Another Popup ad Thread question

Ok I had done a search and ran HijackThis, SpyBot, and Ad-Aware. I have following the sticky instructions for these. I still get popup ads when I start Internet Explorer so I must be missing something. I am running Win2000 Professional. Any help would be great!!

Thanks

 

Follow the instructions below on how to post your log file.


http://forums.majorgeeks.com/showthread.php?t=38752
Hijack This Tutorial And How To Post Your Log File

 

Thanks for the quick reply. Attached is the HijackThis.txt file.

 

I forgot the other symptom was a slower than normal PC (opening programs, internet, etc.). Thanks,

 

please follow the instructions EXACTLY.

you ran HJT from
C:\Documents and Settings\tfaux\Local Settings\Temporary Internet Files\Content.IE5\CRST4JIZ\HijackThis[1].exe

it is clearly stated not do run it from an archive, temp folder or any folder in documents and settings. . Place HJT in its' own folder C:\program files\hijackthis ...and run it from there. Close all IE windows, then post a new log file.

 

Sorry about that. See attached.

 

Your version of HJT is too old.. sorry, I didn't notice this the first time around.
go here
http://www.majorgeeks.com/download3155.html

download the new one and post yet another log..lol


[edit, sorry chas, didn't see ya there]
[edit 2. lol. ]

 

Ok guys thanks for staying with me. Here is the new verision.

 

That O4 is union way app hunter. stand by Dichotmist.

 

so much for my reading comprehension today.. it is clearsearch.. I read the wrong part of this search info I found.. *smacks forhead*

 

no.. I didn't get down that far.. I'm going to add pattern for that in LoJackThis so I can nail 'em at first go.

 

Ok, we gots lots of problems here with Trojans like Chas said.
Lets start by running the online scans as suggested (in normal mode) in our tutorial.

http://forums.majorgeeks.com/showthread.php?t=35407
READ ME FIRST: Basic Spyware, Trojan And Virus Removal

Then run the alternative scans listed at the end of the tutorial.

When you're done with that, then run the WHOLE tutorial AGAIN because malware items that could have cascaded may be removed and the scans may clean up more stuff. Then post a new log.

 

So I've completed all of the below installations/ scans:
Ad-Aware SE
Ad-Aware VX2 Cleaner Plug-In
CCleaner
Spybot
SpywareBlaster
McAfee AVERT Stinger
CWShredder
Kill2me
about:Buster
HSRemove
Trend Micro's Online Virus Scan
Symantec Security Check
Bitdefender online scan
RavAntivirus online scan
TrojanScan online scan
a-squared
ADS SPY


Only ad-aware and spy-bot found anything and promply removed them. I ran ADS SPY, but I'm not sure what is ok to remove and what is not. I have ran HijackThis again and attached the file. Let me know what you guys think. By the way I have ran each multiple times.
Thanks,

 

you can remove this one using HiJackThis
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL

A-Squared didn't find anything?

Ok, try this one

http://tools.zerosrealm.com/PeperFix.exe
Peperfix
if it doesn't find them then see if you can find the files and delete them.

C:\WINNT\vzwwrt.exe
C:\Program Files\CSBB\CSV7P070.exe
C:\WINNT\system32\pxeabn.exe
C:\WINNT\Meruoq.exe
C:\WINNT\vzwwrt.exe
C:\WINNT\system32\gjdxvc.exe
C:\Program Files\VVSN\VVSN.exe
laprovau.exe

I know you probably won't find them, but try anyway

next
go to start, run.. type
REGSVR32.EXE /U C:\Program Files\CSBB\CSBB.DLL
hit enter and then ok to any prompts
then
REGSVR32.EXE /u C:\WINNT\system32\gjdxv.dll
hit enter and then ok to any prompts.

Find those two files and delete them..


remove these in HiJackThis
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O2 - BHO: SDWin32 Class - {767BDA7E-5249-4529-AE6B-4E3DB73C3280} - C:\WINNT\system32\gjdxv.dll
O4 - HKLM\..\Run: [CSV7P70] C:\Program Files\CSBB\CSV7P070.exe
O4 - HKLM\..\Run: [ryikflu] C:\WINNT\system32\pxeabn.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINNT\Meruoq.exe
O4 - HKLM\..\Run: [viueeim] C:\WINNT\vzwwrt.exe
O4 - HKLM\..\Run: [gjdxvc] C:\WINNT\system32\gjdxvc.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKCU\..\Run: [cws2RUc8i] laprovau.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18f9f455c60b096c5414/netzip/RdxIE601.cab

post new log when done.

make sure IE is not running when you do this.. close all browsers.

 

OK I followed your instruction and removed:
C:\WINNT\vzwwrt.exe
C:\WINNT\system32\gjdxvc.exe

And the rest of the stuff out of HijackThis. I then ran Giant AntiSpyware. This worked awesome. It found the nine spyware installs that were killing me. I got rid of those and everything seems to work great. I have attached the new HijackThis log file just in case though.

I think everything we did may have screwed up my Outlook now though. It will not connect to the server to download mail. Any idea what we did that could have caused this?

Thanks,