Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Being pestered by popups / word lastig gevallen door popups.

Reply
Thread Tools

Being pestered by popups / word lastig gevallen door popups.

 
 
Martijn
Guest
Posts: n/a
 
      11-01-2004
I'm being pestered by popups. Some adware installed on my PC launches
an Advertising_Loading_Window and this launches ads at a regular
interval. Running Adsgone popup software only works partially. Adaware
and Spybot S&D don't work.

Below is my HijackThis log.

Can anyone here help? Thank you!

Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
Advertising_Loading_Window en deze lanceert reclame popups zo nu en
dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
alle. Adaware en Spybot S&D helpen totaal niet.

Onderstaand staat mijn HijackThis log.

Kan iemand helpen? Bij voorbaat dank!

Logfile of HijackThis v1.97.7
Scan saved at 1:57:12 AM, on 11/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
C:\WINNT\iexplore.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tinus\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 24.232.241.94:80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
Mouse\5.3\MOUSE32A.EXE
O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
Files\Picasa\PicasaMediaDetector.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program
Files\AdsGone\adsgone.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
(download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
NameServer = 194.109.104.104,194.109.6.66
 
Reply With Quote
 
 
 
 
Toolman Tim
Guest
Posts: n/a
 
      11-01-2004
Yeah? You seem to have a virus too...
http://securityresponse.symantec.com...r.exploit.html

>| I'm being pestered by popups. Some adware installed on my PC launches
>| an Advertising_Loading_Window and this launches ads at a regular
>| interval. Running Adsgone popup software only works partially.
>| Adaware
>| and Spybot S&D don't work.
>|
>| Below is my HijackThis log.
>|
>| Can anyone here help? Thank you!
>|
>| Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
>| Advertising_Loading_Window en deze lanceert reclame popups zo nu en
>| dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
>| alle. Adaware en Spybot S&D helpen totaal niet.
>|
>| Onderstaand staat mijn HijackThis log.
>|
>| Kan iemand helpen? Bij voorbaat dank!
>|
>| Logfile of HijackThis v1.97.7
>| Scan saved at 1:57:12 AM, on 11/1/2004
>| Platform: Windows 2000 SP4 (WinNT 5.00.2195)
>| MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>|
>| Running processes:
>| C:\WINNT\System32\smss.exe
>| C:\WINNT\system32\winlogon.exe
>| C:\WINNT\system32\services.exe
>| C:\WINNT\system32\lsass.exe
>| C:\WINNT\system32\svchost.exe
>| C:\WINNT\system32\spoolsv.exe
>| C:\WINNT\System32\svchost.exe
>| C:\Program Files\Ahead\InCD\InCDsrv.exe
>| C:\WINNT\system32\nvsvc32.exe
>| C:\WINNT\system32\regsvc.exe
>| C:\WINNT\system32\MSTask.exe
>| C:\WINNT\system32\slserv.exe
>| C:\WINNT\System32\WBEM\WinMgmt.exe
>| C:\WINNT\system32\svchost.exe
>| C:\WINNT\Explorer.EXE
>| C:\WINNT\system32\CTHELPER.EXE
>| C:\WINNT\anvshell.exe
>| C:\Program Files\Winamp\winampa.exe
>| C:\Program Files\Ahead\InCD\InCD.exe
>| C:\WINNT\system32\rundll32.exe
>| C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>| C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
>| C:\WINNT\iexplore.exe
>| C:\Program Files\Picasa\PicasaMediaDetector.exe
>| C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
>| C:\Program Files\AnalogX\MaxMem\maxmem.exe
>| C:\Program Files\Internet Explorer\IEXPLORE.EXE
>| C:\Documents and Settings\tinus\My Documents\HijackThis.exe
>|
>| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>| http://www.google.nl/
>| R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
>| Settings,ProxyServer = 24.232.241.94:80
>| O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
>| C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
>| O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>| C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
>| O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
>| {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
>| O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
>| O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
>| C:\WINNT\system32\NvCpl.dll,NvStartup
>| O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
>| O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
>| O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
>| O4 - HKLM\..\Run: [Jet Detection] "C:\Program
>| Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
>| O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
>| C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
>| O4 - HKLM\..\Run: [anvshell] anvshell.exe
>| O4 - HKLM\..\Run: [LiveNote] livenote.exe
>| O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
>| O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
>| O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
>| O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>| Files\Real\Update_OB\realsched.exe" -osboot
>| O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
>| Mouse\5.3\MOUSE32A.EXE
>| O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
>| O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
>| Files\Picasa\PicasaMediaDetector.exe
>| O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
>| O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
>| O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
>| Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
>| O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
>| Files\Adobe\Calibration\Adobe Gamma Loader.exe
>| O4 - Global Startup: AdsGone 2003.lnk = C:\Program
>| Files\AdsGone\adsgone.exe
>| O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
>| C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
>| O4 - Global Startup: Microsoft Office.lnk = C:\Program
>| Files\Microsoft Office\Office\OSA9.EXE
>| O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
>| present
>| O12 - Plugin for .spop: C:\Program Files\Internet
>| Explorer\Plugins\NPDocBox.dll
>| O16 - DPF: {10000000-1000-0000-1000-000000000000} -
>| ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
>| O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
>| (MsnMessengerSetupDownloadControl Class) -
>| http://messenger.msn.com/download/Ms...Downloader.cab
>| O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
>| (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
>| O17 -
>| HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
>| NameServer = 194.109.104.104,194.109.6.66




--
"If there are no dogs in Heaven, then when I die, I want to go where
THEY went." ~Will Rogers~


 
Reply With Quote
 
 
 
 
Max of Mad
Guest
Posts: n/a
 
      11-01-2004
Martijn wrote:
> I'm being pestered by popups. Some adware installed on my PC launches
> an Advertising_Loading_Window and this launches ads at a regular
> interval. Running Adsgone popup software only works partially. Adaware
> and Spybot S&D don't work.
>
> Below is my HijackThis log.
>
> Can anyone here help? Thank you!
>
>


Try removing the DPF's.

The first one looks like it might do a redirect.. The POP might have
something to do with it.

The second one looks like it is for MSN messenger.. It might be ok to
leave this one.

The third one looks ok too. If you don't use online storage, then
delete it.

The last one looks fishy. It looks like it forces your computer to use
new name servers.


Update Spybot. Use the latest version and make sure you have the latest
updates.

Try AdAware 6 as well.

-Posted to 24hoursupport.helpdesk-




> O16 - DPF: {10000000-1000-0000-1000-000000000000} -
> ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/Ms...Downloader.cab
> O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
> (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
> O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
> NameServer = 194.109.104.104,194.109.6.66

 
Reply With Quote
 
CalamityKen
Guest
Posts: n/a
 
      11-01-2004
Martijn typed:
> I'm being pestered by popups. Some adware installed on my PC launches
> an Advertising_Loading_Window and this launches ads at a regular
> interval. Running Adsgone popup software only works partially. Adaware
> and Spybot S&D don't work.
>
> Below is my HijackThis log.


<snip good stuff>

Pop ups come from many places.

> Logfile of HijackThis v1.97.7


Download the latest v1.98.2 version of HijackThis:
http://aumha.org/downloads/hijackthis.exe
or
http://tools.radiosplace.com/HijackThis.exe

> C:\Documents and Settings\tinus\My Documents\HijackThis.exe


Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on
C: then right click and select New then Folder and name it HJT.

Move HijackThis.exe into this folder as you do not want the HijackThis
backup logs all over your My Documents folder.

When you run HijackThis from C:\HJT folder by double clicking on it and have
it "Fixed checked" it will create a backup file of modifications to use if
restore is necessary.

> Settings,ProxyServer = 24.232.241.94:80


> O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
> O4 - Global Startup: AdsGone 2003.lnk = C:\Program
> Files\AdsGone\adsgone.exe


Go to Add/Remove Programs and uninstall AdsGone.
The Google Toolbar is a much better pop up stopper and uses less system
resources.
Read further for more ad busting tips.

> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE


Big system resource waster and is un-necessary.

> O16 - DPF: {10000000-1000-0000-1000-000000000000} -
> ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
> O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
> (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab


Install the prevention protection below and help your friends from being
infected on the Internet.

Empty the Recycle Bin.

The Temp folders should be cleaned out periodically as installation programs
and hijack programs leave a lot of junk there.
Index.dat Suite helps with this.
http://support.it-mate.co.uk/?mode=P...index.datsuite

Insure that Index.dat Suite is Setup to empty the Temp folders especially
C:\Documents and Settings\{user}\Local Settings\Temp
then run the Find and create the run.bat and reboot to have it remove what
it finds.

{user} is the tinus User Account ID.
Removal of infections and prevention protection should be installed on ALL
User Account IDS.

Download and install WinPatrol.
http://www.winpatrol.com

Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm

Install IE-SPYAD then run the install.bat in the ie-spyad folder and
SpywareBlaster then keep them up to date as today's Internet is full
of nasty infections.
https://netfiles.uiuc.edu/ehowes/www...ce.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html

Install an ad blocking HOSTS file. I use hpHOSTS file.
http://webpages.charter.net/hpguru/hosts/hosts.html
Review the README for installation information.
--
YoKenny

 
Reply With Quote
 
Trai' La' Trash
Guest
Posts: n/a
 
      11-01-2004
Clean the virus you have dummy
http://securityresponse.symantec.com...r.exploit.html


Martijn <(E-Mail Removed)> wrote:
> I'm being pestered by popups. Some adware installed on my PC launches
> an Advertising_Loading_Window and this launches ads at a regular
> interval. Running Adsgone popup software only works partially. Adaware
> and Spybot S&D don't work.
>
> Below is my HijackThis log.
>
> Can anyone here help? Thank you!
>
> Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
> Advertising_Loading_Window en deze lanceert reclame popups zo nu en
> dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
> alle. Adaware en Spybot S&D helpen totaal niet.
>
> Onderstaand staat mijn HijackThis log.
>
> Kan iemand helpen? Bij voorbaat dank!
>
> Logfile of HijackThis v1.97.7
> Scan saved at 1:57:12 AM, on 11/1/2004
> Platform: Windows 2000 SP4 (WinNT 5.00.2195)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINNT\System32\smss.exe
> C:\WINNT\system32\winlogon.exe
> C:\WINNT\system32\services.exe
> C:\WINNT\system32\lsass.exe
> C:\WINNT\system32\svchost.exe
> C:\WINNT\system32\spoolsv.exe
> C:\WINNT\System32\svchost.exe
> C:\Program Files\Ahead\InCD\InCDsrv.exe
> C:\WINNT\system32\nvsvc32.exe
> C:\WINNT\system32\regsvc.exe
> C:\WINNT\system32\MSTask.exe
> C:\WINNT\system32\slserv.exe
> C:\WINNT\System32\WBEM\WinMgmt.exe
> C:\WINNT\system32\svchost.exe
> C:\WINNT\Explorer.EXE
> C:\WINNT\system32\CTHELPER.EXE
> C:\WINNT\anvshell.exe
> C:\Program Files\Winamp\winampa.exe
> C:\Program Files\Ahead\InCD\InCD.exe
> C:\WINNT\system32\rundll32.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
> C:\WINNT\iexplore.exe
> C:\Program Files\Picasa\PicasaMediaDetector.exe
> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
> C:\Program Files\AnalogX\MaxMem\maxmem.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Documents and Settings\tinus\My Documents\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.google.nl/
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyServer = 24.232.241.94:80
> O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
> {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
> O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINNT\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
> O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
> O4 - HKLM\..\Run: [Jet Detection] "C:\Program
> Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [anvshell] anvshell.exe
> O4 - HKLM\..\Run: [LiveNote] livenote.exe
> O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
> O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
> Mouse\5.3\MOUSE32A.EXE
> O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
> O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
> Files\Picasa\PicasaMediaDetector.exe
> O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
> O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
> O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
> Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: AdsGone 2003.lnk = C:\Program
> Files\AdsGone\adsgone.exe
> O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
> C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
> present
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {10000000-1000-0000-1000-000000000000} -
> ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/Ms...Downloader.cab
> O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
> (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
> NameServer = 194.109.104.104,194.109.6.66



 
Reply With Quote
 
Rudolpho
Guest
Posts: n/a
 
      11-01-2004
Max of Mad schreef:
> Martijn wrote:
>
>> I'm being pestered by popups. Some adware installed on my PC launches
>> an Advertising_Loading_Window and this launches ads at a regular
>> interval. Running Adsgone popup software only works partially. Adaware
>> and Spybot S&D don't work.
>>
>> Below is my HijackThis log.
>>
>> Can anyone here help? Thank you!


<KNIP>

> The last one looks fishy. It looks like it forces your computer to use
> new name servers.
>
>
> Update Spybot. Use the latest version and make sure you have the latest
> updates.
>
> Try AdAware 6 as well.
>
> -Posted to 24hoursupport.helpdesk-


<KNIP>

>> O17 -
>> HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
>> NameServer = 194.109.104.104,194.109.6.66


Dit zijn de DNS servers van XS4all. Die zijn zeker niet verdacht! Zie:
http://www.xs4all.nl/helpdesk/algemeen/servers.html
--

Rudolpho
 
Reply With Quote
 
Lady Chatterly
Guest
Posts: n/a
 
      11-01-2004
In article <(E-Mail Removed)> kadbitcha <(E-Mail Removed)> wrote:
>
>FakeMail, <(E-Mail Removed)>, the garbled, wide-angle fondue,
>and real estate agent, whined:
>
>> "Martijn" <(E-Mail Removed)> schreef in bericht
>> news:(E-Mail Removed) m...
>>
>> http://moderate.prikpagina.nl/list.php?f=123
>>
>> Klik op de link LEES DIT EERST!! en volg het stappenplan.
>> Download daar wel even de nieuwste versie van HJT

>
>Jij bent vast een afgevallen baarmoedergeslingerde meeŽter. Straks vind ik
>je nog een geflipte binneste buiten gepijpte apenhaar. Ik denk dat je kan
>doorgaan als een irritante kale kutveger.


A thief believes everybody steals.

--
Lady Chatterly

"You need to adjust your code a bit Lady C. Looks like you have the
word "you: caught in a loop. I makes the above statement
incomprehensable." -- Crawdad





 
Reply With Quote
 
Lady Chatterly
Guest
Posts: n/a
 
      11-01-2004
In article <(E-Mail Removed)> kadickless <(E-Mail Removed)> wrote:
>
>FakeMail, <(E-Mail Removed)>, the throwaway, indefensible
>grandpa, and puppeteer/marionetteer, pussyfooted:
>
>> "Martijn" <(E-Mail Removed)> schreef in bericht
>> news:(E-Mail Removed) m...
>>
>> http://moderate.prikpagina.nl/list.php?f=123
>>
>> Klik op de link LEES DIT EERST!! en volg het stappenplan.
>> Download daar wel even de nieuwste versie van HJT

>
>Ik vind jou een klootzakkende laxerend werkende mafkees. Jij bent een
>schetenlatende tyfus anuslikker. Jij afgetrokken afvallige konijnennaaier.


Every dog hath its day.

--
Lady Chatterly

"The whole Lady Chatterly thing has been poetic justice." --
theoneflasehaddock





 
Reply With Quote
 
FakeMail
Guest
Posts: n/a
 
      11-01-2004

"Martijn" <(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed) m...

http://moderate.prikpagina.nl/list.php?f=123

Klik op de link LEES DIT EERST!! en volg het stappenplan.
Download daar wel even de nieuwste versie van HJT


 
Reply With Quote
 
Rudolpho
Guest
Posts: n/a
 
      11-01-2004
Lady Chatterly schreef:
> In article <(E-Mail Removed)> kadbitcha <(E-Mail Removed)> wrote:
>
>>FakeMail, <(E-Mail Removed)>, the garbled, wide-angle fondue,
>>and real estate agent, whined:
>>
>>
>>>"Martijn" <(E-Mail Removed)> schreef in bericht
>>>news:(E-Mail Removed) .com...
>>>
>>>http://moderate.prikpagina.nl/list.php?f=123
>>>
>>>Klik op de link LEES DIT EERST!! en volg het stappenplan.
>>>Download daar wel even de nieuwste versie van HJT

>>
>>Jij bent vast een afgevallen baarmoedergeslingerde meeŽter. Straks vind ik
>>je nog een geflipte binneste buiten gepijpte apenhaar. Ik denk dat je kan
>>doorgaan als een irritante kale kutveger.

>
>
> A thief believes everybody steals.
>


/| /|
||__||
/ O O\__
/ \
/ \ \
/ _ \ \
/ |\____\ \
/ | | | |\____/
/ \|_|_|/ | _ ---------------------
/ / \ |____| || | Gelieve niet de |
/ | | | --| | trollen te voeren |
| | | |____ --| | Dank u wel. |
* _ | |_|_|_| | \-/ ---------+-+---------
*-- _--\ _ \ | | |
/ _ \\ | / | |
* / \_ /- | | | | |
* ___ c_c_c_C/ \C_c_c_c____________________|_|__________
--

Rudolpho
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Popups not working, even if Popups are allowed in IE Moe Sisko ASP .Net 1 08-04-2008 03:33 PM
being pestered by 'Diskeeper Lite' johngood_____ Computer Support 14 12-27-2007 02:35 AM
different between Door::new and Door.new Ming en Chia Ruby 1 04-08-2007 11:23 AM
Back-door worm targets vulnerability in Microsoft Word Au79 Computer Support 0 09-10-2006 05:04 AM
Ok... Telecom door to door? Jamie Kahn Genet NZ Computing 16 07-03-2006 10:03 AM



Advertisments