HELP PLEASE!!! Spyware prob I think!

G

Guest

HI, i have recently encountered a problem that at first i thought was as a
result of spyware (spose could still be), I am getting a dialog box stating
"web page unavailable while offline" I have to close this box twice before I
can run my chosen program. Most programs are afected and is becoming highly
annoying. I have run my updated microsoft antispyware in safe mode and
removed some spyware that was not detected when I ran it normally. Has a
registry value been altered to allow this annoying little bugger to continue
harrasing me even after allspyware has been removed?

Please Help!

Bryan
 
R

Rich Barry

Go to Start>Run type: msconfig Select Startup Tab and uncheck
possible offending program in there.
 
G

Guest

have nothing checked in startup except my antispyware and antivirus programs.
even after unchecking them the problem persists.
if anyone knows anything about registry values this may help...

Logfile of HijackThis v1.99.1
Scan saved at 8:17:30 AM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wave.co.nz/cgi-bin/signupcd.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: ngpw34.clsIS - {2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} -
c:\windows\ngpw34.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft -
{49E0E0F0-5C30-11D4-945D-000000000003} -
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: ngsw31.clsIS - {E9147A0A-A866-4214-B47C-DA821891240F} -
c:\windows\ngsw31.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wave.co.nz/cgi-bin/signupcd.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{3BF7E188-672F-4ED1-B34F-85828B40660E}:
NameServer = 203.109.252.42 203.109.252.43
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help and Support Icon always in system tray 3
I've lost admin privs, and I can't stop what's happening! 6
Admin problem 2
I Keep Getting System Alerts About Spyware 2
why cant I download anti spyware onto my pc?? 1
problem persists after spyware removal 4
Spyware Popups 10
getting windows message to click for spyware protection-i click and nothing happens=help please 1

Top