marcchan
2005-12-16, 18:44
Hi, when i connected to the internet and browse my IE, suddenly came up pop ups, this they never stop.
another problem is that the font of my IE is in italic form and i don't think i can change that... even in the start up
pls can anyone tell me what the problem is
thank for helping me
here is my hijackthis.txt
Logfile of HijackThis v1.99.1
Scan saved at 12:43:43 AM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Documents and Settings\Chan\My Documents\My Files\Timer\RasTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ppiicc.exe reg_run
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: RasTimer.lnk = C:\Documents and Settings\Chan\My Documents\My Files\Timer\RasTimer.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{561ECF1A-6362-49C5-9C7D-26D6515C1E38}: NameServer = 202.78.97.41 202.78.97.2
O20 - AppInit_DLLs: SYS:Microsoft\Windows NT\CurrentVersion\Windows
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\f4j20e1oeh.dll
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
another problem is that the font of my IE is in italic form and i don't think i can change that... even in the start up
pls can anyone tell me what the problem is
thank for helping me
here is my hijackthis.txt
Logfile of HijackThis v1.99.1
Scan saved at 12:43:43 AM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Documents and Settings\Chan\My Documents\My Files\Timer\RasTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ppiicc.exe reg_run
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: RasTimer.lnk = C:\Documents and Settings\Chan\My Documents\My Files\Timer\RasTimer.exe
O8 - Extra context menu item: &Download with Download Accelerator Lite - C:\Program Files\Download Accelerator Lite\dal.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{561ECF1A-6362-49C5-9C7D-26D6515C1E38}: NameServer = 202.78.97.41 202.78.97.2
O20 - AppInit_DLLs: SYS:Microsoft\Windows NT\CurrentVersion\Windows
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\f4j20e1oeh.dll
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe