Comand Service.. I want to get rid of this NOW!

P

Pekka79

New member
HEY!

I'v runned Spybot several time, but it seams I just can not get rid of this problem, I'm about to go berserk on all those pop-ups on my screen!!

Please..

This is my log from HJT:

Logfile of HijackThis v1.99.1
Scan saved at 14:04:00, on 2006-04-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Patrick\My Documents\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Documents and Settings\Patrick\My Documents\PEKKAS\Winamp\winampa.exe
C:\windows\mousepad13.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\srshost.exe
C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\wupdmgr.exe
C:\WINNT\osaupd.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\TEMP\BF98.tmp
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CamMonitor] C:\Documents and Settings\Patrick\My Documents\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Documents and Settings\Patrick\My Documents\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Patrick\My Documents\PEKKAS\Winamp\winampa.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard13.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad13.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINNT\system32\runsrv32.exe
O4 - HKLM\..\RunServices: [eventwvr] C:\WINNT\system32\eventwvr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [srshost.exe] C:\WINNT\system32\srshost.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143403289575
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\system32\mv06l9ds1.dll
O20 - Winlogon Notify: SensSrv - C:\WINNT\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: xptptt - C:\WINNT\SYSTEM32\xptptt.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 
Last edited by a moderator:
Like allways

Hi.. again...
I talked to some friends who told me to download the Ewido, and then i saw that even you told people to download it, so, i thought maby I could and did so just be be one step ahead... HA.. Yeah RIGHT!
Like in "murphuys law"...

PROGRAM ERROR when i was installing, and then the insatllation was aborted.. did it a few times, even in safe mode, but just the same message kept comming...:scratch:
And what ever it it that iv'e got on my pc keeps screwing up my internet, even this page... and right now i could go berserk on those pop-ups!!!
 
Hello Pekka79

Apologies for the late reply, we've been swamped in here lately.

Are you still needing help? If so, I am here to help you with this. You had multiple infections going on there. Can you please post a fresh HijackThis log and I'll get a notice when you have replied, so the wait will not be very long to hear back from me.
 
This topic is now closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.
 
You must log in or register to reply here.
Back
Top