TechSpot

Pop-up and Spyware Problems

By LoneEmber
Feb 1, 2006
Topic Status:
Not open for further replies.
  1. I would greatly appreciate any help I can get for my spyware and pop-up problems. I have run just about every spyware finder/fixer that has been suggested here and other places. I will post my HJT log. Thanks again for any help.
  2. swker98

    swker98 TechSpot Paladin Posts: 1,348

    hello loneenmber


    Go here
    then here
    and lastly here


    Get Avg free and Zone alarm free, dump norton as it is bloatware


    then post an updated log from safemode after all above instructions are followed

    fix the fowling enetries

    O4 - HKLM\..\Run: [msst] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe


    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab


    UNLESS YOU PLAY PARTY POKER FIX

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)


  3. LoneEmber

    LoneEmber TS Rookie Topic Starter

    I have ran all of the tests and programs that you suggested and I am still getting the pop-ups. I will post a new HJT log and a ewido log. Again, any help is greatly appreciated.
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions on the first page that appears. Then, post a fresh HJT log.

    Regards Howard :wave: :wave:
  5. LoneEmber

    LoneEmber TS Rookie Topic Starter

    Here are the new logs. Thanks again for the help.
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I`m pleased to say, your HJT log is now clean.

    Has the popup problem gone now?

    Regards Howard :)
  7. LoneEmber

    LoneEmber TS Rookie Topic Starter

    Unfortunately, no they aren't gone. They are no where near as bad, though. Is there anything else anyone can reccomend?
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I can`t see anything in your last HJT log.

    However, from one of your ealier logs I spotted this.

    O4 - HKLM\..\Run: [msst] C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe

    Boot into safe mode.

    Turn off system restore.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system".

    Open your task manager, by pressing the ctrl/alt/delete keys together.

    Click on the processes tab, and end process for(if there).

    msst.exe

    Close task manager.

    Locate the following bold file, and delete it. (if there).

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\msst\msst.exe

    Reboot into normal mode, and turn system restore back on.

    Regards Howard :)
  9. LoneEmber

    LoneEmber TS Rookie Topic Starter

    I found the file, but not the process. I deleted it and I am still getting a couple of different ones. They are from static.egwn.net and winantispyware.com. I don't know if this will ring any bells. If you need any more logs, let me know and I'll post them.
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    The winantispyware.com is a url of a company that make the winantispyware2005 scanner. programme.

    Have you ever downloaded this programme?

    Check in your add remove programme for anything related to the above.

    If you find anything, uninstall it

    Also, do a search on your computer for any of these files, and delete them.

    process: winantispyware2005setup.exe: MD5 Hash: b9314736b82ddad890d...
    process: winantispyware2005scanner2222[1].exe: MD5 Hash: 602bbc1fd9f33c639ad...
    process: winantispyware2005scanner2222[1].exe: MD5 Hash: 602bbc1fd9f33c639ad...
    process: winantispyware2005scanner2222.exe: MD5 Hash: 602bbc1fd9f33c639ad...
    process: winantispyware2005scanner2222.exe: MD5 Hash: 602bbc1fd9f33c639ad...


    I`m still checking on the static.egwn.net. I will get back to you on this one if I can come up with any info.

    Regards Howard :)
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    From what I can gather. Ad-Aware SE is supposed to get rid of static.egwn.net.

    Make sure you have the latest updates for Ad-Aware, then run it, and delete whatever it finds. Also delete whatever is in the quarantine section of Ad-Aware.

    Regards Howard :)
     
  12. LoneEmber

    LoneEmber TS Rookie Topic Starter

    It seems that AdAware has removed the winantispyware pop-up after two tries, but the static.egwn.net is still there. Thanks again for your help. If this one is the only one that comes up, I can live with the improvements made. If you (or anyone else out there) has any other suggestions, please let me know.
  13. LoneEmber

    LoneEmber TS Rookie Topic Starter

    Argh! No sooner that I made my last post, the winantispyware pop-up came up. I don't really understand what to search for. The MD5 Hash followed by numbers is something I'm not familiar with. An explanation on that would be appreciated.
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    The files you need to search for are these.

    winantispyware2005setup.exe
    winantispyware2005scanner2222[1].exe
    winantispyware2005scanner2222.exe

    I must admit, I`m starting to run out of ideas.

    Go HERE and follow the instructions.

    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.