Jump to content


Photo

Monster.com pop up


  • Please log in to reply
3 replies to this topic

#1 lml1979

lml1979

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 12 July 2004 - 03:08 PM

Recieving monster.com popus while working in other apps, IE isn't even open. Also, tried printing out an email and it printed out a Lycos search web page -- IE was not open at the time.

I have ran both Ad-aware and Spybot and read the board FAQ's.

LOG:

Logfile of HijackThis v1.98.0
Scan saved at 3:01:40 PM, on 7/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
C:\WINNT\system32\internat.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\PROGRA~1\lotus\notes\NLNOTES.EXE
C:\PROGRA~1\lotus\notes\ntaskldr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\kappepk\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://catatwork.cat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://catatwork.cat.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.cat.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cat.com;*.*.cat.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\COE Microsoft Office 2000\Office\OSA9.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://catatwork.ecorp.cat.com/index.jsp
O16 - DPF: JavaConnect - http://sametime.corp...JavaConnect.cab
O16 - DPF: Sametime BroadCast Client ST25PF1 - http://sametime.corp...dcastClient.cab
O16 - DPF: Sametime Directory Applet ST25PF1 - http://sametime.corp...ctoryApplet.cab
O16 - DPF: Sametime Meeting Room Client ST25PF1 - http://sametime.corp...gRoomClient.cab
O16 - DPF: Sametime MRC 651 - http://st-na-02.cis....gRoomClient.cab
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://sametime.corp...STJNILoader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cat.webex.co...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mw.na.cat.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mw.na.cat.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mw.na.cat.com
O18 - Protocol: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\progra~1\common~1\sapsha~1\system\saphtmlp.dll
O18 - Protocol: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\progra~1\common~1\sapsha~1\system\saphtmlp.dll

Any help would be greatly appreciated.

#2 lml1979

lml1979

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 13 July 2004 - 07:12 AM

Bump, could really use some help.

#3 lml1979

lml1979

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 13 July 2004 - 10:53 AM

The pop up now occurs when openning Lotus notes to just the welcome page, the webpage goes to www.lotus.lycos.com.

#4 lml1979

lml1979

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 14 July 2004 - 06:59 AM

Bump.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button