ads234.com

Discussion in 'OT Technology' started by ryanbum, Aug 8, 2004.

  1. ryanbum

    ryanbum Its the one that says Bad Mother Fucker on it

    Joined:
    Apr 2, 2004
    Messages:
    1,473
    Likes Received:
    0
    Location:
    Houston
    What the fuck is this? Everytime I open IE and go to an address it shows that it routes through ads234.com. It is pissing me off. I have run Adaware and spybot and it didn't pull it off.

    Somebody help please!
     
  2. wyrmblight

    wyrmblight Tá m'árthach foluaineach lán d'eascanna OT Supporter

    Joined:
    Oct 7, 2003
    Messages:
    350
    Likes Received:
    0
    Location:
    Mag Mell
    download hijackthis program. And look through there. That will help when the two you mentioned can't sometimes. If you need help looking through the file, just save it and post it.
     
  3. ryanbum

    ryanbum Its the one that says Bad Mother Fucker on it

    Joined:
    Apr 2, 2004
    Messages:
    1,473
    Likes Received:
    0
    Location:
    Houston
    Ok here is the log file. Anyone have any suggestions?

    Logfile of HijackThis v1.97.7
    Scan saved at 10:23:25 PM, on 8/8/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\BESTBU~1\WMPImporter.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\documents and settings\ryan\local settings\temp\2bm.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\documents and settings\ryan\local settings\temp\n.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ryan\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {43DF16FD-D9ED-4c9e-B14A-F3236A12C649} - C:\Program Files\Best Buy MusicNow\IEProxyHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Ryan\Local Settings\Temp\l.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [FullAudio] "C:\PROGRA~1\BESTBU~1\WMPImporter.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [\\ALEX1\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P27 "\\ALEX1\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on ALEX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P32 "Auto EPSON Stylus CX5400 on ALEX" /O15 "\\ALEX\EPSONSty" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [\\ALEX\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P26 "\\ALEX\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [2bm] C:\documents and settings\ryan\local settings\temp\2bm.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AutoLoader4w7s1WblJaLZ] "C:\WINDOWS\System32\dgsagent.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [43oQ3qe] icwsh.exe
    O4 - HKLM\..\Run: [n] C:\documents and settings\ryan\local settings\temp\n.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/bestbuy_none/3.0.0.55/setup.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37970.8228703704
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
     
  4. Slid.

    Slid. I'm a guy.

    Joined:
    Oct 25, 2001
    Messages:
    1,928
    Likes Received:
    0
    Location:
    NH
    Well, a few things

    Delete these files:
    C:\documents and settings\ryan\local settings\temp\n.exe
    C:\documents and settings\ryan\local settings\temp\2bm.exe
    C:\WINDOWS\System32\gearsec.exe

    Delete this from registry:
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Ryan\Local Settings\Temp\l.dll

    And these:
    O4 - HKLM\..\Run: [43oQ3qe] icwsh.exe
    O4 - HKLM\..\Run: [n] C:\documents and settings\ryan\local settings\temp\n.exe
    O4 - HKLM\..\Run: [2bm] C:\documents and settings\ryan\local settings\temp\2bm.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
     
  5. ryanbum

    ryanbum Its the one that says Bad Mother Fucker on it

    Joined:
    Apr 2, 2004
    Messages:
    1,473
    Likes Received:
    0
    Location:
    Houston
    I fixed it by doing add/remove of "midaddle" program with my network card disabled. Seems to have fixed the problem
     
  6. njmuscle

    njmuscle Original Gangsta!

    Joined:
    Mar 21, 2001
    Messages:
    3,854
    Likes Received:
    0
    Location:
    Jersey
    I had the same problem! :o
     

Share This Page