Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    2
    Points
    0

    Default Another Intelliton topic... help? please? :/

    I have read over the topic http://www.help2go.com/component/opt...r,asc/start,0/
    over and over and was going to follow it to a T til I realized that the stuff he needed HJT to fix wasnt listed for me.

    I have downloaded the programs:
    HJT, CCleaner, ewido, Smitfraudfix, KILLBOX, Spybot:S&D, and Spywareblaster.

    I also have went through and manually deleted anything and everything that had "intelliton" on it in my PC... mostly cookies. Then I went in and redid my IE cookie setting to prompt for every cookie and to accept session cookies.

    I would use Firefox 100% of the time if I could rip out IE from AOL.

    The program, "C:\Documents and Settings\pent\Desktop\KillAOLAds.exe" is a program that I have found that kills the ads in AOL chatrooms so they dont steal my cursor focus, since nothing else I have done will work.... I have used the program for months.

    I found no SRSS~1.EXE file anywhere in my PC (see thread link above)... the ONLY CSRSS.EXEs that I have are all in windows\system folders.

    In the past 10min or so I have had no pop-ups, and this was after deleting cookies and rebooting AOL and shutting down my modem, so ::crosses fingers:: maybe it is fixed... and if not...

    HJT log follows.

    ========================================
    Logfile of HijackThis v1.99.1
    Scan saved at 3:26:39 AM, on 7/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Windows Media Connect 2\WMCCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\Documents and Settings\pent\Desktop\KillAOLAds.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tulsa.cox.net/cci/home
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program

    Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

    Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"

    /StartQuiet
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsu...b?114691702806

    2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2206729-3397-43E9-87FA-81C245DA7FC4}: NameServer =

    205.188.146.145
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

    C:\WINDOWS\wanmpsvc.exe
    ============================================

    Help if you can, thanks!
    Pent

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    First... IE is integrated into XP ... you can't remove it ... and there are also times when you need it ... windows updates etc,

    Your hijackthis log is clean

    Looks like whatever you did got rid of them...

    I haven't been able to pin down the source of these pop-ups, but running a combination of removal programs (as you did) appears to resolve the problem.

    let us know if the pop-ups return ... or post back in a day or so and let us know if it is resolved ... we'd appreciate it :wink:

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Jul 2006
    Posts
    2
    Points
    0

    Default

    So far, so good.

    Pop-ups have not returned.

    On a side note, what does the Smitfraud file do?

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Thanks for letting us know...

    Quote Originally Posted by Pentupanger

    On a side note, what does the Smitfraud file do?
    If you mean Smitfraudfix ?

    Smitfraud in a name given to a number of desktop hijackers ... the Smitfraudfix removes the files associated with these hijacks and returns the desktop back to the user.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -