HSA got me down
Ok...
I've followed all the steps!
4 times, I've proceded past step 15.
HSA WAS GONE!!!!
adaware(updated)
SPYBOT(updated)
Hijackme(updated)
ALL said my compy was clean.
Even internet explorer worked.
But suddenly...
EVERY SINGLE TIME...
A little computer generated ad box(i know this cuz of the weird icon in the top left hand corner in the place of your browser icon. Also, it pops up when internet explorer isn't even running) comes up.
Then...
Everything is back.
On Hijack this.
I find the file
and I fix.
That's not the problem
I need it to STAY FIXED!!!!!!
Or... I'll just use firefox like I'm using now and miss out on many MANY features ove the interweb that require Iexplore.
Wattsup wid dat?
:Rocker:
I've followed all the steps!
4 times, I've proceded past step 15.
HSA WAS GONE!!!!
adaware(updated)
SPYBOT(updated)
Hijackme(updated)
ALL said my compy was clean.
Even internet explorer worked.
But suddenly...
EVERY SINGLE TIME...
A little computer generated ad box(i know this cuz of the weird icon in the top left hand corner in the place of your browser icon. Also, it pops up when internet explorer isn't even running) comes up.
Then...
Everything is back.
On Hijack this.
I find the file
and I fix.
That's not the problem
I need it to STAY FIXED!!!!!!
Or... I'll just use firefox like I'm using now and miss out on many MANY features ove the interweb that require Iexplore.
Wattsup wid dat?
:Rocker:
0
This discussion has been closed.
Comments
Please follow post #2 on the guide to generate a log of your active services (while in Normal Mode, and post both that and your HJT log for review.
Dexter...
E:\WINNT\Explorer.EXE
E:\WINNT\system32\appyc32.exe
D:\Program Files\firefox\firefox.exe
E:\DOCUMENTS AND SETTINGS\PHILIP\DESKTOP\HijackThis.exe
O2 - BHO: (no name) - {5E92B356-38CD-7589-10E6-B825C39C3EAC} - E:\WINNT\msnm32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38219.6084490741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Lol...
I deleted everything.
LIke msnm32.dll
I delete every suspicious file.
And the files come right back when a little pop up appears.
As of right now, I dont' have a problem.
But I'm sure that within a day...
That popup will return and I'll have it again.
http://www.short-media.com/forum/showpost.php?p=174924&postcount=2
And give me the active services list that generates.
Dexter...
I heartily disagree with your statement that you'll be missing out on many MANY "features" on the net that require Internet Explorer.
The only thing you'll be missing is spyware.
IE SUXORS BALLZ
but still...
I like to have my options open.
Certain things like Launch on Yahoo and certain games require IE.
I have 2 processes.
netpt32.exe
and
appyc32.exe
I can kill appyc32, but it comes back in about 2 secs.
After using the hijack this, I find this msnmd32.exe
I can't get rid of this either.
netpt32.exe
I can't even end the program at all.
Dexter...
It came back again.
these are the services
These are the Current Active Services:
Application Management: AppMgmt
E:\WINNT\system32\services.exe
Computer Browser: Browser
E:\WINNT\System32\services.exe
DHCP Client: Dhcp
E:\WINNT\System32\services.exe
Logical Disk Manager: dmserver
E:\WINNT\System32\services.exe
DNS Client: Dnscache
E:\WINNT\System32\services.exe
Event Log: Eventlog
E:\WINNT\system32\services.exe
Server: lanmanserver
E:\WINNT\System32\services.exe
Workstation: lanmanworkstation
E:\WINNT\System32\services.exe
TCP/IP NetBIOS Helper Service: LmHosts
E:\WINNT\System32\services.exe
Messenger: Messenger
E:\WINNT\System32\services.exe
Plug and Play: PlugPlay
E:\WINNT\system32\services.exe
Protected Storage: ProtectedStorage
E:\WINNT\system32\services.exe
RunAs Service: seclogon
E:\WINNT\system32\services.exe
Distributed Link Tracking Client: TrkWks
E:\WINNT\system32\services.exe
Windows Management Instrumentation Driver Extensions: Wmi
E:\WINNT\system32\Services.exe
COM+ Event System: EventSystem
E:\WINNT\System32\svchost.exe -k netsvcs
Network Connections: Netman
E:\WINNT\System32\svchost.exe -k netsvcs
Removable Storage: NtmsSvc
E:\WINNT\System32\svchost.exe -k netsvcs
Remote Access Connection Manager: RasMan
E:\WINNT\System32\svchost.exe -k netsvcs
System Event Notification: SENS
E:\WINNT\system32\svchost.exe -k netsvcs
Telephony: TapiSrv
E:\WINNT\System32\svchost.exe -k netsvcs
Network Security Service (NSS): O?’ŽrtñåȲ$Ó
E:\WINNT\netpt32.exe /s
IPSEC Policy Agent: PolicyAgent
E:\WINNT\System32\lsass.exe
Security Accounts Manager: SamSs
E:\WINNT\system32\lsass.exe
Remote Registry Service: RemoteRegistry
E:\WINNT\system32\regsvc.exe
Remote Procedure Call (RPC): RpcSs
E:\WINNT\system32\svchost -k rpcss
Task Scheduler: Schedule
E:\WINNT\system32\MSTask.exe
Print Spooler: Spooler
E:\WINNT\system32\spoolsv.exe
Still Image Service: StiSvc
E:\WINNT\system32\stisvc.exe
Windows Management Instrumentation: WinMgmt
E:\WINNT\System32\WBEM\WinMgmt.exe
Automatic Updates: wuauserv
E:\WINNT\system32\svchost.exe -k wugroup
My compy is in chinese for some inexplicable reason so I don't know how to disable services.
E:\WINNT\netpt32.exe /s
That is your problem entry. You need to find that service in the services.msc control panel, STOP it, then disable it. Until you kill that service, you will not make this thing go away. If your computer is in a different language, you will have to find out what that service is in that language.
Dexter...
Dexter...
I stopped the service, and when I rebooted.
The service was back and also A bunch of things were messed up.
Explorer's loading is EXTREMELY slow.
I can't drag and drop.
I can't copy and paste.
I think there was more crap on my computer than HSA.
Dexter...
it is too bad you chose to do that. Spyware / adware can always be removed, and thousands of people have removed this problem from their computers.
Closing thread.
Dexter...