|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 problem with ads345; HijackThis log(Click here to view the original thread with full colors/images)Posted by: Lrigrem I got ads234 a few months ago, and more recently it changed to ads345. I've tried numerous times to get this off myself by following instructions off some internet sites and it always reinstalled. Heres some background info on what the various programs on my pc found: Bazooka Scan found Comet Cursor & MidADdle. I have followed the instructions from the link in Bazooka and it didn't help. I have Ad-Aware 6.0 and it found 4 objects, all tracking cookies (bravenet, realmedia, angelfire, and stopzilla). S&D (version 1.3) found DSO Exploit (which is always finds), Wildmedia (which has been showing up on every scan for the past month or two) and Travelocity. I have also restarted in safe mode, altered and deleted reg keys, and done a bunch of other stuff trying to get rid of this junk. I tried to download SpywareGaurd, but ads234 wouldn't let me. Not only do I have that perpetually driving me mad by popping up all the time, but once the 15 seconds of forcing me to watch an ad (which the picture doesn't even show up anymore, just a small box that says "advertisement"), it says it's resouting, but doesn't do anything. So anytime ads345 comes up now, it means that page won't load. I also noted tha you ask for people to download AdAware SE. I wasn't sure if this was different than what I had, but I tried to download it anyway. Same problem. Apparently majorgeeks.com sets it off. Here's my Hijack This log: Logfile of HijackThis v1.99.0 Scan saved at 8:12:00 PM, on 2/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\SYSTEM\cvrss.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\windows\FJR8Y.exe C:\windows\PCCTGT.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\AIM\aim.exe C:\Documents and Settings\Kristen\My Documents\Crap\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Kristen\Local Settings\Temp\jZ.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [2ak] C:\documents and settings\kristen\local settings\temp\2ak.exe O4 - HKLM\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKLM\..\Run: [j] C:\documents and settings\kristen\local settings\temp\j.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [FJR8Y] C:\windows\FJR8Y.exe O4 - HKLM\..\Run: [PCCTGT] C:\windows\PCCTGT.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [crvss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [url]http://cabs.roings.com/cabs/mmed.cab[/url] O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe Any help is much appreciated. Posted by: Roshi229 Lrigrem, thanks and welcome to TF. we are currently working with a few others who have been in line and some of our staff has taken some time off this weekend. Please be patient and an expert will be with you shortly. SpywareGuard is a very wonderful preventive measure to spyware however we need to get your system clean first... please visit [url]www.kbdigisol.com[/url] for the latest versions of these: [b] AdAware SE and Spybot S&D (fix all entries in red) [/b] thanks again we'll be with you shortly ~KB Posted by: rstones12 Hello Lrigrem, Please download these programs first. [b]CWShredder 2.13[/b] [url=http://cwshredder.net/bin/CWShredder.exe][b][color=blue]HERE[/color][/b][/url] Close all browsers and open windows and click on [b]"Fix[/b] [b]Ad-Aware SE [/b][url=http://www.majorgeeks.com/download506.html][b][color=blue]HERE[/color][/b][/url] Update this program by using the [b]"Check for Updates Now"[/b] option. [b]Spybot S&D 1.3[/b] Update this by using the update feature and select all updates. Make sure to close all browsers and open windows and run. The DSO Exploit message in Spybot S&D that keeps returning is a false/positive. It will be fixed in a updated version. Reboot into Safe Mode and run the updated versions: You can do this by tapping the F8 key when the computer boots up. This will take a little longer to boot up so be patient. Ad-Aware SE Spybot S&D Remove all items that it finds. Please post a new HJT log by using [b]"Post a Reply"[/b] Thanks, rstones12 Posted by: Lrigrem Wow. The Ad Aware SE version was amazing. It found over 100 things... My old version normally found around 5. Is there any way for me to know when there is a better version of one of these programs? I wish I would have known about the SE version months ago. It probably would have saved me a lot of trouble. Anyway, THANK YOU and here's my (hopefully clean) HJT log: Logfile of HijackThis v1.99.0 Scan saved at 5:48:56 PM, on 2/9/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\SYSTEM\cvrss.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Apoint\Apntex.exe C:\Documents and Settings\Kristen\My Documents\Crap\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [2ak] C:\documents and settings\kristen\local settings\temp\2ak.exe O4 - HKLM\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKLM\..\Run: [j] C:\documents and settings\kristen\local settings\temp\j.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [FJR8Y] C:\windows\FJR8Y.exe O4 - HKLM\..\Run: [PCCTGT] C:\windows\PCCTGT.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [crvss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [url]http://cabs.roings.com/cabs/mmed.cab[/url] O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe Thanks again! Posted by: rstones12 Lrigrem, I dont see any type of Anti-Virus Protection that is running on your machine. If you need some suggestions I can provide you some. I would recommend getting one now. [b]1.[/b] Please run [b]each[/b] of these online scans, allow each one to delete anything they find: You may have to select auto-fix prior to scanning, it should be a selection on the screen.[LIST][URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/URL] [URL=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/URL] [/LIST]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. Post a new HJT log by using [b]"Post a Reply"[/b] Thanks, rstones12 Posted by: Lrigrem I ran Panda, & it didn't find anything. Trend Micro found "TROJ WAITL.A", but it said it was Not Cleanable, at first, but I closed the program & tried to clean it (now that it was no longer "in use") and the scan result said "clean not supported". It was found at c:\\WINDOWS\system\cvrss.exe I have SpywareBlaster to protect my laptop, but nothing else. I perform scans with Spybot S&D & Ad Aware about every week or so. Any programs you reccomend that I download to help protect my computer? Here's my HJT log: Logfile of HijackThis v1.99.0 Scan saved at 9:05:46 PM, on 2/9/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\SYSTEM\cvrss.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Picture Package\Picture Package Applications\Residence.exe C:\Documents and Settings\Kristen\My Documents\Crap\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [2ak] C:\documents and settings\kristen\local settings\temp\2ak.exe O4 - HKLM\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKLM\..\Run: [j] C:\documents and settings\kristen\local settings\temp\j.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [FJR8Y] C:\windows\FJR8Y.exe O4 - HKLM\..\Run: [PCCTGT] C:\windows\PCCTGT.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [crvss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [url]http://cabs.roings.com/cabs/mmed.cab[/url] O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe Posted by: rstones12 Here is a thread for some Anti-Virus Programs. You have some infections. Download one of these programs and then update it. They are both good programs so it comes down to your choice. [url]http://www.tech-forums.net/showthread.php?s=&threadid=18662[/url] Update your anti-virus software and scan your system. Here is another tool that can use as well. It only searched for specific viruses so you may not find any. I would recommend you run this in Safe Mode: [b]Stinger[/b] [url]http://vil.nai.com/vil/averttools.asp#stinger[/url] [b]a2-squared[/b] This program searches for trojans. This is optional download. I use it and like it, IMO. [url]http://www.emsisoft.com/en/software/free/[/url] After you have done this, scan with HJT. Place a check next to the following items. [b] O4 - HKLM\..\Run: [2ak] C:\documents and settings\kristen\local settings\temp\2ak.exe O4 - HKLM\..\Run: [j] C:\documents and settings\kristen\local settings\temp\j.exe O4 - HKLM\..\Run: [FJR8Y] C:\windows\FJR8Y.exe O4 - HKLM\..\Run: [PCCTGT] C:\windows\PCCTGT.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - [url]http://cabs.roings.com/cabs/mmed.cab[/url] [/b] Close all browsers and open windows and click [b]"Fix Checked"[/b] Reboot into Safe Mode and delete the following files/folders if present. C:\windows\[b]FJR8Y.exe[/b] C:\windows\[b]PCCTGT.exe[/b] Delete your temporary files by: Clicking Start | Programs | Accessories | System Tools | Disk CleanUp Empty your Recycle Bin Reboot normally and post an new HJT log by using [b]"Post a Reply"[/b] Posted by: Lrigrem Downloaded & ran AVG, Stinger & a2. Here's my HJT log: Logfile of HijackThis v1.99.0 Scan saved at 4:07:18 PM, on 2/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SYSTEM\cvrss.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Picture Package\Picture Package Applications\Residence.exe C:\Documents and Settings\Kristen\My Documents\Crap\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [crvss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe Posted by: rstones12 Lrigrem, You have a few stubborn ones we need to take care of: Please run HJT and place a checkmark next to the following items. [b] O4 - HKLM\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [cvrss] C:\WINDOWS\SYSTEM\cvrss.exe O4 - HKCU\..\Run: [crvss] C:\WINDOWS\SYSTEM\cvrss.exe [/b] Close all browsers and open windows except HJT and click [b]"Fix Checked"[/b] Restart your computer in safe mode: Search an remove the following files/folders if found: C:\WINDOWS\SYSTEM\[b]CVRSS.EXE[/b] Run your AVG7 anti-virus and remove all entries found. Reboot normally and post a new HJT log by using [b]"Post a Reply"[/b] Thanks, rstones12 Posted by: Lrigrem Deleted the first 3 from HJT, didn't find the cvrss.exe file to delete after running it in Saftey Mode. AVG didn't find anything either. My log: Logfile of HijackThis v1.99.0 Scan saved at 11:37:33 PM, on 2/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Picture Package\Picture Package Applications\Residence.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kristen\My Documents\Crap\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe Thanks again! Posted by: rstones12 Lrigrem, Looks good, are you having anymore current issues. Here are some suggestions, they are optional for you to choose. I would uninstall: [b]ViewPoint Manager[/b] It is not needed, but that is optional. Here are some threads you should consider reading. [url]http://www.tech-forums.net/showthread.php?s=&threadid=36259[/url] [url]http://www.tech-forums.net/showthread.php?s=&threadid=35181[/url] If you need further assistance please post back. Thanks rstones12 Posted by: Lrigrem Thanks so much for all the help. I haven't had any problems for a few days now! Thanks for all your help & for the great links! MUCH appreciated! Posted by: rstones12 No problem, Glad to help. rstones12 Posted by: southernlady Closed. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |