ADstatserv?

Shadow2018Shadow2018 Northwest Missouri
edited January 2005 in Spyware & Virus Removal
What is this? Do I need it?(I don't think so) How can I get rid of this?

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited January 2005
    Adware!

    Post a hijackthis log so we can see what's going on.
  • Shadow2018Shadow2018 Northwest Missouri
    edited January 2005
    I posted a hijack log several days ago with no response. It can be located on page 3 or 4 in this forum.
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited January 2005
    If you want help now, please post a new one. A log from several days ago will not help.
  • Shadow2018Shadow2018 Northwest Missouri
    edited January 2005
    Logfile of HijackThis v1.99.0
    Scan saved at 2:46:06 PM, on 1/26/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Grisoft\AVG Free\avgemc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

    I removed adstatserv.exe and adstatkeep.exe from the running processes but they are still in the system.
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited January 2005
    Download Ad-aware SE from: http://www.majorgeeks.com/download506.html

    Install the program and launch it.

    First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

    Exit Adaware for now.


    Show hidden files
    http://www.short-media.com/forum/showpost.php?p=172588&postcount=3



    Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

    Reboot your computer into Safe Mode



    Then delete these files or directories (Do not be concerned if they do not exist):

    C:\PROGRA~1\SEARCH~1
    ALCXMNTR.EXE
    C:\WINDOWS\zeta.exe



    Run a full scan with Adaware while in Safe Mode.



    Reboot and post a new log.
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited January 2005
    I'm sorry I didn't specify in my last post...please post a hijackthis log.
  • Shadow2018Shadow2018 Northwest Missouri
    edited January 2005
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
    O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe



    I appreciate all your help. Thank You.
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited January 2005
    Your log looks clean to me. Are you having any more problems?
  • Shadow2018Shadow2018 Northwest Missouri
    edited January 2005
    I think I managed to remove all the spyware from the system. Thanks for your help.
Sign In or Register to comment.