A little help for the guy, if you please...

Hi I was wondering if I could have a bit of advice, I am at my wits end here. I honestly feel I have exhausted allow there options short of screaming

I have add pop ups mainly served from cdn.clickagents.com, and their host of shadey cronies and it is driving me crazy attempting to remove them.

I have updated versions of CWSHredder, Spybot S&D, Ad Aware, and in an effort to be really thorough I ran stinger.

I have run HijackThis, followed the tutorial to ensure proper removal of all questionable entries and still have these adds popping up at me. Now some of the items were not found as I looked through the lists made available by following the provided links, that may well be part of the issue I am just not sure.

At any rate specifically speaking the way my network admin has things set up Explorer gets it's LAN settings automatically so we can not muck around with it at least in theory.

When I run Ad-Aware 6.0 I am shown that my PC (Windows 2000 service pack 4, P4) has a specific bit of adware on it (Marketscore Newsletter) , and I can remove this of course. Here is the kicker, when I do I lose my auto configuration settings and can no longer hit the internet. I am of course able to go out too our company intranet, but hey nothing fun there

It kind of confused me, since this is a registry thing, and so is the adware that I removed I assumed the two were related. Restoring the data that had been quarantined I was able to access the internet again.

/sigh

Any advice is greatly appreciated! I am not sure if the Marketscore thing is related to the remaining pop ups I can not rid myself of, or if it is a separate issue but I am sufficiently at my wits end

 

Thanks for the reply Chas, the topic should actually have said "A little help for new the guy, if you please...", I must have spaced a bit when I made the post.

I have been attempting to follow the manual steps on the Pest Patrol site and I am not having any luck finding anything. here is where I am at:

1. NSCheck /uninstall When I tried to issue this command it tells me :

'NSCheck' is not recognized as an internal or external command,
operable program or batch file.

So I tried to CD to NSCheck in case that is what they wanted me to do and it is not a valid path.

2. Moving on I went to kill the following processes:

ossproxy.exe
systemroot+\system\nscheck.exe

Neither is apparent in Task Manager.

3. I went to use RegEdit to check for:
HKEY_USERS\default\software\microsoft\windows\currentversion\run\nscheck

However this did not appear to exist.

I just wanted to touch base with you again to make sure none of this is user error on my part, and to see if you had any thoughts at this stage. I left one of the pop ups on my screen, just as a point of interest right clicking on it reveals:
http://images.ppmdating.com/CreativeImages/Image_CID171_IMG5.gif
Another window that came up, as I tried bringing up another explorer window to go to Google another pop up was served up from:
http://www.yourfreedvds.com/creatives/popunders/img/gas_bush.gif

To give you a sample of a number of the pop ups I attempted to lad another one, this one was a window that I could not pull up properties on and so I followed the link to these guys:
http://66.98.242.85/sunshine/land1/701.htm

Anyhow just wanted to touch base with you again, and make sure we are on the right track and see if you had any thoughts. Your help is greatly appreciated.

 

Okay I went through that earlier, and feel fairly confident I did exactly as instructed in all areas. There were two entries in my HijackThis log not covered in the resources available as I mentioned above, but other than that I am fairly sure I did as instructed in all cases.

Thanks again for taking the time to lend a hand You are a good 'fella.

 

Okay, next time I will shut down explorer, I tend to have multiple sessions open at all times for work

I have no idea what yevaxan.exe is related to, I tried searching the net for it and found no mention of it anywhere. That was one of the issues I could not find an answer for in the related material.

I have attached two JPG's that detail the results of looking at the version information on yevaxan, sadly nothing of use was returned. The same holds true for ldwd.

The listing O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file) I attempted to remove yesterday using Hijack This after reading the tutorial here and it remained in the list. So I did it again, fixed it, and scanned again. It simply will not 'go away'. I was thinking it might be a false positive?

 

First, sorry it took me so long to get back to you. While I was working on the mess the other night, I wound up with the same issue as before, I eliminated a listing in one of the Ad programs which actually removed my automatic settings established by the network admin here.

So I was without internet access, and they block us out of making changes manually. Then in was off for a bit. Anyway back now.

After I had lost internet connection and the ability to chat with you here I called a fellow in another department and asked him to search his pc for yevaxan.exe as well as ldwd.dll. He saw neither on his PC, now we do not work in the same department, and I may have things running he doesn't but I figure since we both have the same core image I could remove them without harming the PC too much.

Ran SB and AA again and shut down for the night. I am back in the office today, had the TSC guys (help desk basically) reset my auto config on LAN settings so I could hit the net.

That was an about two hours ago and thus far no pop ups.

I still have the bogus hit in HijackThis for:
CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE

I can not seem to locate this on my computer when I search the registry but it does indeed come up when I run HJT.

Anyhow I appreciate your time and help greatly the ads were a nonstop hassle for me, and you never want to have to go to your admin and tell them they tend to blame you for such things. I am not sure which was the culprit here, but with your pointing them both out as possible I was confident enough to call another guy here and ask him to see if they were something that we should all have present on our boxes

Thanks again for all the help I am in your debt, and will be sure to report back if I see anymore of these annoying little buggers. Seems good though!

/cross fingers

 

Well thank you again, the new version removed it quite nicely