|
|
|
Need to remove "Ad Serv" interstitial
Showing all messages in thread #1083525927
Windows XP Annoyances Discussion Forum
The following are all of the messages in this thread (12 in all), shown in chronological order. Click any message subject to view that message by itself or to view the thread hierarchy.
|
Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 12:25 pm
Posted by Jonathan
(4 messages posted)
How do I rid my registry of the intrusive pop-up that I can only identify as "Ad
Serv" (in the task bar) and runs when I have Explorer open. It hides from Spy-Bot
and Ad-Aware6. I can't find anything obviously "bad" in the registry and don't want
to start deleting files I cannot confirm are "good."
[Reply or follow-up to this message]
| |
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 12:47 pm
Posted by triplate
(20738 messages posted)
Start in your Temp Files..then go to Add/Remove...then run SpyBotS&D ..updated...That
thing lists as ***180 or something similar...
On Sunday, May 2, 2004 at 12:25 pm, Jonathan wrote:
>How do I rid my registry of the intrusive pop-up that I can only identify as "Ad
>Serv" (in the task bar) and runs when I have Explorer open. It hides from Spy-Bot
>and Ad-Aware6. I can't find anything obviously "bad" in the registry and don't
want
>to start deleting files I cannot confirm are "good."
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 12:48 pm
Posted by Matti
(27 messages posted)
Hello ,
Go to your services and shut your messenger prog down to close the port which
windows allow server to send you annoying pop up prog
."
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 12:49 pm
Posted by triplate
(20738 messages posted)
Do a search for IstBar also...
On Sunday, May 2, 2004 at 12:25 pm, Jonathan wrote:
>How do I rid my registry of the intrusive pop-up that I can only identify as "Ad
>Serv" (in the task bar) and runs when I have Explorer open. It hides from Spy-Bot
>and Ad-Aware6. I can't find anything obviously "bad" in the registry and don't
want
>to start deleting files I cannot confirm are "good."
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 12:52 pm
Posted by mojo7819
(5744 messages posted)
In addition to AdAware, try the following. You mentioned "Spybot", but there are
several programs with names similar to Spybot Search ad Destroy that are actually
spyware themselves. Make sure you have the real thing.
Also, you MUST disable system restore before running these.
Download, install, UPDATE, and run:
Spybot Search & Destroy
SpywareGuard
Spyware Blaster
(Make sure to use the update feature of these programs often.)
Download UPDATE and run:
CWShredder
It is important to run ALL of these programs, as each do something different.
Before running these, do the following:
Delete temp internet files and history.
Disable system Restore.
When finished,
Turn system Restore back on.
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 2:42 pm
Posted by Kenneth
(57 messages posted)
Fixed yet?
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 3:06 pm
Posted by Jonathan
(4 messages posted)
Not yet.
On Sunday, May 2, 2004 at 2:42 pm, kenneth wrote:
>Fixed yet?
>
>
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 3:27 pm
Posted by Kenneth
(57 messages posted)
Download
HjackThis
Scan
Save Log
Post log to your message
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Sunday, May 2, 2004 at 4:30 pm
Posted by Adam Bradley
(7795 messages posted)
Just what does shutting down the program do about the open port?
This isn't the problem anyway
Regards, Adam Bradley
On Sunday, May 2, 2004 at 12:48 pm, Matti wrote:
>
>
>Hello ,
> Go to your services and shut your messenger prog down to close the port which
>windows allow server to send you annoying pop up prog
>."
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Monday, May 3, 2004 at 5:19 am
Posted by Jonathan
(4 messages posted)
Here's the log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan Foster\Local Settings\Temp\Temporary Directory
1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet
Explorer provided by Comcast High-Speed Internet
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
- C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft
Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {821DACB5-A2A9-482A-BA47-DCA9A60F4C11} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf
2000\qshelf2k.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: PD (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class)
- http://client.maven.net/client/mavenInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07607899beff06d29004/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8B14EB05F9A7} - http://www.directxtras.com/speaksforitself/download/mstts_mary.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup
Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforitself/download/ms_sapi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4BC3B10-F024-4EF7-A62C-A298A11B51B5} - http://www.directxtras.com/speaksforitself/download/mstts_mike.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
On Sunday, May 2, 2004 at 3:27 pm, kenneth wrote:
>
>Download
>HjackThis
>Scan
>Save Log
>Post log to your message
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Monday, May 3, 2004 at 9:58 pm
Posted by Jonathan
(4 messages posted)
I solved the problem. After scanning with Hijackthis, I poked around and found something
suspect in my Windows folder:
C:\WINDOWS\system32\pcs\pcsvc.exe
This is a product from "The Delfin Project" that boasts to ISPs that it "provides
advertisers targeted access to millions of consumers daily through its patented “TV-like”
latent time Internet broadcast network."
I deleted it by shutting down the pcs.dll file in Windows Task Manager/Processes,
then deleted the pcs folder, then ran a regedit and deleted it from HKEY_CURRENT_USER/SOFTWARE
and HKEY_LOCAL_MACHINE/SOFTWARE.
Thanks to all that helped me sleuth this one out.
On Sunday, May 2, 2004 at 12:25 pm, Jonathan wrote:
>How do I rid my registry of the intrusive pop-up that I can only identify as "Ad
>Serv" (in the task bar) and runs when I have Explorer open. It hides from Spy-Bot
>and Ad-Aware6. I can't find anything obviously "bad" in the registry and don't
want
>to start deleting files I cannot confirm are "good."
[Reply or follow-up to this message]
|
re: Need to remove "Ad Serv" interstitial
Wednesday, May 19, 2004 at 10:51 am
Posted by peterb
(1 messages posted)
Im so glad you figured this out as I have the same thing. I was to the point of
simply buying a new computer as spybot s/d could not find it.. nor could I. My question
is this, how did it get there in the first place? It seemed to arrive at the same
time a bunch of others started poping up (was able to find and kill them quickly)
as well as a few toolbars (also dead now). Was it freeware software, aol or some
forced entry onto our systems.... ANYBODY reply will be apppreciated.
[Reply or follow-up to this message]
| |
Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread
| |
Return to the Windows XP Discussion Forum
|
|
|
|
