Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
Need Help to Remove the Popup Ads [RESOLVED]
Neo huang
post May 21 2006, 01:28 AM
Post #1


New Member
*
Posts: 8
OS: win2000
Hi, there are lots of ads pop up when I use my IE. I tried some anti-virus softwares but could not stop it. I saw there is a web nexus network installed on the software list, but I failed to remove it. It's really a headache.
Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 15:23:03, on 2006-5-21
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\1XConfig.exe
C:\WINNT\svchost.exe
C:\Program Files\Outlook Express\winlass.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\301002588\Desktop\HijackThis.exe

O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IESAddr] RunDll32 "C:\WINNT\Downlo~1\Gladiator.dll",Boot
O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINNT\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [CdnCtr] XX
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKLM\..\Run: [rundll32] C:\WINNT\system32\IEXPLORER.EXE
O4 - HKLM\..\Run: [svc] C:\WINNT\svchost.exe
O4 - HKLM\..\Run: [winlass] C:\Program Files\Outlook Express\winlass.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\spywarebot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [webacc] C:\WINNT\webacc.exe
O4 - HKCU\..\Run: [svc] C:\WINNT\svchost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://crd.home.ge.com/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grmsasia.grms.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED6A6B59-F9C8-451A-BA0A-B0A877C410D4}: NameServer = 202.96.209.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grmsasia.grms.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = e2k.ad.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grmsasia.grms.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = e2k.ad.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = e2k.ad.ge.com
O20 - Winlogon Notify: Internet Settings - C:\WINNT\system32\njsdexts.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - c:\Program Files\blackice\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Distributed File Controller (dfcsvc) - Unknown owner - NTOSA32.EXE (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - c:\Program Files\blackice\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

This post has been edited by Neo huang: May 21 2006, 01:34 AM
Go to the top of the page
 
+Quote Post

Posts in this topic
- Neo huang   Need Help to Remove the Popup Ads [RESOLVED]   May 21 2006, 01:28 AM
- - Daemon   Click here to download ewido anti-malware - it is ...   May 21 2006, 03:11 AM
- - Neo huang   Thank you Daemon. Below is the new HJT file after ...   May 22 2006, 05:46 AM
- - Daemon   yes, there is more to do. Please post the ewido lo...   May 22 2006, 03:56 PM
- - Neo huang   Hi Daemon, This is the latest HJK file and ewido r...   May 22 2006, 09:17 PM
- - Daemon   OK do this for me next. Please download Atribune...   May 22 2006, 11:18 PM
- - Neo huang   Hi Daemon, thanks for your instructions and below ...   May 24 2006, 07:33 AM
- - Daemon   Make sure that you have no browser windows open as...   May 24 2006, 03:48 PM
- - Neo huang   This is the new HJK file. And I sent the requested...   May 27 2006, 07:31 PM
- - Daemon   Could you resend - it got blocked the first time. ...   May 28 2006, 04:13 AM
- - Daemon   The file you sent seems to be OK. Please post the ...   May 28 2006, 05:58 PM
- - Neo huang   Hi Daemon, For some windows error, I have my compu...   May 30 2006, 09:26 PM
- - Daemon   Since this issue appears to be resolved ... this T...   May 31 2006, 03:28 PM

 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 12th March 2010 - 12:49 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2010  IPS, Inc.