Results 1 to 2 of 2
  1. #1
    crush
    Guest

    Default netspry / ads234.com woes

    Hello all,

    Having incredible troubles with netspry / ads234 on my computer. Followed your instructions to the letter so far. Ran CWShredder and Adaware. Ran two sets of virus checks. Reboot the computer, and so on. I consider myself knowledgeable when it comes to computers, but this one has me stumped. Attached is my HiJack log file. Thank you in advance for the help.

    Mike

    Logfile of HijackThis v1.98.2
    Scan saved at 10:01:06 AM, on 9/9/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\documents and settings\gayle\local settings\temp\AoXCWi2s.exe
    C:\documents and settings\gayle\local settings\temp\AoXCWi2s.exe
    C:\documents and settings\michael\local settings\temp\TYHYqC.exe
    C:\WINDOWS\system32\atii3.exe
    C:\PROGRA~1\Web Offer\wo.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\win32app\ingr\ipshare\clntutil\bin\pidrpcs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\VetMsgNT.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Documents and Settings\Michael\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Gayle\Local Settings\Temp\nfM1oOcO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinUpdatek] C:\myvideo.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AoXCWi2s.exe] C:\documents and settings\gayle\local settings\temp\AoXCWi2s.exe
    O4 - HKLM\..\Run: [rLyu.exe] C:\documents and settings\gayle\local settings\temp\rLyu.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\system32\dp-him.exe
    O4 - HKLM\..\Run: [AoXCWi2s] C:\documents and settings\gayle\local settings\temp\AoXCWi2s.exe
    O4 - HKLM\..\Run: [rLyu] C:\documents and settings\gayle\local settings\temp\rLyu.exe
    O4 - HKLM\..\Run: [TYHYqC.exe] C:\documents and settings\michael\local settings\temp\TYHYqC.exe
    O4 - HKLM\..\Run: [TYHYqC] C:\documents and settings\michael\local settings\temp\TYHYqC.exe
    O4 - HKLM\..\Run: [7qsi3FR] atii3.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O9 - Extra button: Corel Network monitor worker - {97E78989-1E16-4738-83FC-099BD0A5E017} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {97E78989-1E16-4738-83FC-099BD0A5E017} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Corel Network monitor worker - {97E78989-1E16-4738-83FC-099BD0A5E017} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {97E78989-1E16-4738-83FC-099BD0A5E017} - (no file) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093572700609
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} (SAXFileEE FileDownload ActiveX Control) - http://appsnet.bentley.com/downloads/SAXFileEE.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
    [b]
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Gayle\Local Settings\Temp\nfM1oOcO.dll

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinUpdatek] C:\myvideo.exe

    O4 - HKLM\..\Run: [AoXCWi2s.exe] C:\documents and settings\gayle\local settings\temp\AoXCWi2s.exe
    O4 - HKLM\..\Run: [rLyu.exe] C:\documents and settings\gayle\local settings\temp\rLyu.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\system32\dp-him.exe
    O4 - HKLM\..\Run: [AoXCWi2s] C:\documents and settings\gayle\local settings\temp\AoXCWi2s.exe
    O4 - HKLM\..\Run: [rLyu] C:\documents and settings\gayle\local settings\temp\rLyu.exe
    O4 - HKLM\..\Run: [TYHYqC.exe] C:\documents and settings\michael\local settings\temp\TYHYqC.exe
    O4 - HKLM\..\Run: [TYHYqC] C:\documents and settings\michael\local settings\temp\TYHYqC.exe
    O4 - HKLM\..\Run: [7qsi3FR] atii3.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

    Then reboot into >>>safe mode<<< Click Here for instructions find and delete :-

    C:\myvideo.exe ... file

    C:\WINDOWS\system32\atii3.exe ... file

    C:\Program Files\Web Offer ... folder

    .....The entire contents of the C:\documents and settings\gayle\local settings\temp folder ( Do NOT delete the folder itself)

    .....The entire contents of the C:\documents and settings\michael\local settings\temp folder ( Do NOT delete the folder itself)

    PLEASE NOTE The local settings folder is a hidden folder.....Click here >>> How to Show Hidden/System Files <<<


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -