Jump to content


Photo

I've been hijacked with popups


  • This topic is locked This topic is locked
7 replies to this topic

#1 pcwright

pcwright

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 June 2004 - 12:27 PM

:whistle: As an IT professional I am embarassed to admit that I have been Hijacked by pop up ads. I also think I know when it happened:
The stats:
Windows 2000
IE 6.0.2800.1106
Norton Personal Firewall
Norton anitvirus enterprise edition (updated and run regularly)
Updated and ran Ad-Adware and Spy-Bot today.
tryed to run CWShredder and received the following problem no matter how many times I reran it.

CWShredder application error: The instruction at "0x77f81c85 referenced memory at "0x00000000", the memory could not be "read".
Click OK to terminate......

When OK clicked received this message:
You have a variant of the CoolWebSearch Trojan (CWS.Smartsearch.2) that has attempted to close CWShredder. To counter this, CWShredder is starting with a random string of text in the title bar. CWShredder is functioning fine, it has not been corrupted.
If you feel you should not be getting this error and you are not infected, restart CWShredder and this warning should not appear again.


Just FYI, I work at a company called Spartan (some refs in the log). Client Access has to do with the IBM iSeries (AS/400).

Thank you for your help.

I ran Hijack This and here is the Log:
Logfile of HijackThis v1.97.7
Scan saved at 1:18:24 PM, on 6/24/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
c:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\system32\ircomm2k.exe
C:\NETOP\HOST\NHOSTSVC.EXE
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ltmsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINNT\system32\sdtcprfm.exe
C:\pcwdata\hijackthisprog\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.chartermi.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.spartanstore.com;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PAV.EXE] C:\WINNT
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [sdtcprfm] C:\WINNT\system32\sdtcprfm.exe
O4 - HKCU\..\Run: [2294416] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\2294416.cpl
O4 - HKCU\..\Run: [65920] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65920.cpl
O4 - HKCU\..\Run: [65838] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65838.cpl
O4 - HKCU\..\Run: [65894] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65894.cpl
O4 - HKCU\..\Run: [65974] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65974.cpl
O4 - HKCU\..\Run: [65898] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65898.cpl
O4 - HKCU\..\Run: [65902] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65902.cpl
O4 - HKCU\..\Run: [327950] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327950.cpl
O4 - HKCU\..\Run: [131400] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131400.cpl
O4 - HKCU\..\Run: [65932] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65932.cpl
O4 - HKCU\..\Run: [262486] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262486.cpl
O4 - HKCU\..\Run: [65924] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65924.cpl
O4 - HKCU\..\Run: [65904] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65904.cpl
O4 - HKCU\..\Run: [262388] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262388.cpl
O4 - HKCU\..\Run: [131342] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131342.cpl
O4 - HKCU\..\Run: [131340] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131340.cpl
O4 - HKCU\..\Run: [131418] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131418.cpl
O4 - HKCU\..\Run: [65914] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65914.cpl
O4 - HKCU\..\Run: [196954] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196954.cpl
O4 - HKCU\..\Run: [131322] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131322.cpl
O4 - HKCU\..\Run: [65910] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65910.cpl
O4 - HKCU\..\Run: [65896] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65896.cpl
O4 - HKCU\..\Run: [65884] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65884.cpl
O4 - HKCU\..\Run: [65892] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65892.cpl
O4 - HKCU\..\Run: [131316] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131316.cpl
O4 - HKCU\..\Run: [327996] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327996.cpl
O4 - HKCU\..\Run: [65890] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65890.cpl
O4 - HKCU\..\Run: [196960] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196960.cpl
O4 - HKCU\..\Run: [524600] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\524600.cpl
O4 - HKCU\..\Run: [196970] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196970.cpl
O4 - HKCU\..\Run: [65886] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65886.cpl
O4 - HKCU\..\Run: [65880] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65880.cpl
O4 - HKCU\..\Run: [262514] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262514.cpl
O4 - HKCU\..\Run: [196848] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196848.cpl
O4 - HKCU\..\Run: [196840] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196840.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196864.cpl
O4 - HKCU\..\Run: [197028] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\197028.cpl
O4 - HKCU\..\Run: [65940] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65940.cpl
O4 - HKCU\..\Run: [459106] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459106.cpl
O4 - HKCU\..\Run: [131436] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131436.cpl
O4 - HKCU\..\Run: [131314] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131314.cpl
O4 - HKCU\..\Run: [328032] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328032.cpl
O4 - HKCU\..\Run: [590176] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\590176.cpl
O4 - HKCU\..\Run: [327992] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327992.cpl
O4 - HKCU\..\Run: [131426] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131426.cpl
O4 - HKCU\..\Run: [458892] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\458892.cpl
O4 - HKCU\..\Run: [393556] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393556.cpl
O4 - HKCU\..\Run: [196976] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196976.cpl
O4 - HKCU\..\Run: [65882] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65882.cpl
O4 - HKCU\..\Run: [328026] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328026.cpl
O4 - HKCU\..\Run: [131424] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131424.cpl
O4 - HKCU\..\Run: [459072] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459072.cpl
O4 - HKCU\..\Run: [65916] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65916.cpl
O4 - HKCU\..\Run: [65938] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65938.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131448.cpl
O4 - HKCU\..\Run: [196944] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196944.cpl
O4 - HKCU\..\Run: [66016] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\66016.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131422.cpl
O4 - HKCU\..\Run: [131432] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131432.cpl
O4 - HKCU\..\Run: [65900] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65900.cpl
O4 - HKCU\..\Run: [65918] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65918.cpl
O4 - HKCU\..\Run: [131414] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131414.cpl
O4 - HKCU\..\Run: [983372] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\983372.cpl
O4 - HKCU\..\Run: [131434] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131434.cpl
O4 - HKCU\..\Run: [196916] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196916.cpl
O4 - HKCU\..\Run: [131428] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131428.cpl
O4 - HKCU\..\Run: [131462] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131462.cpl
O4 - HKCU\..\Run: [328014] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328014.cpl
O4 - HKCU\..\Run: [131416] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131416.cpl
O4 - HKCU\..\Run: [328044] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328044.cpl
O4 - HKCU\..\Run: [65912] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65912.cpl
O4 - HKCU\..\Run: [131430] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131430.cpl
O4 - HKCU\..\Run: [131646] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131646.cpl
O4 - HKCU\..\Run: [328030] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328030.cpl
O4 - HKCU\..\Run: [131472] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131472.cpl
O4 - HKCU\..\Run: [327998] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327998.cpl
O4 - HKCU\..\Run: [131440] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131440.cpl
O4 - HKCU\..\Run: [721210] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\721210.cpl
O4 - HKCU\..\Run: [131328] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131328.cpl
O4 - HKCU\..\Run: [65806] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65806.cpl
O4 - HKCU\..\Run: [65796] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65796.cpl
O4 - HKCU\..\Run: [131326] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131326.cpl
O4 - HKCU\..\Run: [65794] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65794.cpl
O4 - HKCU\..\Run: [262490] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262490.cpl
O4 - HKCU\..\Run: [65962] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65962.cpl
O4 - HKCU\..\Run: [262556] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262556.cpl
O4 - HKCU\..\Run: [65908] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65908.cpl
O4 - HKCU\..\Run: [393450] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393450.cpl
O4 - HKCU\..\Run: [131338] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131338.cpl
O4 - HKCU\..\Run: [65888] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65888.cpl
O4 - HKCU\..\Run: [328122] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328122.cpl
O4 - HKCU\..\Run: [328036] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328036.cpl
O4 - HKCU\..\Run: [196874] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196874.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196882.cpl
O4 - HKCU\..\Run: [131452] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131452.cpl
O4 - HKCU\..\Run: [66026] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\66026.cpl
O4 - HKCU\..\Run: [131362] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131362.cpl
O4 - HKCU\..\Run: [131454] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131454.cpl
O4 - HKCU\..\Run: [262534] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262534.cpl
O4 - HKCU\..\Run: [393626] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393626.cpl
O4 - HKCU\..\Run: [262520] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262520.cpl
O4 - HKCU\..\Run: [262530] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262530.cpl
O4 - HKCU\..\Run: [1376596] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\1376596.cpl
O4 - HKCU\..\Run: [786650] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\786650.cpl
O4 - HKCU\..\Run: [131498] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131498.cpl
O4 - HKCU\..\Run: [197106] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\197106.cpl
O4 - HKCU\..\Run: [131516] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131516.cpl
O4 - HKCU\..\Run: [393596] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393596.cpl
O4 - HKCU\..\Run: [524702] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\524702.cpl
O4 - HKCU\..\Run: [262516] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262516.cpl
O4 - HKCU\..\Run: [459104] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459104.cpl
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://webforms.aux...sses/CFJava.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://spspoke2.spar...com/iNotes6.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcams.mtu.e...sCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7930.2776157407
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE898797-BD6B-4019-A98A-F4D76568E331}: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE898797-BD6B-4019-A98A-F4D76568E331}: NameServer = 155.110.212.9,155.110.44.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE90D51E-FE36-4003-9CD8-9A8C7A9DBD71}: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE90D51E-FE36-4003-9CD8-9A8C7A9DBD71}: NameServer = 155.110.212.9,155.110.44.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spartanstore.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spartanstore.com


Thanks again,

Paula

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 06 July 2004 - 12:48 PM

How to Remove CoolWebSearch with CoolWeb Shredder <= Please click on this link for instructions on how to download and use CoolWebSearch Shredder which will help remove a CWS infection on your computer. Make sure you close all programs and windows before running it and be sure to click on the "Fix" button. There is mention of a mini removal tool which may help the shut down - Let me know.

Then ... Please download, install and run Tojan Hunter (Trial).

Lastly - For now :) ...
Run Ad-Aware with the latest update.
  • Download the latest version of Ad-Aware from here.
  • After installing Ad-aware, and before running the program, Please be sure to update the reference file as per these instructions.
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives" (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Log-file detail", select all options.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
      • "Include additional Ad-aware settings in logfile"
      • "Unload recognized processes during scanning."
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "Let Windows remove files in use after reboot."
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
    • Select "Activate in-Depth scan".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Post a new HijackThis log when done.

#3 pcwright

pcwright

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 July 2004 - 10:38 AM

Hi!:
I downloaded the miniremoval tool and it indicated that I had no problems.
I redownloaded CWShredder, but was unable to connect to either site to get the live updates. (It does appear I have the latest and last version, though) I attempted to run CWShredder multiple times but keep getting the same 'Application Error'.
I then downloaded and updated the Trojan Hunter and removed 3 trojans.
I then was able to SUCCESSFULLY run CWShredder and it indicated that I had no problems.
I redownloaded and updated AD-Aware and reconfigured it as directed and removed 43 objects.

I will report back latter this PM on whether or not my pop ups have been killed off.

Thank you very much.

Here is my new log:
Logfile of HijackThis v1.97.7
Scan saved at 11:28:29 AM, on 7/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
c:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\Program Files\NavNT\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\system32\ircomm2k.exe
C:\NETOP\HOST\NHOSTSVC.EXE
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ltmsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\NOTES6\NLNOTES.EXE
C:\NOTES6\ntaskldr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\pcwdata\hijackthisprog\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.chartermi.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.spartanstore.com;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PAV.EXE] C:\WINNT
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ex_psul] C:\WINNT\system32\ex_psul.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [2294416] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\2294416.cpl
O4 - HKCU\..\Run: [65920] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65920.cpl
O4 - HKCU\..\Run: [65838] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65838.cpl
O4 - HKCU\..\Run: [65894] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65894.cpl
O4 - HKCU\..\Run: [65974] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65974.cpl
O4 - HKCU\..\Run: [65898] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65898.cpl
O4 - HKCU\..\Run: [65902] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65902.cpl
O4 - HKCU\..\Run: [327950] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327950.cpl
O4 - HKCU\..\Run: [131400] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131400.cpl
O4 - HKCU\..\Run: [65932] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65932.cpl
O4 - HKCU\..\Run: [262486] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262486.cpl
O4 - HKCU\..\Run: [65924] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65924.cpl
O4 - HKCU\..\Run: [65904] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65904.cpl
O4 - HKCU\..\Run: [262388] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262388.cpl
O4 - HKCU\..\Run: [131342] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131342.cpl
O4 - HKCU\..\Run: [131340] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131340.cpl
O4 - HKCU\..\Run: [131418] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131418.cpl
O4 - HKCU\..\Run: [65914] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65914.cpl
O4 - HKCU\..\Run: [196954] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196954.cpl
O4 - HKCU\..\Run: [131322] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131322.cpl
O4 - HKCU\..\Run: [65910] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65910.cpl
O4 - HKCU\..\Run: [65896] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65896.cpl
O4 - HKCU\..\Run: [65884] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65884.cpl
O4 - HKCU\..\Run: [65892] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65892.cpl
O4 - HKCU\..\Run: [131316] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131316.cpl
O4 - HKCU\..\Run: [327996] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327996.cpl
O4 - HKCU\..\Run: [65890] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65890.cpl
O4 - HKCU\..\Run: [196960] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196960.cpl
O4 - HKCU\..\Run: [524600] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\524600.cpl
O4 - HKCU\..\Run: [196970] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196970.cpl
O4 - HKCU\..\Run: [65886] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65886.cpl
O4 - HKCU\..\Run: [65880] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65880.cpl
O4 - HKCU\..\Run: [262514] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262514.cpl
O4 - HKCU\..\Run: [196848] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196848.cpl
O4 - HKCU\..\Run: [196840] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196840.cpl
O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196864.cpl
O4 - HKCU\..\Run: [197028] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\197028.cpl
O4 - HKCU\..\Run: [65940] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65940.cpl
O4 - HKCU\..\Run: [459106] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459106.cpl
O4 - HKCU\..\Run: [131436] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131436.cpl
O4 - HKCU\..\Run: [131314] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131314.cpl
O4 - HKCU\..\Run: [328032] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328032.cpl
O4 - HKCU\..\Run: [590176] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\590176.cpl
O4 - HKCU\..\Run: [327992] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327992.cpl
O4 - HKCU\..\Run: [131426] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131426.cpl
O4 - HKCU\..\Run: [458892] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\458892.cpl
O4 - HKCU\..\Run: [393556] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393556.cpl
O4 - HKCU\..\Run: [196976] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196976.cpl
O4 - HKCU\..\Run: [65882] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65882.cpl
O4 - HKCU\..\Run: [328026] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328026.cpl
O4 - HKCU\..\Run: [131424] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131424.cpl
O4 - HKCU\..\Run: [459072] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459072.cpl
O4 - HKCU\..\Run: [65916] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65916.cpl
O4 - HKCU\..\Run: [65938] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65938.cpl
O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131448.cpl
O4 - HKCU\..\Run: [196944] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196944.cpl
O4 - HKCU\..\Run: [66016] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\66016.cpl
O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131422.cpl
O4 - HKCU\..\Run: [131432] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131432.cpl
O4 - HKCU\..\Run: [65900] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65900.cpl
O4 - HKCU\..\Run: [65918] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65918.cpl
O4 - HKCU\..\Run: [131414] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131414.cpl
O4 - HKCU\..\Run: [983372] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\983372.cpl
O4 - HKCU\..\Run: [131434] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131434.cpl
O4 - HKCU\..\Run: [196916] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196916.cpl
O4 - HKCU\..\Run: [131428] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131428.cpl
O4 - HKCU\..\Run: [131462] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131462.cpl
O4 - HKCU\..\Run: [328014] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328014.cpl
O4 - HKCU\..\Run: [131416] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131416.cpl
O4 - HKCU\..\Run: [328044] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328044.cpl
O4 - HKCU\..\Run: [65912] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65912.cpl
O4 - HKCU\..\Run: [131430] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131430.cpl
O4 - HKCU\..\Run: [131646] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131646.cpl
O4 - HKCU\..\Run: [328030] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328030.cpl
O4 - HKCU\..\Run: [131472] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131472.cpl
O4 - HKCU\..\Run: [327998] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327998.cpl
O4 - HKCU\..\Run: [131440] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131440.cpl
O4 - HKCU\..\Run: [721210] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\721210.cpl
O4 - HKCU\..\Run: [131328] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131328.cpl
O4 - HKCU\..\Run: [65806] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65806.cpl
O4 - HKCU\..\Run: [65796] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65796.cpl
O4 - HKCU\..\Run: [131326] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131326.cpl
O4 - HKCU\..\Run: [65794] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65794.cpl
O4 - HKCU\..\Run: [262490] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262490.cpl
O4 - HKCU\..\Run: [65962] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65962.cpl
O4 - HKCU\..\Run: [262556] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262556.cpl
O4 - HKCU\..\Run: [65908] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65908.cpl
O4 - HKCU\..\Run: [393450] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393450.cpl
O4 - HKCU\..\Run: [131338] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131338.cpl
O4 - HKCU\..\Run: [65888] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65888.cpl
O4 - HKCU\..\Run: [328122] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328122.cpl
O4 - HKCU\..\Run: [328036] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328036.cpl
O4 - HKCU\..\Run: [196874] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196874.cpl
O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196882.cpl
O4 - HKCU\..\Run: [131452] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131452.cpl
O4 - HKCU\..\Run: [66026] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\66026.cpl
O4 - HKCU\..\Run: [131362] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131362.cpl
O4 - HKCU\..\Run: [131454] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131454.cpl
O4 - HKCU\..\Run: [262534] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262534.cpl
O4 - HKCU\..\Run: [393626] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393626.cpl
O4 - HKCU\..\Run: [262520] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262520.cpl
O4 - HKCU\..\Run: [262530] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262530.cpl
O4 - HKCU\..\Run: [1376596] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\1376596.cpl
O4 - HKCU\..\Run: [786650] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\786650.cpl
O4 - HKCU\..\Run: [131498] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131498.cpl
O4 - HKCU\..\Run: [197106] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\197106.cpl
O4 - HKCU\..\Run: [131516] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131516.cpl
O4 - HKCU\..\Run: [393596] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393596.cpl
O4 - HKCU\..\Run: [524702] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\524702.cpl
O4 - HKCU\..\Run: [262516] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262516.cpl
O4 - HKCU\..\Run: [459104] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459104.cpl
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: BHO Cop.lnk = C:\Program Files\BHOCop\BHOCop.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://webforms.aux...sses/CFJava.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://spspoke2.spar...com/iNotes6.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcams.mtu.e...sCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7930.2776157407
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE898797-BD6B-4019-A98A-F4D76568E331}: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE898797-BD6B-4019-A98A-F4D76568E331}: NameServer = 155.110.212.9,155.110.44.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE90D51E-FE36-4003-9CD8-9A8C7A9DBD71}: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE90D51E-FE36-4003-9CD8-9A8C7A9DBD71}: NameServer = 155.110.212.9,155.110.44.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spartanstore.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spartanstore.com

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 07 July 2004 - 12:50 PM

  • Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":
    O4 - HKLM\..\Run: [PAV.EXE] C:\WINNT
    O4 - HKCU\..\Run: [2294416] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\2294416.cpl
    O4 - HKCU\..\Run: [65920] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65920.cpl
    O4 - HKCU\..\Run: [65838] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65838.cpl
    O4 - HKCU\..\Run: [65894] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65894.cpl
    O4 - HKCU\..\Run: [65974] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65974.cpl
    O4 - HKCU\..\Run: [65898] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65898.cpl
    O4 - HKCU\..\Run: [65902] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65902.cpl
    O4 - HKCU\..\Run: [327950] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327950.cpl
    O4 - HKCU\..\Run: [131400] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131400.cpl
    O4 - HKCU\..\Run: [65932] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65932.cpl
    O4 - HKCU\..\Run: [262486] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262486.cpl
    O4 - HKCU\..\Run: [65924] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65924.cpl
    O4 - HKCU\..\Run: [65904] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65904.cpl
    O4 - HKCU\..\Run: [262388] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262388.cpl
    O4 - HKCU\..\Run: [131342] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131342.cpl
    O4 - HKCU\..\Run: [131340] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131340.cpl
    O4 - HKCU\..\Run: [131418] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131418.cpl
    O4 - HKCU\..\Run: [65914] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65914.cpl
    O4 - HKCU\..\Run: [196954] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196954.cpl
    O4 - HKCU\..\Run: [131322] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131322.cpl
    O4 - HKCU\..\Run: [65910] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65910.cpl
    O4 - HKCU\..\Run: [65896] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65896.cpl
    O4 - HKCU\..\Run: [65884] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65884.cpl
    O4 - HKCU\..\Run: [65892] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65892.cpl
    O4 - HKCU\..\Run: [131316] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131316.cpl
    O4 - HKCU\..\Run: [327996] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327996.cpl
    O4 - HKCU\..\Run: [65890] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65890.cpl
    O4 - HKCU\..\Run: [196960] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196960.cpl
    O4 - HKCU\..\Run: [524600] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\524600.cpl
    O4 - HKCU\..\Run: [196970] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196970.cpl
    O4 - HKCU\..\Run: [65886] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65886.cpl
    O4 - HKCU\..\Run: [65880] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65880.cpl
    O4 - HKCU\..\Run: [262514] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262514.cpl
    O4 - HKCU\..\Run: [196848] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196848.cpl
    O4 - HKCU\..\Run: [196840] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196840.cpl
    O4 - HKCU\..\Run: [196864] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196864.cpl
    O4 - HKCU\..\Run: [197028] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\197028.cpl
    O4 - HKCU\..\Run: [65940] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65940.cpl
    O4 - HKCU\..\Run: [459106] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459106.cpl
    O4 - HKCU\..\Run: [131436] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131436.cpl
    O4 - HKCU\..\Run: [131314] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131314.cpl
    O4 - HKCU\..\Run: [328032] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328032.cpl
    O4 - HKCU\..\Run: [590176] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\590176.cpl
    O4 - HKCU\..\Run: [327992] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327992.cpl
    O4 - HKCU\..\Run: [131426] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131426.cpl
    O4 - HKCU\..\Run: [458892] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\458892.cpl
    O4 - HKCU\..\Run: [393556] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393556.cpl
    O4 - HKCU\..\Run: [196976] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196976.cpl
    O4 - HKCU\..\Run: [65882] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65882.cpl
    O4 - HKCU\..\Run: [328026] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328026.cpl
    O4 - HKCU\..\Run: [131424] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131424.cpl
    O4 - HKCU\..\Run: [459072] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459072.cpl
    O4 - HKCU\..\Run: [65916] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65916.cpl
    O4 - HKCU\..\Run: [65938] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65938.cpl
    O4 - HKCU\..\Run: [131448] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131448.cpl
    O4 - HKCU\..\Run: [196944] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196944.cpl
    O4 - HKCU\..\Run: [66016] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\66016.cpl
    O4 - HKCU\..\Run: [131422] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131422.cpl
    O4 - HKCU\..\Run: [131432] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131432.cpl
    O4 - HKCU\..\Run: [65900] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65900.cpl
    O4 - HKCU\..\Run: [65918] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65918.cpl
    O4 - HKCU\..\Run: [131414] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131414.cpl
    O4 - HKCU\..\Run: [983372] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\983372.cpl
    O4 - HKCU\..\Run: [131434] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131434.cpl
    O4 - HKCU\..\Run: [196916] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196916.cpl
    O4 - HKCU\..\Run: [131428] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131428.cpl
    O4 - HKCU\..\Run: [131462] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131462.cpl
    O4 - HKCU\..\Run: [328014] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328014.cpl
    O4 - HKCU\..\Run: [131416] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131416.cpl
    O4 - HKCU\..\Run: [328044] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328044.cpl
    O4 - HKCU\..\Run: [65912] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65912.cpl
    O4 - HKCU\..\Run: [131430] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131430.cpl
    O4 - HKCU\..\Run: [131646] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131646.cpl
    O4 - HKCU\..\Run: [328030] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328030.cpl
    O4 - HKCU\..\Run: [131472] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131472.cpl
    O4 - HKCU\..\Run: [327998] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\327998.cpl
    O4 - HKCU\..\Run: [131440] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131440.cpl
    O4 - HKCU\..\Run: [721210] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\721210.cpl
    O4 - HKCU\..\Run: [131328] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131328.cpl
    O4 - HKCU\..\Run: [65806] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65806.cpl
    O4 - HKCU\..\Run: [65796] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65796.cpl
    O4 - HKCU\..\Run: [131326] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131326.cpl
    O4 - HKCU\..\Run: [65794] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65794.cpl
    O4 - HKCU\..\Run: [262490] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262490.cpl
    O4 - HKCU\..\Run: [65962] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65962.cpl
    O4 - HKCU\..\Run: [262556] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262556.cpl
    O4 - HKCU\..\Run: [65908] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65908.cpl
    O4 - HKCU\..\Run: [393450] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393450.cpl
    O4 - HKCU\..\Run: [131338] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131338.cpl
    O4 - HKCU\..\Run: [65888] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\65888.cpl
    O4 - HKCU\..\Run: [328122] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328122.cpl
    O4 - HKCU\..\Run: [328036] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\328036.cpl
    O4 - HKCU\..\Run: [196874] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196874.cpl
    O4 - HKCU\..\Run: [196882] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\196882.cpl
    O4 - HKCU\..\Run: [131452] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131452.cpl
    O4 - HKCU\..\Run: [66026] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\66026.cpl
    O4 - HKCU\..\Run: [131362] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131362.cpl
    O4 - HKCU\..\Run: [131454] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131454.cpl
    O4 - HKCU\..\Run: [262534] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262534.cpl
    O4 - HKCU\..\Run: [393626] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393626.cpl
    O4 - HKCU\..\Run: [262520] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262520.cpl
    O4 - HKCU\..\Run: [262530] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262530.cpl
    O4 - HKCU\..\Run: [1376596] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\1376596.cpl
    O4 - HKCU\..\Run: [786650] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\786650.cpl
    O4 - HKCU\..\Run: [131498] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131498.cpl
    O4 - HKCU\..\Run: [197106] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\197106.cpl
    O4 - HKCU\..\Run: [131516] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\131516.cpl
    O4 - HKCU\..\Run: [393596] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\393596.cpl
    O4 - HKCU\..\Run: [524702] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\524702.cpl
    O4 - HKCU\..\Run: [262516] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\262516.cpl
    O4 - HKCU\..\Run: [459104] rundll32.exe shell32.dll,Control_RunDLL C:\WINNT\459104.cpl
    O16 - <= I would like you to delete ALL O16 entries. If anything is actually needed, it will be downloaded the next time you connect to the relevant site.
  • Please reboot into safe mode - How do I boot into "Safe" mode?
  • The following FILES, DIRECTORIES and DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". If the files etc listed are not present - Do not worry, just delete those that you can find. If no path is listed, you may need to search for the file(s) - To search, click on "Start" => "Search" => "For Files and Folders" => "All Files and Folders" and type in the file name. You can delete it right from the search results window.
    • DIRECTORY CONTENTS (But not the directory)
      • C:\Windows\Temp\
      • C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.
      • C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
      • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
      • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
      • Empty your "Recycle Bin"
    • DIRECTORIES
      • Nothing Yet
    • FILES
      • Nothing Yet
  • Reboot again and log in normally, repost a new HijackThis log into this message for further review.


#5 pcwright

pcwright

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 July 2004 - 03:57 PM

Hi again!

Thanks for your quick responses!

I removed the items specified from HijackThis and deleted the files (after unhiding them) in safe mode.
Here is my NEWest HijackThis log after finishing these tasks:
(So far - no popups with IE this afternoon....... ):bounce:




Logfile of HijackThis v1.97.7
Scan saved at 4:50:59 PM, on 7/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
c:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\Program Files\NavNT\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\system32\ircomm2k.exe
C:\NETOP\HOST\NHOSTSVC.EXE
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ltmsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\pcwdata\hijackthisprog\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.chartermi.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.spartanstore.com;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ex_psul] C:\WINNT\system32\ex_psul.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: BHO Cop.lnk = C:\Program Files\BHOCop\BHOCop.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE898797-BD6B-4019-A98A-F4D76568E331}: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE898797-BD6B-4019-A98A-F4D76568E331}: NameServer = 155.110.212.9,155.110.44.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE90D51E-FE36-4003-9CD8-9A8C7A9DBD71}: Domain = spartanstore.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE90D51E-FE36-4003-9CD8-9A8C7A9DBD71}: NameServer = 155.110.212.9,155.110.44.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spartanstore.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spartanstore.com

#6 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 08 July 2004 - 08:27 PM

The one entry that I still see that should be deleted from HijackThis is:
O4 - HKLM\..\Run: [ex_psul] C:\WINNT\system32\ex_psul.exe

Also - delete the file C:\WINNT\system32\ex_psul.exe.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#7 pcwright

pcwright

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 08 July 2004 - 08:35 PM

Thanks for all the help, PGPhantom. I have been popup free for over 24 hours. I think I am clean and good to go, but will delete that last item you mentioned and look over the software and hints you recomended.
;D
Thanks again,
Paula

#8 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 08 July 2004 - 08:51 PM

It has been a pleasure to help you :)

The problems here look to be resolved so I will close the thread. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

If you would like to make a contribution to help support SpywareInfo, please check this link for more information.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button