"Click YES to complete your download"

Discussion in 'Computer Support' started by Warren Davies, Jun 5, 2005.

  1. I have mailed the group before and had lots of advice from differnet sources
    about tremoving this annoying pop-up. It claims ro be from Microsoft Interet
    Explorer, and the window skimply says:"Click YES to complete your download"
    This is a copy of my HijackThis log if anyone can help pleeeeeeeeese!

    Logfile of HijackThis v1.99.1
    Scan saved at 19:05:52, on 04/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\uwmxzifr.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Documents and Settings\Warren\Desktop\HijackThis.exe

    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} -
    C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {B803BD78-4FBA-4F43-B35C-85C9351F117F} - (no file)
    O2 - BHO: (no name) - {BE9EC7B2-4962-464C-91EF-BC533C3B1E0A} - (no file)
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O2 - BHO: EpsonToolBandKicker Class -
    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON
    Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
    O3 - Toolbar: (no name) - {47A54355-D32A-4113-BA60-7E8AFB9E4DE5} - (no file)
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} -
    C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
    C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [eshvripzk] C:\WINDOWS\uwmxzifr.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\Program Files\Grisoft\AVG Free\avgemc.exe
    O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program
    Files\Acronis\TrueImage\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common
    Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay
    Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus
    Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
    "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
    /minimized
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    present
    O6 - HKCU\Software\Policies\Microsoft\Internet
    Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: &Dictionary -
    http://www.ezreference.com/_/ie-com-p3.htm
    O8 - Extra context menu item: &eBay Search - res://C:\Program
    Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Encyclopedia -
    http://www.ezreference.com/_/ie-com-e-p3.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: eBay - Homepage -
    {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program
    Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
    http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup
    Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093160695906
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
    http://toolbar.google.com/data/GoogleActivate.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{49F67BD8-04DE-428E-8E71-AD800C68562C}:
    NameServer = 195.92.195.94 195.92.195.95
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - Unknown owner -
    C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    Warren Davies, Jun 5, 2005
    #1
    1. Advertising

  2. Warren Davies

    Richard Guest

    "Warren Davies" <> wrote in message
    news:d7v6j8$5ga$...
    > I have mailed the group before and had lots of advice from differnet

    sources
    > about tremoving this annoying pop-up. It claims ro be from Microsoft

    Interet
    > Explorer, and the window skimply says:"Click YES to complete your

    download"
    > This is a copy of my HijackThis log if anyone can help pleeeeeeeeese!
    >

    <snip>
    Paste your log file into this page:
    http://hijackthis.de/index.php?langselect=english and click on analyse.
    There are several suspicious entries. Google for their file names.
    Richard, Jun 5, 2005
    #2
    1. Advertising

  3. Warren Davies

    Shep© Guest

    On Sun, 5 Jun 2005 16:43:37 +0100 If I have seen farther it is because
    I have stood on the shoulder of giants "Warren Davies"
    <> wrote :

    >I have mailed the group before and had lots of advice from differnet sources
    >about tremoving this annoying pop-up. It claims ro be from Microsoft Interet
    >Explorer, and the window skimply says:"Click YES to complete your download"
    >This is a copy of my HijackThis log if anyone can help pleeeeeeeeese!


    http://www.geocities.com/sheppola/secure.html


    --
    Free Windows/PC help,
    http://www.geocities.com/sheppola/trouble.html
    Shep©, Jun 6, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page