Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Pop ups

Reply
Thread Tools

Pop ups

 
 
ducaannalise@gmail.com
Guest
Posts: n/a
 
      05-24-2006
I have a problem...every time i open my brower...these pop ups open ups

http://amaena.com/securityworm5/?aid=exus2&lid=8a

http://www.savi-ngs.com/tau.html

there are more but there are few of them...

can some one help me to remove them please...

i scan my pc from spyware every day and still this problem keeps on
happening... its quite annoying becuase it doesn;t lets you freely
browse the net coz every second a new pop up will appear...

Lisa

 
Reply With Quote
 
 
 
 
pcbutts1
Guest
Posts: n/a
 
      05-24-2006
Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows Defender (Beta2)
http://www.microsoft.com/athome/secu...e/default.mspx


If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone especially the troll Leythos, who will tag
along a nonsense post to this message, who tells you to post it elsewhere. I
need to see it not him.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I have a problem...every time i open my brower...these pop ups open ups
>
> http://amaena.com/securityworm5/?aid=exus2&lid=8a
>
> http://www.savi-ngs.com/tau.html
>
> there are more but there are few of them...
>
> can some one help me to remove them please...
>
> i scan my pc from spyware every day and still this problem keeps on
> happening... its quite annoying becuase it doesn;t lets you freely
> browse the net coz every second a new pop up will appear...
>
> Lisa
>



 
Reply With Quote
 
 
 
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      05-24-2006
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> I have a problem...every time i open my brower...these pop ups open ups


If you are using Firefox (that you posted with), do you have it set to
block popups?

> http://amaena.com/securityworm5/?aid=exus2&lid=8a


Ah. Goad to purchase anti-spyware software. Not good. You're infected
with something.

> http://www.savi-ngs.com/tau.html


Hard to tell what this one is doing. The link just redirects to a
JavaScript script.

> there are more but there are few of them...
>
> can some one help me to remove them please...
>
> i scan my pc from spyware every day


Would help if you mentioned all the anti-spyware apps you have used.

> and still this problem keeps on happening... its quite annoying
> becuase it doesn;t lets you freely browse the net


...the World Wide Web

> coz every second a new pop up will appear...


http://k75s.home.att.net/tips.html#spyware

--
-bts
-Warning: I brake for lawn deer
 
Reply With Quote
 
ducaannalise@gmail.com
Guest
Posts: n/a
 
      05-25-2006
hi pcbutts1

i downloaded the microsoft windows defender...and still the pop up
keeps on appearing...then i downloaded the Hijack this and this it
following log:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:10 AM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\cisvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\defender.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Annalise\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= about:blank
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}
- c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AdobeReaderPro] msnserv.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware]
c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [defender] C:\WINDOWS\defender.exe
O4 - HKLM\..\Run: [VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program
Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
/embedding
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program
Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe"
-minimize
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe
-trayboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsu...?1146068026334
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsof...?1146847603642
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://www.popcap.com/games/popcaploader_v6.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{800A9892-689C-47F3-90C7-6BC9AF63848C}:
NameServer = 194.158.37.196,194.158.37.211
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B622FF12-AC1D-4AC3-BE6F-D8A8CFD9FC01}:
NameServer = 194.158.37.196,194.158.37.211
O17 -
HKLM\System\CCS\Services\Tcpip\..\{EF02F72A-2528-46B4-9128-EDCF475E9D39}:
NameServer = 194.158.37.196 194.158.37.211
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Dynamic Directory -
C:\WINDOWS\system32\hrnm0551e.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia
Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. -
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program
Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program
Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe

10x for the help

 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      05-25-2006
Have HJT fix the following lines by placing a check in the box next to each
line then clicking on the fix checked button on the bottom.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= about:blank
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Dynamic Directory -
C:\WINDOWS\system32\hrnm0551e.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program
Files\Network Monitor\netmon.exe (file missing)



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> hi pcbutts1
>
> i downloaded the microsoft windows defender...and still the pop up
> keeps on appearing...then i downloaded the Hijack this and this it
> following log:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 9:32:10 AM, on 5/25/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>



 
Reply With Quote
 
Paulos
Guest
Posts: n/a
 
      05-25-2006
Hi Ive got one of these lines in my HJT scan, can you tell me any more
information about it?

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Cheers Paulos



"pcbutts1" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> Have HJT fix the following lines by placing a check in the box next to
> each line then clicking on the fix checked button on the bottom.
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = about:blank
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
> O20 - Winlogon Notify: Dynamic Directory -
> C:\WINDOWS\system32\hrnm0551e.dll
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O23 - Service: Command Service (cmdService) - Unknown owner -
> C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
> O23 - Service: Network Monitor - Unknown owner - C:\Program
> Files\Network Monitor\netmon.exe (file missing)
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> hi pcbutts1
>>
>> i downloaded the microsoft windows defender...and still the pop up
>> keeps on appearing...then i downloaded the Hijack this and this it
>> following log:
>>
>> Logfile of HijackThis v1.99.1
>> Scan saved at 9:32:10 AM, on 5/25/2006
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>

>
>



 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      05-25-2006
It's part of the new MS Windows Genuine Advantage. It's a legitimate program
but MS is having problems with it. If it is removed it will be reinstalled
with a current updated version during the next windows update.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Paulos" <(E-Mail Removed)> wrote in message
news:npodg.963$(E-Mail Removed)...
> Hi Ive got one of these lines in my HJT scan, can you tell me any more
> information about it?
>
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
>
> Cheers Paulos
>
>
>
> "pcbutts1" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
>> Have HJT fix the following lines by placing a check in the box next to
>> each line then clicking on the fix checked button on the bottom.
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
>> = about:blank
>> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
>> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
>> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
>> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
>> O20 - Winlogon Notify: Dynamic Directory -
>> C:\WINDOWS\system32\hrnm0551e.dll
>> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
>> O23 - Service: Command Service (cmdService) - Unknown owner -
>> C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
>> O23 - Service: Network Monitor - Unknown owner - C:\Program
>> Files\Network Monitor\netmon.exe (file missing)
>>
>>
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) oups.com...
>>> hi pcbutts1
>>>
>>> i downloaded the microsoft windows defender...and still the pop up
>>> keeps on appearing...then i downloaded the Hijack this and this it
>>> following log:
>>>
>>> Logfile of HijackThis v1.99.1
>>> Scan saved at 9:32:10 AM, on 5/25/2006
>>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>>

>>
>>

>
>



 
Reply With Quote
 
KTI
Guest
Posts: n/a
 
      06-01-2006
I have the same problem. Can You please help me too! My Hijack This
logfile is:
Logfile of HijackThis v1.99.1
Scan saved at 18:36:24, on 1.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\system32\a8039c62.exe
C:\Program Files\EMS Free Surfer Companion\fs30.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Priit\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://neti.ee/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
prosearching.com
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
Access\MediaAccK.exe
O4 - HKLM\..\Run: [a8039c62.exe] C:\WINDOWS\system32\a8039c62.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\EMS Free Surfer
Companion\fs30.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [a8039c62.exe] C:\Documents and Settings\Priit\Local
Settings\Application Data\a8039c62.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program
Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E}
- C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer -
{AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free
Surfer Companion\FS30.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/We...bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet
Group Hardware Control) -
https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.co...?1112617393817
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://axis.ivmv.ee/activex/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
-
http://www.msngamecentre.co.uk/onlin...ploader_v6.cab
O20 - Winlogon Notify: ModuleUsage -
C:\WINDOWS\system32\n02u0af9ed2.dll
O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common
Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe


pcbutts1 a écrit :

> Have HJT fix the following lines by placing a check in the box next to each
> line then clicking on the fix checked button on the bottom.
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = about:blank
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
> O20 - Winlogon Notify: Dynamic Directory -
> C:\WINDOWS\system32\hrnm0551e.dll
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O23 - Service: Command Service (cmdService) - Unknown owner -
> C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
> O23 - Service: Network Monitor - Unknown owner - C:\Program
> Files\Network Monitor\netmon.exe (file missing)
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> > hi pcbutts1
> >
> > i downloaded the microsoft windows defender...and still the pop up
> > keeps on appearing...then i downloaded the Hijack this and this it
> > following log:
> >
> > Logfile of HijackThis v1.99.1
> > Scan saved at 9:32:10 AM, on 5/25/2006
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> >


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      06-01-2006
In article <(E-Mail Removed) .com>,
(E-Mail Removed) says...
>
> I have the same problem. Can You please help me too! My Hijack This
> logfile is:
> Logfile of HijackThis v1.99.1
> Scan saved at 18:36:24, on 1.06.2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:


Why didn't you just post the HJ Log to one of the HiJack forums where
you would get a response in just a few minutes - which is all that butts
is going to do - he's going to snip your log, paste it into one of the
online HJ forums, wait for a response, and then past it back here for
you to read.

--

(E-Mail Removed)
remove 999 in order to email me
 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      06-01-2006
"KTI" <(E-Mail Removed)> wrote:

|>I have the same problem. Can You please help me too! My Hijack This
|>logfile is:
|>Logfile of HijackThis v1.99.1

Post it to http://hijackthis.de/en you've got something called
medicaccess that should be removed.

--
http://jesuspan.com/
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
UPS service won't start/no UPS tab in Power Options jdimester Computer Support 6 01-23-2010 03:27 PM
pop-ups problem Hendrik Maryns Firefox 5 05-14-2005 06:47 AM
pop-ups? John Firefox 32 03-08-2005 08:56 AM
pop up prevention problem; for wanted pop ups joe doe Firefox 2 03-03-2005 08:08 AM
Pop-ups, spyware, and the like PopUlist349@hotmail.com Firefox 3 12-30-2004 12:06 AM



Advertisments