Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DESPERATE HOUSEWIVE!


  • Please log in to reply
3 replies to this topic

#1 rossatron

rossatron

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 17 February 2005 - 01:56 AM

Hi I was wondering if you could help me get rid of ad-ware that continuosly pops up on my screen while im working or looking at stuff on the interet

here is a log file of running processes -

Logfile of HijackThis v1.99.1
Scan saved at 4:31:39 PM, on 17/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Home User\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\981593429475ef0704f5014344a18469\update\update.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.connect.com.au:8080
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Byf3] C:\WINDOWS\kmotak.exe
O4 - HKLM\..\Run: [popuppers] C:\WINDOWS\newpop63.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteyit32.exe
O4 - HKLM\..\Run: [MOJNPluginSrIvcs] neomonap23.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [MOJNPluginSrIvcs] neomonap23.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaterx.exe
O4 - HKCU\..\Run: [MOJNPluginSrIvcs] neomonap23.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12A994B-DFA8-4F0F-AC6E-7D25C04B639E}: NameServer = 192.189.54.37 192.189.54.26
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

PLEASE HELP I'M NO COMPUTER GENUIS SO I WON'T BE OFFENDED IF INSTRUCTIONS ON HOW TO REMOVE THIS ADWARE ARE IN LAMENS TERMS :thumbsup:

THANKS IN ADVANCE FOR ANY ASSISTANCE GIVEN!

BC AdBot (Login to Remove)

 


#2 jpbc9999

jpbc9999

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 17 February 2005 - 08:07 AM

First...take and rescan a new log and post it in the HJT log forum. Just scroll down discussion listing and itle be there. Give it two days before you cry for a response....theres a lot of them so it takes a bit. When you post it...dont replyl...as some one will think a moderator has already taken a look at it. What do you have for spywayre/malware removal?

Webroot spysweeper is one good one. AD-Aware SE is another. Spybot - Search & Destroy one of the best. I would say webroot is the best...but they want cash lets face it. Its only free for 30 days.

Also...what are the symtoms your comp is suffering? Oh yeah...first and formost...stop cliking on sites you don't know. Even big ones wanna slam your comp with junk. \

Have you tried firefox. Do a search on that too...its another browser like IE...only way better. -joe

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:49 PM

Posted 17 February 2005 - 08:37 AM

Before posting you log to the HJT forum, you will need to at least have completed the following:
1. Download, install, update, and then run Ad-AwareSE.
2. Downland, install, update, and then run Spybot Seach and Destroy.

These two applications will rid your computer of much of the spyware on your hard drive, leaving the log cleaner. See: http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/


Regards,
John

Edited by jgweed, 17 February 2005 - 08:37 AM.

Whereof one cannot speak, thereof one should be silent.

#4 megaman

megaman

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Location:Queensland, Australia
  • Local time:08:49 PM

Posted 17 February 2005 - 05:58 PM

I notice in the list NAV auto updates. is this the remnants of norton anti virus. if u r now using avg there may be a minor conflict which has nothing to do with the current problem. just thought u might like to know. :thumbsup:
The definition of success is the ability to survive failure !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users