsgone popup software only works partially. Adaware
> and Spybot S&D don't work.
>
> Below is my HijackThis log.
>
> Can anyone here help? Thank you!
>
> Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
> Advertising_Loading_Window en deze lanceert reclame popups zo nu en
> dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
> alle. Adaware en Spybot S&D helpen totaal niet.
>
> Onderstaand staat mijn HijackThis log.
>
> Kan iemand helpen? Bij voorbaat dank!
>
> Logfile of HijackThis v1.97.7
> Scan saved at 1:57:12 AM, on 11/1/2004
> Platform: Windows 2000 SP4 (WinNT 5.00.2195)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINNT\System32\smss.exe
> C:\WINNT\system32\winlogon.exe
> C:\WINNT\system32\services.exe
> C:\WINNT\system32\lsass.exe
> C:\WINNT\system32\svchost.exe
> C:\WINNT\system32\spoolsv.exe
> C:\WINNT\System32\svchost.exe
> C:\Program Files\Ahead\InCD\InCDsrv.exe
> C:\WINNT\system32\nvsvc32.exe
> C:\WINNT\system32\regsvc.exe
> C:\WINNT\system32\MSTask.exe
> C:\WINNT\system32\slserv.exe
> C:\WINNT\System32\WBEM\WinMgmt.exe
> C:\WINNT\system32\svchost.exe
> C:\WINNT\Explorer.EXE
> C:\WINNT\system32\CTHELPER.EXE
> C:\WINNT\anvshell.exe
> C:\Program Files\Winamp\winampa.exe
> C:\Program Files\Ahead\InCD\InCD.exe
> C:\WINNT\system32\rundll32.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
> C:\WINNT\iexplore.exe
> C:\Program Files\Picasa\PicasaMediaDetector.exe
> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
> C:\Program Files\AnalogX\MaxMem\maxmem.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Documents and Settings\tinus\My Documents\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.google.nl/
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyServer = 24.232.241.94:80
> O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
> {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
> O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINNT\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
> O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
> O4 - HKLM\..\Run: [Jet Detection] "C:\Program
> Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [anvshell] anvshell.exe
> O4 - HKLM\..\Run: [LiveNote] livenote.exe
> O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
> O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
> Mouse\5.3\MOUSE32A.EXE
> O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
> O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
> Files\Picasa\PicasaMediaDetector.exe
> O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
> O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
> O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
> Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: AdsGone 2003.lnk = C:\Program
> Files\AdsGone\adsgone.exe
> O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
> C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
> present
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {10000000-1000-0000-1000-000000000000} -
> ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/Ms...Downloader.cab
> O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
> (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
> NameServer = 194.109.104.104,194.109.6.66

Max of Mad schreef:
> Martijn wrote:
>
>> I'm being pestered by popups. Some adware installed on my PC launches
>> an Advertising_Loading_Window and this launches ads at a regular
>> interval. Running Adsgone popup software only works partially. Adaware
>> and Spybot S&D don't work.
>>
>> Below is my HijackThis log.
>>
>> Can anyone here help? Thank you!

<KNIP>

> The last one looks fishy. It looks like it forces your computer to use
> new name servers.
>
>
> Update Spybot. Use the latest version and make sure you have the latest
> updates.
>
> Try AdAware 6 as well.
>
> -Posted to 24hoursupport.helpdesk-

<KNIP>

>> O17 -
>> HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
>> NameServer = 194.109.104.104,194.109.6.66

Dit zijn de DNS servers van XS4all. Die zijn zeker niet verdacht! Zie:
http://www.xs4all.nl/helpdesk/algemeen/servers.html
--

Rudolpho

In article <> kadbitcha <> wrote:
>
>FakeMail, <>, the garbled, wide-angle fondue,
>and real estate agent, whined:
>
>> "Martijn" <> schreef in bericht
>> news: m...
>>
>> http://moderate.prikpagina.nl/list.php?f=123
>>
>> Klik op de link LEES DIT EERST!! en volg het stappenplan.
>> Download daar wel even de nieuwste versie van HJT
>
>Jij bent vast een afgevallen baarmoedergeslingerde meeëter. Straks vind ik
>je nog een geflipte binneste buiten gepijpte apenhaar. Ik denk dat je kan
>doorgaan als een irritante kale kutveger.

A thief believes everybody steals.

--
Lady Chatterly

"You need to adjust your code a bit Lady C. Looks like you have the
word "you: caught in a loop. I makes the above statement
incomprehensable." -- Crawdad

In article <> kadickless <> wrote:
>
>FakeMail, <>, the throwaway, indefensible
>grandpa, and puppeteer/marionetteer, pussyfooted:
>
>> "Martijn" <> schreef in bericht
>> news: m...
>>
>> http://moderate.prikpagina.nl/list.php?f=123
>>
>> Klik op de link LEES DIT EERST!! en volg het stappenplan.
>> Download daar wel even de nieuwste versie van HJT
>
>Ik vind jou een klootzakkende laxerend werkende mafkees. Jij bent een
>schetenlatende tyfus anuslikker. Jij afgetrokken afvallige konijnennaaier.

Every dog hath its day.

--
Lady Chatterly

"The whole Lady Chatterly thing has been poetic justice." --
theoneflasehaddock

"Martijn" <> schreef in bericht
news: m...

http://moderate.prikpagina.nl/list.php?f=123

Klik op de link LEES DIT EERST!! en volg het stappenplan.
Download daar wel even de nieuwste versie van HJT

Lady Chatterly schreef:
> In article <> kadbitcha <> wrote:
>
>>FakeMail, <>, the garbled, wide-angle fondue,
>>and real estate agent, whined:
>>
>>
>>>"Martijn" <> schreef in bericht
>>>news: .com...
>>>
>>>http://moderate.prikpagina.nl/list.php?f=123
>>>
>>>Klik op de link LEES DIT EERST!! en volg het stappenplan.
>>>Download daar wel even de nieuwste versie van HJT
>>
>>Jij bent vast een afgevallen baarmoedergeslingerde meeëter. Straks vind ik
>>je nog een geflipte binneste buiten gepijpte apenhaar. Ik denk dat je kan
>>doorgaan als een irritante kale kutveger.
>
>
> A thief believes everybody steals.
>

/| /|
||__||
/ O O\__
/ \
/ \ \
/ _ \ \
/ |\____\ \
/ | | | |\____/
/ \|_|_|/ | _ ---------------------
/ / \ |____| || | Gelieve niet de |
/ | | | --| | trollen te voeren |
| | | |____ --| | Dank u wel. |
* _ | |_|_|_| | \-/ ---------+-+---------
*-- _--\ _ \ | | |
/ _ \\ | / | |
* / \_ /- | | | | |
* ___ c_c_c_C/ \C_c_c_c____________________|_|__________
--

Rudolpho