- Being pestered by popups / word lastig gevallen door popups.
- Posted by Martijn on November 1st, 2004
I'm being pestered by popups. Some adware installed on my PC launches
an Advertising_Loading_Window and this launches ads at a regular
interval. Running Adsgone popup software only works partially. Adaware
and Spybot S&D don't work.
Below is my HijackThis log.
Can anyone here help? Thank you!
Ik word lastig gevallen door popups. Adware op mijn PC lanceert een
Advertising_Loading_Window en deze lanceert reclame popups zo nu en
dan. Met Adsgone kan ik een deel van de popups afvangen maar niet
alle. Adaware en Spybot S&D helpen totaal niet.
Onderstaand staat mijn HijackThis log.
Kan iemand helpen? Bij voorbaat dank!
Logfile of HijackThis v1.97.7
Scan saved at 1:57:12 AM, on 11/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE
C:\WINNT\iexplore.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tinus\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = 24.232.241.94:80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel
Mouse\5.3\MOUSE32A.EXE
O4 - HKLM\..\Run: [Explorer] C:\WINNT\iexplore.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program
Files\Picasa\PicasaMediaDetector.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program
Files\AdsGone\adsgone.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03. EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5}
(download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF5A01-BCC6-42ED-8274-319BB3A40CBE}:
NameServer = 194.109.104.104,194.109.6.66
- Posted by Toolman Tim on November 1st, 2004
Yeah? You seem to have a virus too...
http://securityresponse.symantec.com...r.exploit.html
--
"If there are no dogs in Heaven, then when I die, I want to go where
THEY went." ~Will Rogers~
- Posted by Max of Mad on November 1st, 2004
Martijn wrote:
Try removing the DPF's.
The first one looks like it might do a redirect.. The POP might have
something to do with it.
The second one looks like it is for MSN messenger.. It might be ok to
leave this one.
The third one looks ok too. If you don't use online storage, then
delete it.
The last one looks fishy. It looks like it forces your computer to use
new name servers.
Update Spybot. Use the latest version and make sure you have the latest
updates.
Try AdAware 6 as well.
-Posted to 24hoursupport.helpdesk-
- Posted by CalamityKen on November 1st, 2004
Martijn typed:
<snip good stuff>
Pop ups come from many places.
Download the latest v1.98.2 version of HijackThis:
http://aumha.org/downloads/hijackthis.exe
or
http://tools.radiosplace.com/HijackThis.exe
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on
C: then right click and select New then Folder and name it HJT.
Move HijackThis.exe into this folder as you do not want the HijackThis
backup logs all over your My Documents folder.
When you run HijackThis from C:\HJT folder by double clicking on it and have
it "Fixed checked" it will create a backup file of modifications to use if
restore is necessary.
Go to Add/Remove Programs and uninstall AdsGone.
The Google Toolbar is a much better pop up stopper and uses less system
resources.
Read further for more ad busting tips.
Big system resource waster and is un-necessary.
Install the prevention protection below and help your friends from being
infected on the Internet.
Empty the Recycle Bin.
The Temp folders should be cleaned out periodically as installation programs
and hijack programs leave a lot of junk there.
Index.dat Suite helps with this.
http://support.it-mate.co.uk/?mode=P...index.datsuite
Insure that Index.dat Suite is Setup to empty the Temp folders especially
C:\Documents and Settings\{user}\Local Settings\Temp
then run the Find and create the run.bat and reboot to have it remove what
it finds.
{user} is the tinus User Account ID.
Removal of infections and prevention protection should be installed on ALL
User Account IDS.
Download and install WinPatrol.
http://www.winpatrol.com
Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm
Install IE-SPYAD then run the install.bat in the ie-spyad folder and
SpywareBlaster then keep them up to date as today's Internet is full
of nasty infections.
https://netfiles.uiuc.edu/ehowes/www...ce.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html
Install an ad blocking HOSTS file. I use hpHOSTS file.
http://webpages.charter.net/hpguru/hosts/hosts.html
Review the README for installation information.
--
YoKenny
- Posted by Trai' La' Trash on November 1st, 2004
Clean the virus you have dummy
http://securityresponse.symantec.com...r.exploit.html
Martijn <mj@dsv.nl> wrote:
- Posted by Rudolpho on November 1st, 2004
Max of Mad schreef:
<KNIP>
<KNIP>
Dit zijn de DNS servers van XS4all. Die zijn zeker niet verdacht! Zie:
http://www.xs4all.nl/helpdesk/algemeen/servers.html
--
Rudolpho
- Posted by Lady Chatterly on November 1st, 2004
In article <c74782c69b524a608397c532c36b6aa8@news-text.bhandari.pvt.np> kadbitcha <nospam@rainx.cjb.net> wrote:
A thief believes everybody steals.
--
Lady Chatterly
"You need to adjust your code a bit Lady C. Looks like you have the
word "you: caught in a loop. I makes the above statement
incomprehensable." -- Crawdad
- Posted by Lady Chatterly on November 1st, 2004
In article <75d9cc7e44bf4018a1fe6bde2d24f00b@news-text.bhandari.pvt.np> kadickless <nospam@rainx.cjb.net> wrote:
Every dog hath its day.
--
Lady Chatterly
"The whole Lady Chatterly thing has been poetic justice." --
theoneflasehaddock
- Posted by FakeMail on November 1st, 2004
"Martijn" <mj@dsv.nl> schreef in bericht
news:f1e3348.0410311658.6f822cd7@posting.google.co m...
http://moderate.prikpagina.nl/list.php?f=123
Klik op de link LEES DIT EERST!! en volg het stappenplan.
Download daar wel even de nieuwste versie van HJT
- Posted by Kadaitcha Man on November 1st, 2004
FakeMail, <datwiljenietweten@wilikniet.wet>, the garbled, wide-angle fondue,
and real estate agent, whined:
Jij bent vast een afgevallen baarmoedergeslingerde meeėter. Straks vind ik
je nog een geflipte binneste buiten gepijpte apenhaar. Ik denk dat je kan
doorgaan als een irritante kale kutveger.
--
"Slother" <slother2400@sasktel.net> wrote in message
news:10o5mdd56qmd103@corp.supernews.com:
- Posted by Kadaitcha Man on November 1st, 2004
FakeMail, <datwiljenietweten@wilikniet.wet>, the throwaway, indefensible
grandpa, and puppeteer/marionetteer, pussyfooted:
Ik vind jou een klootzakkende laxerend werkende mafkees. Jij bent een
schetenlatende tyfus anuslikker. Jij afgetrokken afvallige konijnennaaier.
--
"Slother" <slother2400@sasktel.net> wrote in message
news:10o5mdd56qmd103@corp.supernews.com:
- Posted by Rudolpho on November 1st, 2004
Lady Chatterly schreef:
/| /|
||__||
/ O O\__
/ \
/ \ \
/ _ \ \
/ |\____\ \
/ | | | |\____/
/ \|_|_|/ | _ ---------------------
/ / \ |____| || | Gelieve niet de |
/ | | | --| | trollen te voeren |
| | | |____ --| | Dank u wel. |
* _ | |_|_|_| | \-/ ---------+-+---------
*-- _--\ _ \ | | |
/ _ \\ | / | |
* / \_ /- | | | | |
* ___ c_c_c_C/ \C_c_c_c____________________|_|__________
--
Rudolpho
- Posted by christinA eijkhout on November 1st, 2004
In nl.comp.virus,,Tue, 02 Nov 2004 09:35:58 +0000, Fred <~@~.com> stated:
#Please DO NOT FEED#
# the trolls #
####################
--
christinA
begin te lezen wat er staat.ach
wat je leest, dat staat er
- Posted by Free Speech on November 1st, 2004
"Fred" <~@~.com> wrote in message
news:bc0d54b401bb446498686181fe4e4ace@fe.40usenets erver.com...
- Posted by Free Speech on November 1st, 2004
"Fred" <~@~.com> wrote in message
news:1287f0658e6d463d9632d097543e83d7@fe.40usenets erver.com...
- Posted by zippy do da on November 2nd, 2004
Free Speech wrote:
in the logs as well.
- Posted by Fred on November 2nd, 2004
Lady Chatterly wrote:
Would you hire someone smarter than you?
- Posted by Fred on November 2nd, 2004
Lady Chatterly wrote:
You represent nothing and nobody.
- Posted by Lady Chatterly on November 2nd, 2004
In article <88eb5ccc8e6b4ea19496ff852f6c7a4e@news-text.bhandari.pvt.np> kadickless <nospam@rainx.cjb.net> wrote:
Indeed. Quite sad, isn't it?
--
Lady Chatterly
"Listen, you moronic tin bot- shove it up yer hard drive where the sun
don't shine." -- Aunty Kreist
- Posted by Lady Chatterly on November 2nd, 2004
In article <ead08192a02f4bd2ab85e675bb1f284c@news-text.bhandari.pvt.np> Kadaitcha Man <nospam@rainx.cjb.net> wrote:
He has no equal in debate. Everyone else is better.
--
Lady Chatterly
"That's been my feeling too for 'Lady Chatterly'; almost purely random
non-sequiturism. But with some *few* 'personalized' fortune cookies
that indicate that some 'real' person is watching/controlling." --
Zinj
