Jump to content


Photo

Problems with adsrve links/pop-ups in IE


  • Please log in to reply
1 reply to this topic

#1 dabraham

dabraham

    Member

  • New Member
  • Pip
  • 2 posts

Posted 13 July 2004 - 04:18 AM

Hello!

Despite running cwshredder, ad-aware, and Spybot, I keep getting links to adsrve pages peppering my results in Google, various pages in Hotmail and a few other web pages too. Not to mention all of the pop-up ads that keep appearing.

Here's my HiJackThis log:

-----------------
Logfile of HijackThis v1.98.0
Scan saved at 10:20:05, on 13/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Navnt\DefWatch.exe
C:\PCDCE32\bin\dce_service.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\PCDCE32\bin\dce_update.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\WINNT\System32\nslsvice.exe
C:\Program Files\Navnt\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NWTRAY.EXE
C:\PROGRA~1\Navnt\vptray.exe
C:\winnt\temp\Mgmd.exe
C:\WINNT\system32\IEHost.exe
C:\PROGRA~1\NETSWI~1\NETSWT~1.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Documents and Settings\user\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://159.167.60.140/Home/index.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://set-proxy.ac....bin/setup.proxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.136.5.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 159.167*
;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Dsetext] C:\WINNT\dsetext.wsf
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [Mgmd.exe] C:\winnt\temp\Mgmd.exe
O4 - HKLM\..\Run: [Bakra] C:\WINNT\system32\IEHost.exe
O4 - HKCU\..\Run: [NetSwitcher Tray Application] C:\PROGRA~1\NETSWI~1\NETSWT~1.EXE
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Run WinVNC (App Mode).lnk = C:\Program Files\ORL\VNC\WinVNC.exe
O4 - Global Startup: SCAN2.BAT
O4 - Global Startup: DELKEY.BAT
O4 - Global Startup: Wincrypt Update Client.lnk = C:\Program Files\Wincrypt\UNWISE.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O15 - Trusted Zone: *.ac.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35ABDB8-8632-4C3D-A998-7AC528489D98}: NameServer = 159.167.61.17,159.167.65.35,159.167.60.229
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ncl.local,accenture.com,ac.com,directory.services.ac.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ncl.local,accenture.com,ac.com,directory.services.ac.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ncl.local,accenture.com,ac.com,directory.services.ac.com
---------------
Hope somebody can help me! Cheers!

#2 dabraham

dabraham

    Member

  • New Member
  • Pip
  • 2 posts

Posted 13 July 2004 - 09:02 AM

Would it be IEHost.exe that's the problem? I just removed it from Running Processes and deleted the file itself, and no problems so far (mind you, that was only ten minutes ago, popups could still crop up. . .)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button