bmxrider Posted May 3, 2006 Share Posted May 3, 2006 ok, it started out with a "Search" toolbar suddendly appearing and i got rid of that, but now I get pop ups everyonce in a while just out of nowhere even if no windows r open and the comp is just sitting there :wink: and some pages when they load they will have an ad on the top and bottom of the page, it looks like it added right into the page but for example, i open up "Media Forum" there wont be these ads, but then i open a topic in that forum and boom they appear on the page (picture of this at bottom of post) i use windows 2000 and here is a hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 7:37:55 PM, on 5/3/2006 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss[Caution: Executable File] C:\WINNT\system32\winlogon[Caution: Executable File] C:\WINNT\system32\services[Caution: Executable File] C:\WINNT\system32\lsass[Caution: Executable File] C:\WINNT\system32\svchost[Caution: Executable File] C:\WINNT\system32\spoolsv[Caution: Executable File] C:\WINNT\System32\svchost[Caution: Executable File] C:\WINNT\system32\regsvc[Caution: Executable File] C:\WINNT\system32\MSTask[Caution: Executable File] C:\WINNT\uqjoyxw[Caution: Executable File] C:\WINNT\System32\WBEM\WinMgmt[Caution: Executable File] C:\WINNT\Explorer[Caution: Executable File] C:\WINNT\loadqm[Caution: Executable File] C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau[Caution: Executable File] C:\WINNT\uqjoyxwA[Caution: Executable File] C:\WINNT\SYSC00[Caution: Executable File] C:\WINNT\ms0502916-7360[Caution: Executable File] C:\Program Files\McAfee\McAfee VirusScan\alogserv[Caution: Executable File] C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File] C:\PROGRA~1\AIM\aim[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File] C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray[Caution: Executable File] C:\Documents and Settings\Wally\My Documents\My Received Files\HijackThis[Caution: Executable File] O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {CC0E0EB1-69B3-48C0-B4C3-2C5FD137E762} - C:\Program Files\Internet Explorer\hozemo.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: Executable File] /logon O4 - HKLM\..\Run: [LoadQM] loadqm[Caution: Executable File] O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau[Caution: Executable File]" O4 - HKLM\..\Run: [keyboard] c:\\keyboard16[Caution: Executable File] O4 - HKLM\..\Run: [mousepad] c:\\mousepad16[Caution: Executable File] O4 - HKLM\..\Run: [uqjoyxwA] C:\WINNT\uqjoyxwA[Caution: Executable File] O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00[Caution: Executable File] O4 - HKLM\..\Run: [ms0502916-7360] C:\WINNT\ms0502916-7360[Caution: Executable File] O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv[Caution: Executable File] O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: Executable File]" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1[Caution: Executable File]" -quiet O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim[Caution: Executable File] -cnetwait.odl O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim[Caution: Executable File] O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger[Caution: Executable File] O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger[Caution: Executable File] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6282923123 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr[Caution: Executable File] O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: Executable File] O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\McShield\Mcshield[Caution: Executable File] O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon[Caution: Executable File] (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\uqjoyxw[Caution: Executable File] so if anybody could help me get rid of this id be so grateful 99/99 Crafting86/85 Mining Link to comment Share on other sites More sharing options...
Mercifull Posted May 4, 2006 Share Posted May 4, 2006 I would love to help but alas i cant read your post because you have done it in a stupid colour. I'll presume you have already scanned for viruses in safemode, scanned with Ad-aware and also with spybot before making this topic as it says in the stickies. Also note that you have NO firewall installed on your PC and your version of Windows is horribly out of date (i dont mean 2000/XP i mean in security patch sense) Ctrl+Alt+Delete and end these... C:\WINNT\uqjoyxw[Caution: Executable File] C:\WINNT\uqjoyxwA[Caution: Executable File] C:\WINNT\SYSC00[Caution: Executable File] C:\WINNT\ms0502916-7360[Caution: Executable File] Fix the following O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {CC0E0EB1-69B3-48C0-B4C3-2C5FD137E762} - C:\Program Files\Internet Explorer\hozemo.dll O4 - HKLM\..\Run: [keyboard] c:\\keyboard16[Caution: Executable File] O4 - HKLM\..\Run: [mousepad] c:\\mousepad16[Caution: Executable File] O4 - HKLM\..\Run: [uqjoyxwA] C:\WINNT\uqjoyxwA[Caution: Executable File] O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00[Caution: Executable File] O4 - HKLM\..\Run: [ms0502916-7360] C:\WINNT\ms0502916-7360[Caution: Executable File] O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon[Caution: Executable File] (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\uqjoyxw[Caution: Executable File] Restart + post a new log.... in something thats readable, not everyone uses the same forum theme as you. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
weezcake Posted May 4, 2006 Share Posted May 4, 2006 Removed the orange colors. Not everyone has the same forum scheme as you do. ==================================Retired tip.it moderator.Teaching and inspiring. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now