MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: ads[12].revenue.net incessant pop-ups
September 15, 2019, 11:24:11 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 15, 2019, 11:24:11 PM

Login with username, password and session length
 
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: ads[12].revenue.net incessant pop-ups  (Read 1736 times)
springcleanme
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« on: October 11, 2004, 05:09:47 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows 2000 Professional
Problem Application Name & Version: Internet Explorer 6.0
Problem Hardware Make & Model: Toshiba Tecra 8000 laptop
Error Messages: N/A



I've seen many posts similar to this problem, and steps to take, follow-up logs posted; have not seen full resolution however, nor am I able to make out a works-for-everyone solution to rid a Windows PC of the ads[12].revenue.net pop-ups.  Is it really so customized?

Apologies in advance for newbie errors/netiquette blunders/etc.  I have tried Spybot, and after posting, may try Stopzilla, which by the way, came up from one of the ads[12].revenue.net pop-ups (am I stupid?  I think I'll wait for a reply to this post before doing anything else.  Smiley)  I did do a Google search to see if Stopzilla was a legitimate application and it appears to be highly rated.  Here's my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 9:09:18 AM, on 10/11/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Progra~1\SymNavNT\defwatch.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Progra~1\SymNavNT\vptray.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
D:\PROGRA~1\MOZILL~1\firefox.exe
D:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\msagent\AgentSvr.exe
D:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\dehwei\Desktop\LSPFix.exe
C:\Documents and Settings\dehwei\Desktop\HijackThis.exe
C:\PROGRA~1\WINDOW~4\ACCESS~1\WORDPAD.EXE
C:\PROGRA~1\INTERN~1\IEXPLO~1.BAD

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\se\v11\se.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [rmsystem] rmsys.exe
O4 - HKLM\..\Run: [vptray] D:\Progra~1\SymNavNT\vptray.exe
O4 - HKLM\..\Run: [WG511WLU] d:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\RunServices: [rmsystem] rmsys.exe
O4 - HKCU\..\Run: [Yahoo! Pager] d:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [\IEService.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WLAN Monitor & Configuration.lnk = D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab

TIA for any assistance/insight!!!
« Last Edit: October 11, 2004, 05:18:12 PM by springcleanme » Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #1 on: October 11, 2004, 05:20:56 PM »

First your hijack this is outdated please download the newest versionFrom Here

Make sure you unzip hijack this to its own folder such as C:\Program files as this is where the backups will be created.Run Hijack this but do NOT fix anything.
Also Please download LSP FIX



Then  use these instructions to remove the bad DLL:

1. Run LSPFix.
2. Check 'I know what I'm doing'.
3. Select 'inetadpt.dll'.
4. Click the right-pointing arrow (moves it to the "remove" page).
5. Click 'Finished'.
6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
7. Delete the following file: c:\windows\system\inetadpt.dll
8. Restart your computer and bring it up in normal mode.Run hijack this and post a new log
« Last Edit: October 11, 2004, 05:22:12 PM by jvic » Logged

John Vickers
springcleanme
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: October 11, 2004, 07:10:50 PM »

OK, I ran LSPFix and removed inetadpt.dll.
Also, restarted in Safe Mode, but c:\windows\system\inetadpt.dll did not exist [any longer?]
Restarted and recaptured HijackThis log:

Logfile of HijackThis v1.98.2
Scan saved at 11:40:35 AM, on 10/11/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Progra~1\SymNavNT\defwatch.exe
D:\Progra~1\SymNavNT\rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Progra~1\SymNavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\My Upload Files\Original Media 'n Notes\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\se\v11\se.DLL
O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [rmsystem] rmsys.exe
O4 - HKLM\..\Run: [vptray] D:\Progra~1\SymNavNT\vptray.exe
O4 - HKLM\..\Run: [WG511WLU] d:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [STOPzilla] "c:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\RunServices: [rmsystem] rmsys.exe
O4 - HKCU\..\Run: [Yahoo! Pager] d:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [\IEService.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WLAN Monitor & Configuration.lnk = D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ComcastHSI - {2AEF61DA-F1BA-423B-B6C8-4AA65BA8D1DF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {9E2806F6-BF74-441B-B257-65B4676F2FB3} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {ED2902B7-B66A-4ACA-A18C-9396CA501E47} - http://www.comcastsupport.com (file missing) (HKCU)
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

FYI, just got email from revenue.net suggesting their services are not related to my pop-ups (I was searching around, and thought it might be).  They had a recommendation as well:

"We do not create or distribute software of this nature.

 

We recommend one of two approaches. First, you may send us the full revenue.net URL of the pop-under you are seeing, including something that resembles SITE_ID=##### as that will better direct our assistance, and/ or you may try one or many of the uninstallers we have assembled from users with similar experiences. If you choose the latter, please let me know, and I
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #3 on: October 11, 2004, 07:52:43 PM »

Ok first download CW Shredder but do not run it yet

Run hijack this and place a check beside the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\se\v11\se.DLL
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKCU\..\Run: [\IEService.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ComcastHSI - {2AEF61DA-F1BA-423B-B6C8-4AA65BA8D1DF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {9E2806F6-BF74-441B-B257-65B4676F2FB3} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {ED2902B7-B66A-4ACA-A18C-9396CA501E47} - http://www.comcastsupport.com (file missing) (HKCU)
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

Make sure all browsers are closed and click fix

Boot to safe mode making sure you can see hidden files and folders:


How To Boot Into SafeMode

How To Show Hidden Files And Folders

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.

delete the following:If they exist

"C:\Program Files\se\v11\se.EXE" /H
 C:\WINDOWS\web
 C:\PROGRA~1\Toolbar
 C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1
 msblast.exe<you will have to search for this one

While in safe mode run CWShredder

Close all browser windows, open cwshredder.exe then click "Fix" and let it run.

Reboot your computer but do not open a browser yet

Go to start>settings>control panel>internet options
Under the general tab
click>delete cookies>say ok
click>delete files>check delete offline content>say ok twice
Under the programs tab
click>reset web settings

Run hijack this and post a new log















Logged

John Vickers
springcleanme
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #4 on: October 12, 2004, 02:00:22 PM »

Hello and wow!

Actually, even from your first recommended steps, I have no longer been getting the ads[12].revenue.net pop-ups any longer!  :-)  I have only had about 30 minutes of real-time "testing," but it used to start happening within 10 minutes of coming out of Standby mode and being Internet connected.

QUESTION:
Should I proceed with the second set of steps you recommended NOW, or wait and see if the problem comes back again?

Many Many Thanks for your assistance on this.  BTW, I am now using the Mozilla Firefox browser on recommendation from a trusted source.  The suggestion is to avoid 3rd party extensions for better stability.

RECOMMENDATION?
Firefox is working well for me presently, but I've only been using it a few days now -- do you have any comments on Firefox to share with the general public?
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #5 on: October 12, 2004, 02:03:25 PM »

Definitely continue with the instructions.There is still
things on your computer that need cleaning up.
Logged

John Vickers
springcleanme
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #6 on: October 19, 2004, 02:46:29 PM »

I've completed the items suggested.  Searches for msblast did not locate any files so named.  Here is my HijackThis log now:

==
Logfile of HijackThis v1.98.2
Scan saved at 7:25:14 AM, on 10/19/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Progra~1\SymNavNT\defwatch.exe
D:\Progra~1\SymNavNT\rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\DOCUME~1\dehwei\LOCALS~1\Temp\vpn5000service.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Progra~1\SymNavNT\vptray.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
C:\My Upload Files\Original Media 'n Notes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [rmsystem] rmsys.exe
O4 - HKLM\..\Run: [vptray] D:\Progra~1\SymNavNT\vptray.exe
O4 - HKLM\..\Run: [WG511WLU] d:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [STOPzilla] "c:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\RunServices: [rmsystem] rmsys.exe
O4 - HKCU\..\Run: [Yahoo! Pager] d:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WLAN Monitor & Configuration.lnk = D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

==
Many Thanks again for your assistance on this. BTW, I am using the Mozilla Firefox browser and staying away from 3rd party extensions.

RECOMMENDATION?
Firefox seems to work fine -- do you have any comments on Firefox to share with the general public?
Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #7 on: October 19, 2004, 03:05:23 PM »

Have hijack this fix these two items and you should be good but post back with a new log just to make sure we got everything

O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
Logged

John Vickers
springcleanme
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #8 on: October 19, 2004, 03:32:05 PM »

Here is the new HijackThis log.  Thanks ever so much!  :-)

Logfile of HijackThis v1.98.2
Scan saved at 8:15:42 AM, on 10/19/2004
Platform: Windows 2000  (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Progra~1\SymNavNT\defwatch.exe
D:\Progra~1\SymNavNT\rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\DOCUME~1\dehwei\LOCALS~1\Temp\vpn5000service.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Progra~1\SymNavNT\vptray.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
C:\PROGRA~1\WINDOW~4\ACCESS~1\WORDPAD.EXE
D:\Program Files\Vnc\vncviewer.exe
C:\My Upload Files\Original Media 'n Notes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [rmsystem] rmsys.exe
O4 - HKLM\..\Run: [vptray] D:\Progra~1\SymNavNT\vptray.exe
O4 - HKLM\..\Run: [WG511WLU] d:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [STOPzilla] "c:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\RunServices: [rmsystem] rmsys.exe
O4 - HKCU\..\Run: [Yahoo! Pager] d:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WLAN Monitor & Configuration.lnk = D:\Program Files\SMC\SMC 802.11b WLAN Utility\WlanMonitor.exe
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #9 on: October 19, 2004, 03:39:12 PM »

your log looks clean
Logged

John Vickers
springcleanme
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 6


Bookmark and Share

View Profile
« Reply #10 on: October 20, 2004, 05:48:22 PM »

Thanks, you're the best!

:-)
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 30, 2018, 07:53:59 AM