leotech81
asked on
how do I remove ads234?
I downloaded hijack this because I heard it is the only way to delete the ads234 spyware. I received my log file but do not know what to check or what to do next. I appreciate any help you can give me. Here is my log, thank you.
Logfile of HijackThis v1.98.2
Scan saved at 9:27:34 AM, on 10/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\SYMANT~1\SYMAN T~1\DefWat ch.exe
C:\WINDOWS\system32\HPConf ig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.ex e
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMAN T~1\Rtvsca n.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTou ch.EXE
C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
C:\Program Files\support.com\bin\tgcm d.exe
C:\WINDOWS\system32\pcs\pc svc.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\QuickTime\qttask.exe
C:\docume~1\admini~1.rem\l ocals~1\te mp\r6HZH.e xe
C:\documents and settings\administrator.rem ingto-ytd1 yt\local settings\temp\5u3w.exe
C:\documents and settings\administrator.rem ingto-ytd1 yt\local settings\temp\UFN.exe
C:\WINDOWS\System32\CEWMDM 19.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\April0604_loader.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscrip t.exe
C:\WINDOWS\System32\Hdpl1C 4B.exe
C:\WINDOWS\System32\Dtxzoh Nx.exe
C:\Program Files\support.com\TWC\Medi c.exe
C:\Documents and Settings\utalbot\Desktop\H ijackThis. exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\WINDOWS\System32 \SearchBar .htm
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = 10.47.0.13:8080
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-7 20FAF53D84 1} - C:\Documents and Settings\Administrator.REM INGTO-YTD1 YT\Local Settings\Temp\HOy.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTou ch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcm d.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pc svc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\Gam eChannel.e xe
O4 - HKLM\..\Run: [r6HZH] C:\docume~1\admini~1.rem\l ocals~1\te mp\r6HZH.e xe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [27FRPN92L66E23] C:\WINDOWS\System32\IpuFmd .exe
O4 - HKLM\..\Run: [5u3w] C:\documents and settings\administrator.rem ingto-ytd1 yt\local settings\temp\5u3w.exe
O4 - HKLM\..\Run: [UFN] C:\documents and settings\administrator.rem ingto-ytd1 yt\local settings\temp\UFN.exe
O4 - HKLM\..\Run: [7f88a83b0be5] C:\WINDOWS\System32\CEWMDM 19.exe
O4 - HKLM\..\Run: [tFEO3mS] iexeter.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\April0604_loader.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\Sys tem\Temp\c ouponsando ffers_scri pt0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.ca b
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.ca b
O16 - DPF: {09C6CAC0-936E-40A0-BC26-7 07480103DC 3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {2359626E-7524-4F87-B04E-2 2CD38A0C88 C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0 010DC2A624 3} (SecureLogin.SecureControl ) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0 0105A1F0D6 8} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {FF65677A-8977-48CA-916A-D FF81B037DF 3} - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = pinellas.local
O17 - HKLM\Software\..\Telephony : DomainName = pinellas.local
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = pinellas.local
O17 - HKLM\System\CS2\Services\T cpip\Param eters: Domain = pinellas.local
Logfile of HijackThis v1.98.2
Scan saved at 9:27:34 AM, on 10/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\SYMANT~1\SYMAN
C:\WINDOWS\system32\HPConf
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.ex
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMAN
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTou
C:\Program Files\Synaptics\SynTP\SynT
C:\Program Files\Synaptics\SynTP\SynT
C:\PROGRA~1\SYMANT~1\SYMAN
C:\Program Files\support.com\bin\tgcm
C:\WINDOWS\system32\pcs\pc
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\QuickTime\qttask.exe
C:\docume~1\admini~1.rem\l
C:\documents and settings\administrator.rem
C:\documents and settings\administrator.rem
C:\WINDOWS\System32\CEWMDM
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\April0604_loader.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscrip
C:\WINDOWS\System32\Hdpl1C
C:\WINDOWS\System32\Dtxzoh
C:\Program Files\support.com\TWC\Medi
C:\Documents and Settings\utalbot\Desktop\H
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTou
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcm
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pc
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\Gam
O4 - HKLM\..\Run: [r6HZH] C:\docume~1\admini~1.rem\l
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [27FRPN92L66E23] C:\WINDOWS\System32\IpuFmd
O4 - HKLM\..\Run: [5u3w] C:\documents and settings\administrator.rem
O4 - HKLM\..\Run: [UFN] C:\documents and settings\administrator.rem
O4 - HKLM\..\Run: [7f88a83b0be5] C:\WINDOWS\System32\CEWMDM
O4 - HKLM\..\Run: [tFEO3mS] iexeter.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\April0604_loader.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\Sys
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.ca
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.ca
O16 - DPF: {09C6CAC0-936E-40A0-BC26-7
O16 - DPF: {2359626E-7524-4F87-B04E-2
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0
O16 - DPF: {90C9629E-CD32-11D3-BBFB-0
O16 - DPF: {FF65677A-8977-48CA-916A-D
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and from next time before posting the LOG file here,,,, have it analysed it here >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for uand will tell u that what are SAFE and NASTY entries present in the LOG !!
CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
and it will automatically analyse it for uand will tell u that what are SAFE and NASTY entries present in the LOG !!
CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
leotech81, i read ur feedback which u left in my pofile....... glad that i cud help u to solve the problem :)
and now as the problem is solved for u, u have to do a little work, u have to close this question :)
and to close, u can see the ACCEPT button infront of each comment u got, hit the button infront of that comment which Solved ur problem and the assign a grade,,, that's all !! =)
for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
Thanx & Cheers ^_^
and now as the problem is solved for u, u have to do a little work, u have to close this question :)
and to close, u can see the ACCEPT button infront of each comment u got, hit the button infront of that comment which Solved ur problem and the assign a grade,,, that's all !! =)
for more info. on how to close a Question, plzz refer here >> https://www.experts-exchange.com/help.jsp#hs5
Thanx & Cheers ^_^
take a look at https://www.experts-exchange.com/questions/21072725/Cannot-remove-ads234-com-midADdle-from-computer.html
It has been talked about already
Cheers!