I posted a hijack this log here, because someone on the win2000 forum asked me to, but it has been removed. I am having a problem where every hour pop up advertising windows are coming up on a pc. I can't find any reason for this, if some one can please "ask me" to post it again, i will. thank you so much for your help. Dean.

Dean, You have to state in your post that someone "asked" that you post it. You did not state that in your orginal post so therefore they where removed. Feel free to re-post your log file. KTTD KTTD No, I will not fix your computer

Ok, thank you for advising that I need to say that someone asked me to post it here. Logfile of HijackThis v1.97.5 Scan saved at 5:32:15 PM, on 8/03/2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\WINNT\System32\svchost.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\Explorer.exe C:\WINNT\System32\S3tray2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe C:\WINNT\System32\internat.exe C:\WINNT\System32\WScript.exe C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe C:\Documents and Settings\pschickerling\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.225:3128 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Search.vbs O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37970.7311574074 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AURVIC.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AURVIC.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AURVIC.local

Put HJT in its own folder and fix this one: O4 - Global Startup: Search.vbs ************************************************ These you can check: If you recognize the URL at the end as your homepage or search engine, it's OK. If you don't, check it and have HijackThis fix it. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.225:3128 ********************************************************* I can't find any info on these, you check them. If the domain is not from your ISP or company network, have HijackThis fix it. The same goes for the 'SearchList' entries. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AURVIC.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AURVIC.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AURVIC.local ****************************************************************** Then clean out your system by following this: Open up IE, from the drop down menu choose Tools, Internet Options, Delete Temporary Internet Files and cookies. (cookies optional) Go to Start, Run, type temp , delete all the files in that folder Do the same for recent Delete all the .tmp and .chk files you can find. To do so, click Start/Find and in the search box (field) type *.tmp and this will search for all your temporary files. Repeat for chk files by typing *.chk in the search field, make sure you are looking in 'C'. Empty recycle bin.

Sorry, I forgot to tell you to also delete this file. Search.vbs <---- Delete it!