1
   

Damn pop ups...and CW Shredder does not help

Forums: Computers
Email this Topic Print this Page
 
 
fanocle1971
 
Reply Fri 12 Mar, 2004 11:01 am
Have tried with CWShredder to no avail. here is my hijack log. Can somebody help please? Also will this work permanently or will it be an interim solution? Very Happy

Logfile of HijackThis v1.97.5
Scan saved at 16:49:52, on 12/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\WINDOWS\System32\pctspk.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Documents and Settings\Alexander Brand\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
D:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
D:\Program Files\BT Broadband\Help\bin\mpbtn.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Alexander Brand\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] "D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BPYCFI] D:\WINDOWS\BPYCFI.exe
O4 - HKLM\..\Run: [webassist] D:\WINDOWS\webassist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "D:\Program Files\LimeShop\System\Code" Main lp: "D:\Program Files\LimeShop"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Program Files\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mini] D:\Documents and Settings\Alexander Brand\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: BT Broadband Help.lnk = D:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://D:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12672BCF-3405-4B1E-9BA1-08A90C2225FA}: NameServer = 193.113.212.38,194.72.6.57,194.73.73.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{22D2C490-11E0-4108-A514-E639F0595551}: NameServer = 194.74.65.68,194.74.65.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{12672BCF-3405-4B1E-9BA1-08A90C2225FA}: NameServer = 193.113.212.38,194.72.6.57,194.73.73.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{12672BCF-3405-4B1E-9BA1-08A90C2225FA}: NameServer = 193.113.212.38,194.72.6.57,194.73.73.94
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 3,202 • Replies: 5
No top replies

 
Monger
 
  1  
Reply Fri 12 Mar, 2004 11:16 am
CWShredder is not a general purpose adware scanner. It searches only for variants of the browser hijacker known as CoolWebSearch.

To make things easier, and in order to make it easier to help yourself in the future, you should install, update then run Spybot and Ad-Aware.

After that, please post a new HijackThis log here.
0 Replies
 
fanocle1971
 
  1  
Reply Fri 12 Mar, 2004 11:36 am
Done as requested
Done as required...many thanks for your help. Where does this offer optimizer junk comes from? Does anybody know?

Logfile of HijackThis v1.97.5
Scan saved at 17:33:49, on 12/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\WINDOWS\System32\pctspk.exe
D:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Creative\ShareDLL\Mediadet.exe
D:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Documents and Settings\Alexander Brand\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
D:\Program Files\BT Broadband\Help\bin\mpbtn.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Alexander Brand\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] D:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] "D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BPYCFI] D:\WINDOWS\BPYCFI.exe
O4 - HKLM\..\Run: [webassist] D:\WINDOWS\webassist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "D:\Program Files\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mini] D:\Documents and Settings\Alexander Brand\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = D:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://D:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12672BCF-3405-4B1E-9BA1-08A90C2225FA}: NameServer = 193.113.212.38,194.72.6.57,194.73.73.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{22D2C490-11E0-4108-A514-E639F0595551}: NameServer = 194.74.65.68,194.74.65.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{12672BCF-3405-4B1E-9BA1-08A90C2225FA}: NameServer = 193.113.212.38,194.72.6.57,194.73.73.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{12672BCF-3405-4B1E-9BA1-08A90C2225FA}: NameServer = 193.113.212.38,194.72.6.57,194.73.73.94
0 Replies
 
timberlandko
 
  1  
Reply Sun 14 Mar, 2004 09:17 pm
Where do the damned things come from? Here are two answers:

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918}

O4 - HKLM\..\Run: [webassist] D:\WINDOWS\webassist.exe

Run HijackThis again and have it fix those two ... just those two. That oughtta help a bunch.
0 Replies
 
webhelper
 
  1  
Reply Mon 15 Mar, 2004 12:24 am
mxTarget.dll is a Twaintech.dll transponde variant
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - D:\WINDOWS\mxTarget.dll

mxTarget.dll is a Twaintech.dll transponde variant

Source:
http://www.twain-tech.com/uninstall.htm

Quote:

b) To completely remove the software: reboot and then Find and Delete the file mxtarget.dll



The popups are from their offeroptimizer.com that starts after installation of either the win32 Bi or twaintech.dll transponder variants. After ridding your system of Twaintech.dll and components, you will no longer have popups from offeroptimizer as it gets its transmissions from the twaintech.dll or the bi.dll which then targets you with ads.

Webhelper
0 Replies
 
timberlandko
 
  1  
Reply Mon 15 Mar, 2004 12:47 am
Yeah, there's a lot to hate about Twain-Tech. That one caught my eye right away.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Damn pop ups...and CW Shredder does not help
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 07/23/2025 at 02:03:44