Jump to content


Photo

ad serve? help!!


  • Please log in to reply
2 replies to this topic

#1 spencersa

spencersa

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 15 June 2004 - 11:37 PM

ok well there is this stupid program that comes up in the bar at the bottem and it says ad serve - microsoft internet explorer. what is it and how do i get rid of it?!?!?!

here is my hijack this log let me know if u find any thin els wrong i think i fixed most of it but i cant figure what ad serve is?

Logfile of HijackThis v1.97.7
Scan saved at 9:33:30 PM, on 6/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\mirc.exe
C:\WINDOWS\System32\mirc.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\chhfsroq.exe
D:\valve\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ScanPanel\ScnPanel.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Yly4.exe
C:\WINDOWS\System32\Xpgg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Spencer\Desktop\my programs\download files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ircspy.com
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [mIRC] mirc.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [qpcjkks] C:\WINDOWS\System32\chhfsroq.exe
O4 - HKLM\..\Run: [3@JLGKM3W5#LFK] C:\WINDOWS\System32\LsxI52.exe
O4 - HKLM\..\RunServices: [mIRC] mirc.exe
O4 - HKCU\..\Run: [Steam] "d:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [SpySweeper_BT01] "C:\Program Files\Webroot\Spy Sweeper\Bt01.exe" /SpySweeper_BT01
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8139.9033101852
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

thank you

#2 spencersa

spencersa

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 15 June 2004 - 11:44 PM

another prob is that it makes alot alot alot alot alot alot of popups!! help!!!

#3 jojov007

jojov007

    Member

  • New Member
  • Pip
  • 1 posts

Posted 16 June 2004 - 01:42 PM

spencersa,

I've attacked this same problem with success. The fix is a little surprising.

You need to go to AdServ's website and hunt around a little for the opt-out cookie that they provide. It's well hidden. If I recall correctly it might have been somewhere in their "about us" area or "policy" statement. If a search tool is on their site, use it. After some hunting, you WILL find it.

The trick is KEEPING that cookie. Every time you clean your cookie folder it'll be wiped out and you'll be vulnerable to the mass number of clients that use their service.

Here's what I did:

I cleaned out my cookie folder entirely.
I then downloaded the opt-out cookie.
Next, I created a folder called "Opt Out Cookies"
Of course, I then copied that cookie to this new folder for future use.

Being forgetful, I decided to add a little automation to keep that cookie there in case I eventually emptied the cookie folder.

I wrote a little batch file that essentially copies "...\opt out cookies\*.txt" to "...\cookies\"

Then I put a shortcut to that batch file in my startup folder.

Now, on every login or reboot my cookie folder gets erased (added a line to delete "...\cookies\*.txt" and then all of my opt out cookies get copied into the cookie folder. And YES, this implies that some other web advertisers have opt-out cookies as well.

NOTE: If you have cookies that you MUST keep, you may wish to skip the deletion of all cookies in your batch file.

After all that, make certain you clean up your machine with SpyBot and AdAware. You may want to modify your HOSTS file to block certain domains as well.

Good Luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button