Pop ups

Discussion in 'Computer Support' started by ducaannalise@gmail.com, May 24, 2006.

  1. Guest

    I have a problem...every time i open my brower...these pop ups open ups

    http://amaena.com/securityworm5/?aid=exus2&lid=8a

    http://www.savi-ngs.com/tau.html

    there are more but there are few of them...

    can some one help me to remove them please...

    i scan my pc from spyware every day and still this problem keeps on
    happening... its quite annoying becuase it doesn;t lets you freely
    browse the net coz every second a new pop up will appear...

    Lisa
     
    , May 24, 2006
    #1
    1. Advertising

  2. pcbutts1 Guest

    Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows Defender (Beta2)
    http://www.microsoft.com/athome/security/spyware/software/default.mspx


    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it. Ignore anyone especially the troll Leythos, who will tag
    along a nonsense post to this message, who tells you to post it elsewhere. I
    need to see it not him.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    >I have a problem...every time i open my brower...these pop ups open ups
    >
    > http://amaena.com/securityworm5/?aid=exus2&lid=8a
    >
    > http://www.savi-ngs.com/tau.html
    >
    > there are more but there are few of them...
    >
    > can some one help me to remove them please...
    >
    > i scan my pc from spyware every day and still this problem keeps on
    > happening... its quite annoying becuase it doesn;t lets you freely
    > browse the net coz every second a new pop up will appear...
    >
    > Lisa
    >
     
    pcbutts1, May 24, 2006
    #2
    1. Advertising

  3. wrote:

    > I have a problem...every time i open my brower...these pop ups open ups


    If you are using Firefox (that you posted with), do you have it set to
    block popups?

    > http://amaena.com/securityworm5/?aid=exus2&lid=8a


    Ah. Goad to purchase anti-spyware software. Not good. You're infected
    with something.

    > http://www.savi-ngs.com/tau.html


    Hard to tell what this one is doing. The link just redirects to a
    JavaScript script.

    > there are more but there are few of them...
    >
    > can some one help me to remove them please...
    >
    > i scan my pc from spyware every day


    Would help if you mentioned all the anti-spyware apps you have used.

    > and still this problem keeps on happening... its quite annoying
    > becuase it doesn;t lets you freely browse the net


    ...the World Wide Web

    > coz every second a new pop up will appear...


    http://k75s.home.att.net/tips.html#spyware

    --
    -bts
    -Warning: I brake for lawn deer
     
    Beauregard T. Shagnasty, May 24, 2006
    #3
  4. Guest

    hi pcbutts1

    i downloaded the microsoft windows defender...and still the pop up
    keeps on appearing...then i downloaded the Hijack this and this it
    following log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:32:10 AM, on 5/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\defender.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Annalise\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = about:blank
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}
    - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program
    Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
    Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [AdobeReaderPro] msnserv.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe]
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware]
    c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [defender] C:\WINDOWS\defender.exe
    O4 - HKLM\..\Run: [VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program
    Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    /embedding
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program
    Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe"
    -minimize
    O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserv.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe
    -trayboot
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF -
    res://C:\Program Files\Adobe\Acrobat
    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program
    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -
    res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
    C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite -
    {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
    Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
    Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146068026334
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146847603642
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
    - http://www.popcap.com/games/popcaploader_v6.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{800A9892-689C-47F3-90C7-6BC9AF63848C}:
    NameServer = 194.158.37.196,194.158.37.211
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{B622FF12-AC1D-4AC3-BE6F-D8A8CFD9FC01}:
    NameServer = 194.158.37.196,194.158.37.211
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{EF02F72A-2528-46B4-9128-EDCF475E9D39}:
    NameServer = 194.158.37.196 194.158.37.211
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
    C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Dynamic Directory -
    C:\WINDOWS\system32\hrnm0551e.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
    Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program
    Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Command Service (cmdService) - Unknown owner -
    C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common
    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner -
    C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia
    Licensing.exe
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. -
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
    c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
    McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
    Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program
    Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program
    Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\System32\nvsvc32.exe

    10x for the help
     
    , May 25, 2006
    #4
  5. pcbutts1 Guest

    Have HJT fix the following lines by placing a check in the box next to each
    line then clicking on the fix checked button on the bottom.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = about:blank
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Dynamic Directory -
    C:\WINDOWS\system32\hrnm0551e.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Command Service (cmdService) - Unknown owner -
    C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
    O23 - Service: Network Monitor - Unknown owner - C:\Program
    Files\Network Monitor\netmon.exe (file missing)



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    <> wrote in message
    news:...
    > hi pcbutts1
    >
    > i downloaded the microsoft windows defender...and still the pop up
    > keeps on appearing...then i downloaded the Hijack this and this it
    > following log:
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 9:32:10 AM, on 5/25/2006
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
     
    pcbutts1, May 25, 2006
    #5
  6. Paulos Guest

    Hi Ive got one of these lines in my HJT scan, can you tell me any more
    information about it?

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    Cheers Paulos



    "pcbutts1" <> wrote in message
    news:...
    > Have HJT fix the following lines by placing a check in the box next to
    > each line then clicking on the fix checked button on the bottom.
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > = about:blank
    > O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    > "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    > O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    > "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    > O20 - Winlogon Notify: Dynamic Directory -
    > C:\WINDOWS\system32\hrnm0551e.dll
    > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    > O23 - Service: Command Service (cmdService) - Unknown owner -
    > C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
    > O23 - Service: Network Monitor - Unknown owner - C:\Program
    > Files\Network Monitor\netmon.exe (file missing)
    >
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > <> wrote in message
    > news:...
    >> hi pcbutts1
    >>
    >> i downloaded the microsoft windows defender...and still the pop up
    >> keeps on appearing...then i downloaded the Hijack this and this it
    >> following log:
    >>
    >> Logfile of HijackThis v1.99.1
    >> Scan saved at 9:32:10 AM, on 5/25/2006
    >> Platform: Windows XP SP2 (WinNT 5.01.2600)
    >> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >>

    >
    >
     
    Paulos, May 25, 2006
    #6
  7. pcbutts1 Guest

    It's part of the new MS Windows Genuine Advantage. It's a legitimate program
    but MS is having problems with it. If it is removed it will be reinstalled
    with a current updated version during the next windows update.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Paulos" <> wrote in message
    news:npodg.963$...
    > Hi Ive got one of these lines in my HJT scan, can you tell me any more
    > information about it?
    >
    > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    >
    > Cheers Paulos
    >
    >
    >
    > "pcbutts1" <> wrote in message
    > news:...
    >> Have HJT fix the following lines by placing a check in the box next to
    >> each line then clicking on the fix checked button on the bottom.
    >>
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    >> = about:blank
    >> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    >> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    >> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    >> "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    >> O20 - Winlogon Notify: Dynamic Directory -
    >> C:\WINDOWS\system32\hrnm0551e.dll
    >> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    >> O23 - Service: Command Service (cmdService) - Unknown owner -
    >> C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
    >> O23 - Service: Network Monitor - Unknown owner - C:\Program
    >> Files\Network Monitor\netmon.exe (file missing)
    >>
    >>
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> <> wrote in message
    >> news:...
    >>> hi pcbutts1
    >>>
    >>> i downloaded the microsoft windows defender...and still the pop up
    >>> keeps on appearing...then i downloaded the Hijack this and this it
    >>> following log:
    >>>
    >>> Logfile of HijackThis v1.99.1
    >>> Scan saved at 9:32:10 AM, on 5/25/2006
    >>> Platform: Windows XP SP2 (WinNT 5.01.2600)
    >>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >>>

    >>
    >>

    >
    >
     
    pcbutts1, May 25, 2006
    #7
  8. KTI Guest

    I have the same problem. Can You please help me too! My Hijack This
    logfile is:
    Logfile of HijackThis v1.99.1
    Scan saved at 18:36:24, on 1.06.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\WINDOWS\system32\a8039c62.exe
    C:\Program Files\EMS Free Surfer Companion\fs30.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Priit\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://neti.ee/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
    prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
    prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    prosearching.com
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Apps\MSN Toolbar\MSN
    Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
    C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
    Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px]
    C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    Access\MediaAccK.exe
    O4 - HKLM\..\Run: [a8039c62.exe] C:\WINDOWS\system32\a8039c62.exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\EMS Free Surfer
    Companion\fs30.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - HKCU\..\Run: [a8039c62.exe] C:\Documents and Settings\Priit\Local
    Settings\Application Data\a8039c62.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List -
    res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print -
    res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program
    Files\EMS Free Surfer Companion\fslauncher.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E}
    - C:\Program Files\EMS Free Surfer Companion\FS30.exe
    O9 - Extra 'Tools' menuitem: Free Surfer -
    {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free
    Surfer Companion\FS30.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet
    Group Hardware Control) -
    https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112617393817
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://axis.ivmv.ee/activex/AxisCamControl.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
    -
    http://www.msngamecentre.co.uk/online2/MSN_INTL_UK/chuzzle/popcaploader_v6.cab
    O20 - Winlogon Notify: ModuleUsage -
    C:\WINDOWS\system32\n02u0af9ed2.dll
    O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common
    Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
    Symantec Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
    Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common
    Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
    C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe


    pcbutts1 a écrit :

    > Have HJT fix the following lines by placing a check in the box next to each
    > line then clicking on the fix checked button on the bottom.
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > = about:blank
    > O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    > "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    > O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    > "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    > O20 - Winlogon Notify: Dynamic Directory -
    > C:\WINDOWS\system32\hrnm0551e.dll
    > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    > O23 - Service: Command Service (cmdService) - Unknown owner -
    > C:\WINDOWS\QW5uYWxpc2UgRHVjYQ\command.exe (file missing)
    > O23 - Service: Network Monitor - Unknown owner - C:\Program
    > Files\Network Monitor\netmon.exe (file missing)
    >
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > <> wrote in message
    > news:...
    > > hi pcbutts1
    > >
    > > i downloaded the microsoft windows defender...and still the pop up
    > > keeps on appearing...then i downloaded the Hijack this and this it
    > > following log:
    > >
    > > Logfile of HijackThis v1.99.1
    > > Scan saved at 9:32:10 AM, on 5/25/2006
    > > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    > >
     
    KTI, Jun 1, 2006
    #8
  9. Leythos Guest

    In article <>,
    says...
    >
    > I have the same problem. Can You please help me too! My Hijack This
    > logfile is:
    > Logfile of HijackThis v1.99.1
    > Scan saved at 18:36:24, on 1.06.2006
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:


    Why didn't you just post the HJ Log to one of the HiJack forums where
    you would get a response in just a few minutes - which is all that butts
    is going to do - he's going to snip your log, paste it into one of the
    online HJ forums, wait for a response, and then past it back here for
    you to read.

    --


    remove 999 in order to email me
     
    Leythos, Jun 1, 2006
    #9
  10. Guest

    "KTI" <> wrote:

    |>I have the same problem. Can You please help me too! My Hijack This
    |>logfile is:
    |>Logfile of HijackThis v1.99.1

    Post it to http://hijackthis.de/en you've got something called
    medicaccess that should be removed.

    --
    http://jesuspan.com/
     
    , Jun 1, 2006
    #10
  11. pcbutts1 Guest

    Have HJT fix the following lines by placing a check in the box next to each
    line and clicking on the fix checked button on the bottom.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://neti.ee/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
    prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
    prosearching.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    prosearching.com
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    Access\MediaAccK.exe
    O4 - HKLM\..\Run: [a8039c62.exe] C:\WINDOWS\system32\a8039c62.exe
    O4 - HKCU\..\Run: [a8039c62.exe] C:\Documents and Settings\Priit\Local
    Settings\Application Data\a8039c62.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O20 - Winlogon Notify: ModuleUsage -
    C:\WINDOWS\system32\n02u0af9ed2.dll
    O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll

    Download killbox from here http://www.pcbutts1.com/downloads/killbox.zip
    cut and paste the below files into killbox, select delete on reboot then
    click on the red X to execute the command. Reboot. Next go to www.java.com
    and update your version of Java, yours is old and unpatched it is vulnerable
    to malware attacks.

    C:\Program Files\Media Access\MediaAccK.exe
    C:\WINDOWS\system32\a8039c62.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\WINDOWS\SYSTEM32\winyqq32.dll
    C:\WINDOWS\system32\n02u0af9ed2.dll
    C:\Documents and Settings\Priit\Local Settings\Application Data\a8039c62.exe

    When done post another HJT log. The poster called Leythos is a troll so
    ignore it.


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "KTI" <> wrote in message
    news:...
    I have the same problem. Can You please help me too! My Hijack This
    logfile is:
    Logfile of HijackThis v1.99.1
    Scan saved at 18:36:24, on 1.06.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
     
    pcbutts1, Jun 2, 2006
    #11
  12. KTI Guest

    My new HJT log is:
    Logfile of HijackThis v1.99.1
    Scan saved at 13:09:36, on 2.06.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\EMS Free Surfer Companion\fs30.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Priit\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://neti.ee/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Apps\MSN Toolbar\MSN
    Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
    C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
    Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px]
    C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\EMS Free Surfer
    Companion\fs30.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    Access\MediaAccK.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List -
    res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print -
    res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program
    Files\EMS Free Surfer Companion\fslauncher.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E}
    - C:\Program Files\EMS Free Surfer Companion\FS30.exe
    O9 - Extra 'Tools' menuitem: Free Surfer -
    {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free
    Surfer Companion\FS30.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) -
    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet
    Group Hardware Control) -
    https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112617393817
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://axis.ivmv.ee/activex/AxisCamControl.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
    -
    http://www.msngamecentre.co.uk/online2/MSN_INTL_UK/chuzzle/popcaploader_v6.cab
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\enpsl1771.dll
    (file missing)
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\guard.tmp
    (file missing)
    O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common
    Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
    Symantec Corporation - C:\Program Files\Common Files\Symantec
    Shared\ccPwdSvc.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
    Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common
    Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec
    Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
    C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe


    pcbutts1 a écrit :

    > Have HJT fix the following lines by placing a check in the box next to each
    > line and clicking on the fix checked button on the bottom.
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > = prosearching.com
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > prosearching.com
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://neti.ee/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
    > prosearching.com
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > = prosearching.com
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > prosearching.com
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > prosearching.com
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
    > prosearching.com
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    > prosearching.com
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    > prosearching.com
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    > prosearching.com
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    > prosearching.com
    > O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    > Access\MediaAccK.exe
    > O4 - HKLM\..\Run: [a8039c62.exe] C:\WINDOWS\system32\a8039c62.exe
    > O4 - HKCU\..\Run: [a8039c62.exe] C:\Documents and Settings\Priit\Local
    > Settings\Application Data\a8039c62.exe
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    > Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    > O20 - Winlogon Notify: ModuleUsage -
    > C:\WINDOWS\system32\n02u0af9ed2.dll
    > O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll
    >
    > Download killbox from here http://www.pcbutts1.com/downloads/killbox.zip
    > cut and paste the below files into killbox, select delete on reboot then
    > click on the red X to execute the command. Reboot. Next go to www.java.com
    > and update your version of Java, yours is old and unpatched it is vulnerable
    > to malware attacks.
    >
    > C:\Program Files\Media Access\MediaAccK.exe
    > C:\WINDOWS\system32\a8039c62.exe
    > C:\Program Files\Media Access\MediaAccess.exe
    > C:\WINDOWS\SYSTEM32\winyqq32.dll
    > C:\WINDOWS\system32\n02u0af9ed2.dll
    > C:\Documents and Settings\Priit\Local Settings\Application Data\a8039c62.exe
    >
    > When done post another HJT log. The poster called Leythos is a troll so
    > ignore it.
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "KTI" <> wrote in message
    > news:...
    > I have the same problem. Can You please help me too! My Hijack This
    > logfile is:
    > Logfile of HijackThis v1.99.1
    > Scan saved at 18:36:24, on 1.06.2006
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
     
    KTI, Jun 2, 2006
    #12
  13. KTI Guest

    Everything seems to be OK. Pop-ups are gone. Thank you for the help and
    time!
    KTI a écrit :

    > My new HJT log is:
    > Logfile of HijackThis v1.99.1
    > Scan saved at 13:09:36, on 2.06.2006
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\WINDOWS\system32\ezSP_Px.exe
    > C:\Program Files\EMS Free Surfer Companion\fs30.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\Program Files\BitLord\BitLord.exe
    > C:\Program Files\Norton AntiVirus\navapsvc.exe
    > C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    > C:\WINDOWS\system32\svchost.exe
    > C:\Program Files\Common Files\Symantec Shared\Security
    > Center\SymWSC.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\msiexec.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Documents and Settings\Priit\Desktop\HijackThis.exe
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://neti.ee/
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    > O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    > C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    > C:\Program Files\MSN Apps\MSN Toolbar\MSN
    > Toolbar\01.02.5000.1021\en-gb\msntb.dll
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
    > - C:\Program Files\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
    > C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
    > Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    > O4 - HKLM\..\Run: [ezShieldProtector for Px]
    > C:\WINDOWS\system32\ezSP_Px.exe
    > O4 - HKLM\..\Run: [freesurfer] C:\Program Files\EMS Free Surfer
    > Companion\fs30.exe
    > O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    > Access\MediaAccK.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    > Files\Java\jre1.5.0_07\bin\jusched.exe
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    > /background
    > O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    > O8 - Extra context menu item: E&xport to Microsoft Excel -
    > res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    > O8 - Extra context menu item: Easy-WebPrint Add To Print List -
    > res://C:\Program
    > Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    > O8 - Extra context menu item: Easy-WebPrint High Speed Print -
    > res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    > O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
    > Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    > O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
    > Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    > O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program
    > Files\EMS Free Surfer Companion\fslauncher.htm
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    > Files\Java\jre1.5.0_07\bin\ssv.dll
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E}
    > - C:\Program Files\EMS Free Surfer Companion\FS30.exe
    > O9 - Extra 'Tools' menuitem: Free Surfer -
    > {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free
    > Surfer Companion\FS30.exe
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\msmsgs.exe
    > O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    > http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c18.cab
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    > Advantage Validation Tool) -
    > http://go.microsoft.com/fwlink/?linkid=39204
    > O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet
    > Group Hardware Control) -
    > https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    > -
    > http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112617393817
    > O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    > http://axis.ivmv.ee/activex/AxisCamControl.ocx
    > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    > (MsnMessengerSetupDownloadControl Class) -
    > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    > http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    > O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
    > -
    > http://www.msngamecentre.co.uk/online2/MSN_INTL_UK/chuzzle/popcaploader_v6.cab
    > O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\enpsl1771.dll
    > (file missing)
    > O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\guard.tmp
    > (file missing)
    > O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll
    > O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common
    > Files\BOONTY Shared\Service\Boonty.exe
    > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
    > - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
    > Symantec Corporation - C:\Program Files\Common Files\Symantec
    > Shared\ccPwdSvc.exe
    > O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    > C:\Program Files\iPod\bin\iPodService.exe
    > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    > Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    > O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
    > Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
    > Corporation - C:\WINDOWS\system32\nvsvc32.exe
    > O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common
    > Files\Sony Shared\AVLib\Pacsptisvr.exe
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec
    > Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -
    > C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\Security
    > Center\SymWSC.exe
    >
    >
    > pcbutts1 a écrit :
    >
    > > Have HJT fix the following lines by placing a check in the box next to each
    > > line and clicking on the fix checked button on the bottom.
    > >
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > > = prosearching.com
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > > prosearching.com
    > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > > http://neti.ee/
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
    > > prosearching.com
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    > > = prosearching.com
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    > > prosearching.com
    > > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > > prosearching.com
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
    > > prosearching.com
    > > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    > > prosearching.com
    > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    > > prosearching.com
    > > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    > > prosearching.com
    > > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
    > > prosearching.com
    > > O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    > > Access\MediaAccK.exe
    > > O4 - HKLM\..\Run: [a8039c62.exe] C:\WINDOWS\system32\a8039c62.exe
    > > O4 - HKCU\..\Run: [a8039c62.exe] C:\Documents and Settings\Priit\Local
    > > Settings\Application Data\a8039c62.exe
    > > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > > C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    > > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    > > Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    > > O20 - Winlogon Notify: ModuleUsage -
    > > C:\WINDOWS\system32\n02u0af9ed2.dll
    > > O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll
    > >
    > > Download killbox from here http://www.pcbutts1.com/downloads/killbox.zip
    > > cut and paste the below files into killbox, select delete on reboot then
    > > click on the red X to execute the command. Reboot. Next go to www.java.com
    > > and update your version of Java, yours is old and unpatched it is vulnerable
    > > to malware attacks.
    > >
    > > C:\Program Files\Media Access\MediaAccK.exe
    > > C:\WINDOWS\system32\a8039c62.exe
    > > C:\Program Files\Media Access\MediaAccess.exe
    > > C:\WINDOWS\SYSTEM32\winyqq32.dll
    > > C:\WINDOWS\system32\n02u0af9ed2.dll
    > > C:\Documents and Settings\Priit\Local Settings\Application Data\a8039c62.exe
    > >
    > > When done post another HJT log. The poster called Leythos is a troll so
    > > ignore it.
    > >
    > >
    > > --
    > >
    > >
    > > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > > NEW Embedded system W/Linux. We now sell DVR cards.
    > > See it all at http://www.seedsv.com/products.htm
    > > Sharpvision simply the best http://www.seedsv.com
    > >
    > >
    > >
    > > "KTI" <> wrote in message
    > > news:...
    > > I have the same problem. Can You please help me too! My Hijack This
    > > logfile is:
    > > Logfile of HijackThis v1.99.1
    > > Scan saved at 18:36:24, on 1.06.2006
    > > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
     
    KTI, Jun 2, 2006
    #13
  14. pcbutts1 Guest

    Your log is still not completely clean. Have HJT this fix these lines

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://neti.ee/
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media
    Access\MediaAccK.exe
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\enpsl1771.dll
    (file missing)
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\guard.tmp
    (file missing)
    O20 - Winlogon Notify: winyqq32 - C:\WINDOWS\SYSTEM32\winyqq32.dll

    Use Killbox again to remove these files. Use the delete on reboot option

    C:\WINDOWS\SYSTEM32\winyqq32.dll
    C:\Program Files\Media Access

    Reboot then post another log.



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "KTI" <> wrote in message
    news:...
    My new HJT log is:
    Logfile of HijackThis v1.99.1
    Scan saved at 13:09:36, on 2.06.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
     
    pcbutts1, Jun 2, 2006
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    623
    Moz Champion
    Dec 30, 2004
  2. John

    pop-ups?

    John, Feb 1, 2005, in forum: Firefox
    Replies:
    32
    Views:
    3,276
    Roland
    Mar 8, 2005
  3. joe doe
    Replies:
    2
    Views:
    963
    ..brian..
    Mar 3, 2005
  4. Hendrik Maryns

    pop-ups problem

    Hendrik Maryns, May 10, 2005, in forum: Firefox
    Replies:
    5
    Views:
    642
    Moz Champion
    May 14, 2005
  5. jdimester

    UPS service won't start/no UPS tab in Power Options

    jdimester, Oct 24, 2007, in forum: Computer Support
    Replies:
    6
    Views:
    11,571
    moc.hooha
    Jan 23, 2010
Loading...

Share This Page