Jump to content


Photo

Jksearch - MERGED 2 threads


  • Please log in to reply
3 replies to this topic

#1 capraru

capraru

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 June 2004 - 03:40 AM

CWS- Jksearch
I can't remove it from my computer OS 2000NT Prof
Thanks in advance!


My Hijackthis.log is:

Logfile of HijackThis v1.97.7
Scan saved at 11:09:33, on 2004-06-11
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PspContr.Exe
C:\WINNT\system32\Promon.exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\QuickTime\qttask.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\WINNT\system32\internat.exe
C:\Program\C Technologies\C-Pen 10\CPen10.exe
C:\Program\Nikon\NkView5\NkvMon.exe
C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE
C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program\Microsoft Office\Office\1053\msoffice.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\winnt\iehr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ScanSpyware v3.5] "C:\Program\ScanSpyware v3.5\Scanner.exe"
O4 - Startup: Digital Patrol Update.lnk = C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: C-Pen 10.lnk = C:\Program\C Technologies\C-Pen 10\CPen10.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O9 - Extra button: Merriam-Webster (HKLM)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} -
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.c...ex/tdserver.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam....WebMonProj1.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail4.sll.se/iNotes.cab
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} -
O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail4.sll.se/iNotes6.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabri.../5/060204se.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://pclog/install...insftwebcli.exe
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://mail3.sll.se.../dolcontrol.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) -
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C365} - http://content.netve...e/se/games6.cab
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C369} - http://content.netve...e/se/games6.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webca...sCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8118.0593171296
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.merriam-w...ar/cabs/m-w.cab

Edited by capraru, 11 June 2004 - 04:12 AM.


#2 expertec

expertec

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 690 posts

Posted 11 June 2004 - 03:57 AM

Download http://www.spywarein.../CWShredder.exe and run it.

Then download http://www.spywarein.../hijackthis.zip

Create a folder for Hijackthis e.g. C:\HJT, and extract Hijackthis.exe from the zip to the folder.

Run the program from it's folder. Click "scan", when the scan button changes to "save log", save the log, and copy and paste the WHOLE thing into a post in this thread.

#3 capraru

capraru

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 June 2004 - 08:00 AM

This is the new log after cleaning with Hijackthis:
Logfile of HijackThis v1.97.7


Scan saved at 14:55:51, on 2004-06-11
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PspContr.Exe
C:\WINNT\system32\Promon.exe
C:\Program\F-Secure\Common\FSM32.EXE
C:\Program\QuickTime\qttask.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\WINNT\system32\internat.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program\C Technologies\C-Pen 10\CPen10.exe
C:\Program\Nikon\NkView5\NkvMon.exe
C:\Program\Microsoft Office\Office\1053\msoffice.exe
C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE
C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ScanSpyware v3.5] "C:\Program\ScanSpyware v3.5\Scanner.exe"
O4 - Startup: Digital Patrol Update.lnk = C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: C-Pen 10.lnk = C:\Program\C Technologies\C-Pen 10\CPen10.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O9 - Extra button: Merriam-Webster (HKLM)
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.c...ex/tdserver.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam....WebMonProj1.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail4.sll.se/iNotes.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail4.sll.se/iNotes6.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speeder...meInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://mail3.sll.se.../dolcontrol.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8118.0593171296
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.merriam-w...ar/cabs/m-w.cab

#4 expertec

expertec

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 690 posts

Posted 11 June 2004 - 04:22 PM

Are you running two antivirus programs? :huh:

Is ScanSpyware something that you bought or is it a trial version? If it's a trial version uninstall it, there are better programs for free.

I don't see anything really bad left, but you can fix these items with Hijackthis if you want:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -


Put a check against each one in HJT, close all other windows and click "Fix Checked"

I'd also recommend you read this article for advice on preventing yourself being hijacked again http://www.spywarein...ked/prevent.php

Edited by expertec, 11 June 2004 - 04:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button