Free Weekly Tech Newsletter

nokiafan05 · 01-31-2007, 09:21 PM

I'm getting ad.adserverplus.com and they wont go away and it's anoying.. I ran a hijack this and This is the log is gave me.

Logfile of HijackThis v1.99.1
Scan saved at 10:16:36 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Airlink101\AWLH3026\WLService.exe
C:\Program Files\Airlink101\AWLH3026\WLanCfgG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS.0\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Curbidlecasthide] C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Toolfirstcurbidle\BoobBlue.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [HyperYM] C:\Program Files\HyperYM\HyperYM.exe -min
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [PingIdol] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCMPE~1\MemoPeak.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jrviolette2.spaces.live.com//...d/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Airlink101 802.11g WLService (Airlink101 802.11g Wireless WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH3026\WLService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS.0\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

***glc*** · 02-01-2007, 08:03 AM

This is not the correct forum for HijackThis logs. Please look in the Security forum and read the sticky thread before posting a log. I'm going to close this thread, when you have done the prerequisites you may repost in there if you still need assistance. Thank you.

01-31-2007, 09:21 PM	#1
nokiafan05 Member (8 bit) Join Date: Mar 2005 Location: Kanata,Ontario Posts: 205	Can't Get rid of ad.adserverplus.com I'm getting ad.adserverplus.com and they wont go away and it's anoying.. I ran a hijack this and This is the log is gave me. Logfile of HijackThis v1.99.1 Scan saved at 10:16:36 PM, on 1/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS.0\system32\Ati2evxx.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Airlink101\AWLH3026\WLService.exe C:\Program Files\Airlink101\AWLH3026\WLanCfgG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS.0\System32\GEARSec.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\RTHDCPL.EXE C:\WINDOWS.0\system32\VTTimer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS.0\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\DesktopEarth\DesktopEarth.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS.0\system32\rundll32.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\system32\wuauclt.exe C:\WINDOWS.0\system32\taskmgr.exe C:\WINDOWS.0\system32\notepad.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Curbidlecasthide] C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Toolfirstcurbidle\BoobBlue.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [HyperYM] C:\Program Files\HyperYM\HyperYM.exe -min O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe O4 - HKCU\..\Run: [PingIdol] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCMPE~1\MemoPeak.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BlueSoleil.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jrviolette2.spaces.live.com//...d/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Airlink101 802.11g WLService (Airlink101 802.11g Wireless WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH3026\WLService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS.0\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) Share Share this post on Digg Del.icio.us Technorati Twitter

02-01-2007, 08:03 AM	#2
*glc* Forum Administrator Staff Premium Member Join Date: May 2000 Location: Joplin MO Posts: 37,771	This is not the correct forum for HijackThis logs. Please look in the Security forum and read the sticky thread before posting a log. I'm going to close this thread, when you have done the prerequisites you may repost in there if you still need assistance. Thank you. Share Share this post on Digg Del.icio.us Technorati Twitter

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Cant get rid of hooowah spyware, please help!	bigronstud266	Networking & Online Security	3	02-19-2006 06:23 PM
How you you get rid of a Adware.coupon file	thomsign	Networking & Online Security	16	09-26-2005 04:43 PM
'Search Now' toolbar in Ie - Get rid of..?!	CardUK	Internet, Web Applications, & The Cloud	3	01-09-2003 04:52 PM
Cant get rid of Windows Mesenger Icon	Edave	Windows Legacy Support (XP and earlier)	10	12-16-2002 04:44 PM
How to get rid of middle frame in explorer on win2k?	buildingit	Windows Legacy Support (XP and earlier)	3	09-03-2002 07:05 PM

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter

Subscribe to THE INSIDER

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter