Pekka79
2006-04-24, 14:59
HEY!
I'v runned Spybot several time, but it seams I just can not get rid of this problem, I'm about to go berserk on all those pop-ups on my screen!!
Please..
This is my log from HJT:
Logfile of HijackThis v1.99.1
Scan saved at 14:04:00, on 2006-04-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Patrick\My Documents\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Documents and Settings\Patrick\My Documents\PEKKAS\Winamp\winampa.exe
C:\windows\mousepad13.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\srshost.exe
C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\TEMP\BF98.tmp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CamMonitor] C:\Documents and Settings\Patrick\My Documents\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Patrick\My Documents\PEKKAS\Winamp\winampa.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINNT\system32\runsrv32.exe
O4 - HKLM\..\RunServices: [eventwvr] C:\WINNT\system32\eventwvr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [srshost.exe] C:\WINNT\system32\srshost.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143403289575
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\system32\mv06l9ds1.dll
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: xptptt - C:\WINNT\SYSTEM32\xptptt.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
I'v runned Spybot several time, but it seams I just can not get rid of this problem, I'm about to go berserk on all those pop-ups on my screen!!
Please..
This is my log from HJT:
Logfile of HijackThis v1.99.1
Scan saved at 14:04:00, on 2006-04-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Patrick\My Documents\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Documents and Settings\Patrick\My Documents\PEKKAS\Winamp\winampa.exe
C:\windows\mousepad13.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\srshost.exe
C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\TEMP\BF98.tmp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CamMonitor] C:\Documents and Settings\Patrick\My Documents\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Patrick\My Documents\PEKKAS\Winamp\winampa.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINNT\system32\runsrv32.exe
O4 - HKLM\..\RunServices: [eventwvr] C:\WINNT\system32\eventwvr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [srshost.exe] C:\WINNT\system32\srshost.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143403289575
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\system32\mv06l9ds1.dll
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: xptptt - C:\WINNT\SYSTEM32\xptptt.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe