Adserver.adtech.de

Discussion in 'Computer Support' started by Scott Marshall, Aug 29, 2004.

  1. Whenever i open IE v6, i get a pop up box asking me to enter a username and
    password to connect to adserver.adtech.de

    i have installed Spyware Doctor from PC tools and downloaded all the latest
    updates from Microsoft for Windows XP.

    i have also check my pc for viruses and have none, according to AVG, anyway.

    does anyone know how i can get rid of this dialogue box?

    many thanks

    scott
     
    Scott Marshall, Aug 29, 2004
    #1
    1. Advertising

  2. Scott Marshall

    °Mike° Guest

    Install HijackThis and post the contents of your
    log here.

    HijackThis
    http://mjc1.com/mirror/hjt/
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    http://209.133.47.12/~merijn/files/HijackThis.exe
    http://aumha.org/downloads/hijackthis.zip
    http://aumha.org/downloads/hijackthis.exe


    On Sun, 29 Aug 2004 17:54:05 +0100, in
    <cgt1n1$hpg$>
    Scott Marshall scrawled:

    >Whenever i open IE v6, i get a pop up box asking me to enter a username and
    >password to connect to adserver.adtech.de
    >
    >i have installed Spyware Doctor from PC tools and downloaded all the latest
    >updates from Microsoft for Windows XP.
    >
    >i have also check my pc for viruses and have none, according to AVG, anyway.
    >
    >does anyone know how i can get rid of this dialogue box?
    >
    >many thanks
    >
    >scott
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 29, 2004
    #2
    1. Advertising

  3. Please see the results of my Hijack This log below:

    Logfile of HijackThis v1.98.2
    Scan saved at 00:16:58, on 30/08/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\Program Files\PCI Audio Applications\Mixer.exe
    C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\HijackThis19802.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
    http://acc.count-all.com/--/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://acc.count-all.com/--/?ydtfs (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
    http://acc.count-all.com/--/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://acc.count-all.com/-/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://acc.count-all.com/--/?ydtfs (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.newsnow.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.wanadoo.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://acc.count-all.com/-/?ydtfs about:blank
    (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://acc.count-all.com/---/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http://acc.count-all.com/--/?ydtfs (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Wanadoo
    F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio
    Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [OmniPage] C:\Program
    Files\Caere\OmniPagePro10.0\opware32.exe
    O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
    Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE"
    /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
    Doctor\spydoctor.exe" /Q
    O4 - Startup: AVG 6.0.lnk = C:\Program Files\Grisoft\AVG6\avgw.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
    5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet
    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    (PPSDKActiveXScanner.MainScreen) -
    http://www.pestscan.com/scanner/axscanner.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{1A3DC7E9-D6A7-40DC-9B8E-21A0D81AF5B4}:
    NameServer = 212.23.8.1,212.23.8.6
    O19 - User stylesheet: C:\WINDOWS\Web\win.def
    O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)


    "°Mike°" <> wrote in message
    news:...
    > Install HijackThis and post the contents of your
    > log here.
    >
    > HijackThis
    > http://mjc1.com/mirror/hjt/
    > http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    > http://209.133.47.12/~merijn/files/HijackThis.exe
    > http://aumha.org/downloads/hijackthis.zip
    > http://aumha.org/downloads/hijackthis.exe
    >
    >
    > On Sun, 29 Aug 2004 17:54:05 +0100, in
    > <cgt1n1$hpg$>
    > Scott Marshall scrawled:
    >
    >>Whenever i open IE v6, i get a pop up box asking me to enter a username
    >>and
    >>password to connect to adserver.adtech.de
    >>
    >>i have installed Spyware Doctor from PC tools and downloaded all the
    >>latest
    >>updates from Microsoft for Windows XP.
    >>
    >>i have also check my pc for viruses and have none, according to AVG,
    >>anyway.
    >>
    >>does anyone know how i can get rid of this dialogue box?
    >>
    >>many thanks
    >>
    >>scott
    >>

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Scott Marshall, Aug 30, 2004
    #3
  4. Scott Marshall

    °Mike° Guest

    On Mon, 30 Aug 2004 00:23:15 +0100, in
    <cgtogt$7a3$>
    Scott Marshall scrawled:

    >Please see the results of my Hijack This log below:
    >
    >Logfile of HijackThis v1.98.2
    >Scan saved at 00:16:58, on 30/08/2004
    >Platform: Windows XP SP2 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    >Running processes:


    <snip>

    >R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
    >http://acc.count-all.com/--/?ydtfs (obfuscated)


    >R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    >http://acc.count-all.com/--/?ydtfs (obfuscated)


    >R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
    >http://acc.count-all.com/--/?ydtfs (obfuscated)


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >http://acc.count-all.com/-/?ydtfs (obfuscated)


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    >http://acc.count-all.com/--/?ydtfs (obfuscated)


    >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://acc.count-all.com/-/?ydtfs about:blank
    >(obfuscated)


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    >http://acc.count-all.com/---/?ydtfs (obfuscated)


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    >http://acc.count-all.com/--/?ydtfs (obfuscated)


    Have HijackThis fix all of the above entries.


    >F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe


    Have HijackThis fix the above and delete the info32.exe file.


    >O17 - HKLM\System\CCS\Services\Tcpip\..\{1A3DC7E9-D6A7-40DC-9B8E-21A0D81AF5B4}:
    >NameServer = 212.23.8.1,212.23.8.6


    Unless the above IPs are from your network or ISP, have
    HijackThis fix the above.


    >O19 - User stylesheet: C:\WINDOWS\Web\win.def
    >O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)


    Have HijackThis fix the above.


    <snip>

    Run AT LEAST two of the following antivirus scanners.

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www3.ca.com/virusinfo/virusscan.aspx
    http://security.symantec.com/sscv6/default.asp
    http://www.pandasoftware.com/activescan/activescan.asp
    http://us.mcafee.com/root/mfs/default.asp


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 30, 2004
    #4
  5. Thanks for that. However, how do you delete the info32.exe file.

    i could not find it using windows explorer.


    "°Mike°" <> wrote in message
    news:...
    > On Mon, 30 Aug 2004 00:23:15 +0100, in
    > <cgtogt$7a3$>
    > Scott Marshall scrawled:
    >
    >>Please see the results of my Hijack This log below:
    >>
    >>Logfile of HijackThis v1.98.2
    >>Scan saved at 00:16:58, on 30/08/2004
    >>Platform: Windows XP SP2 (WinNT 5.01.2600)
    >>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >>
    >>Running processes:

    >
    > <snip>
    >
    >>R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
    >>http://acc.count-all.com/--/?ydtfs (obfuscated)

    >
    >>R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    >>http://acc.count-all.com/--/?ydtfs (obfuscated)

    >
    >>R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
    >>http://acc.count-all.com/--/?ydtfs (obfuscated)

    >
    >>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    >>http://acc.count-all.com/-/?ydtfs (obfuscated)

    >
    >>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    >>http://acc.count-all.com/--/?ydtfs (obfuscated)

    >
    >>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    >>http://acc.count-all.com/-/?ydtfs about:blank
    >>(obfuscated)

    >
    >>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    >>http://acc.count-all.com/---/?ydtfs (obfuscated)

    >
    >>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    >>http://acc.count-all.com/--/?ydtfs (obfuscated)

    >
    > Have HijackThis fix all of the above entries.
    >
    >
    >>F1 - win.ini:
    >>run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe

    >
    > Have HijackThis fix the above and delete the info32.exe file.
    >
    >
    >>O17 -
    >>HKLM\System\CCS\Services\Tcpip\..\{1A3DC7E9-D6A7-40DC-9B8E-21A0D81AF5B4}:
    >>NameServer = 212.23.8.1,212.23.8.6

    >
    > Unless the above IPs are from your network or ISP, have
    > HijackThis fix the above.
    >
    >
    >>O19 - User stylesheet: C:\WINDOWS\Web\win.def
    >>O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)

    >
    > Have HijackThis fix the above.
    >
    >
    > <snip>
    >
    > Run AT LEAST two of the following antivirus scanners.
    >
    > http://housecall.trendmicro.com/housecall/start_corp.asp
    > http://www3.ca.com/virusinfo/virusscan.aspx
    > http://security.symantec.com/sscv6/default.asp
    > http://www.pandasoftware.com/activescan/activescan.asp
    > http://us.mcafee.com/root/mfs/default.asp
    >
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Scott Marshall, Aug 30, 2004
    #5
  6. Scott Marshall

    °Mike° Guest

    Make sure that hidden files are shown. Open Windows
    Explorer and go to Tools / Folder Options / View.
    Check 'Show hidden files and folders'.


    On Mon, 30 Aug 2004 09:35:47 +0100, in
    <cguot3$ak5$>
    Scott Marshall scrawled:

    >Thanks for that. However, how do you delete the info32.exe file.
    >
    >i could not find it using windows explorer.


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 30, 2004
    #6
  7. Scott Marshall

    °Mike° Guest

    Please do NOT post binary attachments to this group.
    This is a TEXT ONLY newsgroup.

    Rescan your system with HijackThis and repost
    a fresh log.


    On Mon, 30 Aug 2004 21:14:27 +0100, in
    <ch01qo$f4h$>
    Scott Marshall scrawled:

    >i have tried all of the above and while my pc is now running
    >much faster, i still am unable to get rid of the pop up box
    >which i have attached for your info when i start explorer.
    >
    >is there anything else you can think of?
    >


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 31, 2004
    #7
  8. Please see new log below:

    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio
    Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Startup: AVG 6.0.lnk = C:\Program Files\Grisoft\AVG6\avgw.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
    5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet
    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    (PPSDKActiveXScanner.MainScreen) -
    http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{39CE4D8E-2380-4C19-A793-EF5074E5511E}:
    NameServer = 195.92.195.95 195.92.195.94
    O19 - User stylesheet: C:\WINDOWS\Web\win.def

    Many thanks




    "°Mike°" <> wrote in message
    news:...
    > Please do NOT post binary attachments to this group.
    > This is a TEXT ONLY newsgroup.
    >
    > Rescan your system with HijackThis and repost
    > a fresh log.
    >
    >
    > On Mon, 30 Aug 2004 21:14:27 +0100, in
    > <ch01qo$f4h$>
    > Scott Marshall scrawled:
    >
    >>i have tried all of the above and while my pc is now running
    >>much faster, i still am unable to get rid of the pop up box
    >>which i have attached for your info when i start explorer.
    >>
    >>is there anything else you can think of?
    >>

    >
    > <snip>
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Scott Marshall, Aug 31, 2004
    #8
  9. Scott Marshall

    °Mike° Guest

    This log is incomplete. If you want help, post
    the FULL, up to date contents of your HJT log.


    On Tue, 31 Aug 2004 20:39:36 +0100, in
    <ch2k5a$dde$>
    Scott Marshall scrawled:

    >Please see new log below:


    <snip butchered log>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 31, 2004
    #9
  10. sorry, please see log below:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:59:21, on 31/08/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\Program Files\Caere\OmniPagePro10.0\opware32.exe
    C:\Program Files\PCI Audio Applications\Mixer.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Downloads\HijackThis19802.exe
    C:\WINDOWS\System32\dllhost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.newsnow.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.wanadoo.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Wanadoo
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
    Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [OmniPage] C:\Program
    Files\Caere\OmniPagePro10.0\opware32.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio
    Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Startup: AVG 6.0.lnk = C:\Program Files\Grisoft\AVG6\avgw.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
    5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet
    Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
    (PPSDKActiveXScanner.MainScreen) -
    http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
    http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{39CE4D8E-2380-4C19-A793-EF5074E5511E}:
    NameServer = 195.92.195.95 195.92.195.94
    O19 - User stylesheet: C:\WINDOWS\Web\win.def

    many thanks

    scott



    "°Mike°" <> wrote in message
    news:...
    > This log is incomplete. If you want help, post
    > the FULL, up to date contents of your HJT log.
    >
    >
    > On Tue, 31 Aug 2004 20:39:36 +0100, in
    > <ch2k5a$dde$>
    > Scott Marshall scrawled:
    >
    >>Please see new log below:

    >
    > <snip butchered log>
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Scott Marshall, Aug 31, 2004
    #10
  11. Scott Marshall

    °Mike° Guest

    On Tue, 31 Aug 2004 21:00:57 +0100, in
    <ch2ldb$8if$>
    Scott Marshall scrawled:

    >sorry, please see log below:
    >
    >Logfile of HijackThis v1.98.2
    >Scan saved at 20:59:21, on 31/08/2004
    >Platform: Windows XP SP2 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    >Running processes:


    <snip>

    >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://www.newsnow.co.uk/


    Unless the above is your preferred home page, have
    HijackThis fix it.


    >O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon


    I cannot see anything in the log that would initiate that logon
    prompt, so temporarily disable the above and see if that makes
    a difference.

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 31, 2004
    #11
  12. Thanks the problem has been sorted.

    scott


    "°Mike°" <> wrote in message
    news:...
    > On Tue, 31 Aug 2004 21:00:57 +0100, in
    > <ch2ldb$8if$>
    > Scott Marshall scrawled:
    >
    >>sorry, please see log below:
    >>
    >>Logfile of HijackThis v1.98.2
    >>Scan saved at 20:59:21, on 31/08/2004
    >>Platform: Windows XP SP2 (WinNT 5.01.2600)
    >>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >>
    >>Running processes:

    >
    > <snip>
    >
    >>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >>http://www.newsnow.co.uk/

    >
    > Unless the above is your preferred home page, have
    > HijackThis fix it.
    >
    >
    >>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

    >
    > I cannot see anything in the log that would initiate that logon
    > prompt, so temporarily disable the above and see if that makes
    > a difference.
    >
    > <snip>
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Scott Marshall, Aug 31, 2004
    #12
  13. Scott Marshall

    °Mike° Guest

    Was it the synchronisation manager?


    On Tue, 31 Aug 2004 21:17:42 +0100, in
    <ch2mcp$sa9$>
    Scott Marshall scrawled:

    >Thanks the problem has been sorted.
    >
    >scott
    >
    >
    >"°Mike°" <> wrote in message
    >news:...


    <snip>

    >>>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

    >>
    >> I cannot see anything in the log that would initiate that logon
    >> prompt, so temporarily disable the above and see if that makes
    >> a difference.
    >>

    >



    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 31, 2004
    #13
  14. No the problem was www.newsnow.co.uk but i deleted the synchronisation
    manager anyway.

    if i need it again, i will reinstall the software


    "°Mike°" <> wrote in message
    news:...
    > Was it the synchronisation manager?
    >
    >
    > On Tue, 31 Aug 2004 21:17:42 +0100, in
    > <ch2mcp$sa9$>
    > Scott Marshall scrawled:
    >
    >>Thanks the problem has been sorted.
    >>
    >>scott
    >>
    >>
    >>"°Mike°" <> wrote in message
    >>news:...

    >
    > <snip>
    >
    >>>>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    >>>
    >>> I cannot see anything in the log that would initiate that logon
    >>> prompt, so temporarily disable the above and see if that makes
    >>> a difference.
    >>>

    >>

    >
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Scott Marshall, Aug 31, 2004
    #14
  15. > No the problem was www.newsnow.co.uk but i deleted the synchronisation
    > manager anyway.
    >
    > if i need it again, i will reinstall the software
    >
    >
    > "°Mike°" <> wrote in message
    > news:...
    >> Was it the synchronisation manager?
    >>
    >>
    >> On Tue, 31 Aug 2004 21:17:42 +0100, in
    >> <ch2mcp$sa9$>
    >> Scott Marshall scrawled:
    >>
    >>>Thanks the problem has been sorted.
    >>>
    >>>scott
    >>>
    >>>
    >>>"°Mike°" <> wrote in message
    >>>news:...

    >>
    >> <snip>
    >>
    >>>>>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    >>>>
    >>>> I cannot see anything in the log that would initiate that logon
    >>>> prompt, so temporarily disable the above and see if that makes
    >>>> a difference.
    >>>>
    >>>

    >>
    >>
    >> --
    >> Basic computer maintenance
    >> http://uk.geocities.com/personel44/maintenance.html

    >
    >
     
    Scott Marshall, Aug 31, 2004
    #15
  16. Scott Marshall

    °Mike° Guest

    On Tue, 31 Aug 2004 21:34:31 +0100, in
    <ch2nc9$1r2$>
    Scott Marshall scrawled:

    >No the problem was www.newsnow.co.uk


    Hmm, that's odd. I don't see anything untoward in the
    source code for that page, and I don't get any popups,
    or logon scripts when I visit it. Oh, well.

    >but i deleted the synchronisation manager anyway.
    >if i need it again, i will reinstall the software


    The Synchronisation Manager is part of Windows.
    Unless you synchronise offline content regularly,
    you don't need it. If you do, just run mobsync.exe,
    press the 'Setup' button and choose your settings.

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Aug 31, 2004
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CPU Rookie

    Novice needs help with Adserver.Adtech.de

    CPU Rookie, Apr 27, 2008, in forum: General Computer Support
    Replies:
    3
    Views:
    1,225
    CPU Rookie
    May 10, 2008
Loading...

Share This Page