[windows2000] Cant remove Pest
- From: "Rosemary Sarkis" <rosemary_sarkis@xxxxxxxxxxx>
- To: windows2000@xxxxxxxxxxxxx
- Date: Wed, 14 Jan 2004 15:37:52 +1100
Hi
I seem to be having an issue on my Windows XP Pro system (I know its a 2000
list but the resolution will be the same Im sure)where Im getting tasks open
automatically in the background. I have a few programs installed that stop
popups and these seem to work. I don?t get popups but if I open Task
Manager I see the following Applications running in the background. I only
usually get 1 task at a time. If I close the app, its replaced with
something different. These IE processes cannot be seen ? they run in the
background only
- Online Dialer ? Microsoft Internet Explorer
- Absolut Teen ? Microsoft Internet Explorer
- http://sexzones.net
etc
I have installed the following applications
- McAfees virus with latest defs
- Ad-Aware (with Adwatch monitoring)
- HiJackThis
- Popupstopper
- XP Firewall enabled
AdAware picks up the std bug (Webdialer) and removes it but it constantly
reappears (even with Adwatch enabled). The other piece of software
installed which may be causing the issue in the first place in Kazaa Lite
K++ (which is supposedly Ad free)
Does anyone have any suggestions as to what I can do to remove these pests
that run in the background?
Thanks
Rose
----------------------------------------------------------------
HiJackThis LOg
Logfile of HijackThis v1.97.7
Scan saved at 7:26:50 AM, on 14/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SurfSecret\SS2-FULL.exe
C:\WINDOWS\rundll32.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\PowerQuest\V2i Protector 2.0\Agent\PQV2iSvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\taskmgr.exe
D:\Downloads\HiJackthis\HijackThis.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.seekseek.com/quicksearch.asp?session=8271F11D-1390-4115-A5FA-16425F9BB24C&version_id=18
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program
Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {5074851C-F67A-488E-A9C9-C244573F4068} -
C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program
Files\ClearSearch\IE_ClrSch.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro -
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up
Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware
6\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware
6\Ad-aware.exe +c
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\SS2-FULL.exe /min
O4 - HKCU\..\Run: [rundll32] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
-quiet
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37973.1304976852
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
http://66.117.38.54/static/dploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
----------------------------------------------------------------
_________________________________________________________________
Send mobile Christmas cards, download a festive ringtone and win a Motorola
E365. Go to: http://ninemsn.com.au/mobilecentral/christmas.asp
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts: