Browser Redirects and twext.exe...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BriMan777

Thread Starter
Joined
Sep 24, 2008
Messages
2
Thus Far...
Used Spybot to clean the System. it removed a Variety of items. Used Adaware Free to clean it. Used HJT which was "spontaneously" closing when asked to clean out the "twext.exe" registry entry. Renamed HJT App to Hijack and it ran smoothly. Adaware is now saying that there are just 'tracking cookies' to be eliminated. HOWEVER, the system is still having Browser Problems. I cannot browse to an IP "based" Webserver that is on the Same subnet(but I can get to it from other Computers on the same subnet.) Looked at the Hosts file and it looks normal. There are also other websites that are regular DNS names that I cannot go to. Occasionaly I see the Browser(FF and IE) get redirected to sites that look similar to the Redirects that were hapening when "twext.exe" was running. Here is the HJT Logfile after it "cleaned up" twext.exe from the Registry...
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:36 AM, on 9/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\AMT\atchksrv.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\WINDOWS\system32\ifxspmgt.exeC:\WINDOWS\system32\ifxtcs.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Hewlett-Packard\IAM\bin\asghost.exeC:\Program Files\Intel\AMT\LMS.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\PDF Complete\pdfsvc.exeC:\WINDOWS\system32\IfxPsdSv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\AMT\UNS.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\SMINST\Scheduler.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXEC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Intel\AMT\atchk.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Now Software\Now Contact\QuickCTW.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exeC:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Trend Micro\HijackThis\Hijack.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.1.0.2/admin/pw.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktopR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exeO4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exeO4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exeO4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /StartO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exeO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogonO4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModuleO4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exeO4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exeO8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO14 - IERESET.INF: START_PAGE_URL=http://www.hp.comO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218464138620O17 - HKLM\System\CS2\Services\Tcpip\..\{7EF08150-C3A1-46CD-BAC5-FE12F8AB6931}: NameServer = 10.1.0.1,151.201.0.68O20 - AppInit_DLLs: APSHook.dllO20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exeO23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeO23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exeO23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exeO23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exeO23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exeO23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exeO23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe--End of file - 8358 bytesThanks for Any Help you can give me on this...:(BriMan
 

BriMan777

Thread Starter
Joined
Sep 24, 2008
Messages
2
Hello,
Thanks to all those that Read my post.
I decided that I could not wait any longer for advice and Downloaded and Ran ComboFix. What a Great Utility/Repair Prog! Ran it 2x and and then repaired the Internet Connection as directed and all is well on that Computer now. I hope Everyone is as pleased as I am to have software like ComboFix in my Spyware/Malware-fix/repair arsenal...Thanks Techguy.org for hosting the Forums and for the helpful links to all the software...BriMan777:D
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top