Jump to content


Photo

Get Rid of HuntBar


  • Please log in to reply
1 reply to this topic

#1 qmagic101

qmagic101

    Member

  • New Member
  • Pip
  • 1 posts

Posted 25 June 2004 - 02:16 PM

I have run SpyBot & Ad-aware mult times & at startup. Running NT4.0 SP6.
Below is the output from hijackthis, can someont tell me what I need to do to clean up my system and any suggestion on how to keep this stuff off my system.

Thanks in advance.

Dan

Logfile of HijackThis v1.97.7
Scan saved at 2:58:07 PM, on 6/25/2004
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\cba\pds.exe
C:\LDClient\wuser32.exe
C:\WINNT\System32\mgasc.exe
C:\WINNT\System32\mgactrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\RpcSs.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\System32\esserver.exe
C:\WINNT\system32\cba\xfr.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\System32\WBEM\winmgmt.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\PROMon.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\System32\MGAHOOK.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\System32\sccmgr.exe
C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
d:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
d:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
D:\download\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50133
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50133
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = iGotSmart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.28.1.142:80
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50133
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [Client Access Service] "d:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "d:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "d:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "d:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [MGA Hook] "C:\WINNT\System32\MGAHOOK.EXE"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MSN Manager] C:\WINNT\System32\sccmgr.exe
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TV Media] C:\TV Media\Tvm.exe
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Plus!\Microsoft Internet\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...dia/zoomviewer/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.micro...media/Swdir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://207.68.53.47:...tsweb/msrdp.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} -
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://204.214.93.24...tivexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 OlTramp

OlTramp

    SWI Junkie

  • Trusted Advisor
  • PipPipPip
  • 148 posts

Posted 25 June 2004 - 10:56 PM

Hi qmagic101

First download CWShredder by Merijn Bellekom
Check for an update just to make sure you have the latest version. Click fix and let it delete whatever it finds. Be sure you click fix and not scan only.

Then go to add/remove programs and remove wintools. If not there
Go to start>Settings>Control Panel>Administrative Tools>Services Look for "WinTools for IE service" in the right pane. If you find it, right click on it. Stop it by pressing the stop button. Then disable it by clicking on the startup type drop down and selecting "Disable"

Then right click on the taskbar and open taskmanager.
Go to applications and/or processes and end task on the following
WToolsA.exe
WToolsS.exe
WSup.exe

Reboot your computer and with all browsers closed rerun HJT. Check and click fix checked for any of the following that are left-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50133
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50133
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = iGotSmart
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50133
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [TV Media] C:\TV Media\Tvm.exe
This if you did not place it-
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - WWW. Prefix: http://
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://207.68.53.47:...tsweb/msrdp.cab
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} -
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://204.214.93.24...tivexviewer.cab

Restart your computer in safe ode and delete-
C:\Program Files\Common files\WinTools <=Folder
C:\TV Media <=Folder




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button