1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Martfinder.com - how do I get rid of it?

Discussion in 'Virus & Other Malware Removal' started by davet, Apr 26, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. davet

    davet Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    6
    About a week ago, I started to notice that my IE (6.0.2800.1106) homepage was being switched from Yahoo to Martfinder.com. When I changed it back, it stayed for one or two times and then switched back to Martfinder. Also, searches in Ebay and on-line job boards (Monster, Dice) are VERY slow. As I'm typing this message, there is a one to two second delay in the type appearing on the screen. I am running Windows 2000 as my OS.

    Can you help me?
     
  2. Infidel_Kastro

    Infidel_Kastro

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    Hi Davet.
    PLease go to http://www.sherrylynn.us/privacypolicy and click on the hjt.exe program. Save it to a permanent folder and then open it up. Click on "Scan" and only "scan", let it run. Once it is finished it will ask you to save,. Save it and it should save it as a notepad file. Copy and post the log from your notepad file here so we can look at it. Also, go to www.download.com and and download adaware 181. Download it and open it up. Once its opened, click on check for updates, let it update and then run it. Someone we'll be by later to show you how to tweak it. Ine adaware has run, click on the first box, then right click and click on ":check all boxes". Adaware will only remove bad stuff and cookies, so don't worry about anything. If adaware finds something, you generally don't want it, but please post your HJT log.
     
  3. davet

    davet Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    6
    Here is the log file:
    Logfile of HijackThis v1.97.7
    Scan saved at 2:58:17 PM, on 4/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DRIVERS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://martfinder.com/index.htm?aff=8490
    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.3 boards.cexx.org
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.22 lavasoft.de
    O1 - Hosts: 127.0.0.23 lavasoftusa.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.48 spywareinfo.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.76 www.lavasoft.de
    O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [win32.exe] C:\WINNT\win32.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O19 - User stylesheet: C:\WINNT\win32.bmp
     
  4. Infidel_Kastro

    Infidel_Kastro

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    I always find it insulting when the stupid program doesn't block our lovely little site. It blocks everyone elses, I guess it really doesn't think we're worth it.
    Anyway, lets have some fun with this little bugger.
    I bekieve this is a Cool Web Attack. Therefore, lets go here http://www.sherrylynn.us/privacypolicy and click on CWS.exe. Save it to a permanent file and close all your browsers. Open up CWS and click on update to make sure we have the latest version. Once you update, click on fix. It will prompt you a couple of times, click "ok" until it finishes. After that run adaware, which you should have already installed from my previous thread.
    After you do that, post a new HJT log here.
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Use the programs here to remove the other 40 odd hosts redirects that HijackThis doesnt show.
    It has turned out that none of the automatic removal tools, like adaware or spybot or by manually fixing the O1 hosts file entries with Hijackthis actually removes all the bad hosts file entries that this toolbar drops.

    You need to download & install hosts file reader from http://members.shaw.ca/techcd/VB_Pr...sFileReader.zip

    And then click on search for hosts....
    when any hosts file is found, it will be listed in the bottom window....click on it and press the reset default button.
    That will replace any bad entries with the standard windows entries.

    NOTE: If you use a customized hosts file to block certain sites then this will overwrite all those entries as well and you will need to re enter them .

    Alternatively you can manually edit the hosts file yourself and remove the bad dropped entries from the toolbar.

    The hosts file reader allows you to do that as well.

    You can get it from here:
    http://members.aol.com/toadbee/hoster.zip

    Download and unzip it........run it and tick the boxes beside the entries you wish to remove and press remove checked.

    Please though still use the hosts file reader first to check for additional versions of the hosts file that several similar parasites drop.

    ;)
     
  6. Infidel_Kastro

    Infidel_Kastro

    Joined:
    Nov 21, 2003
    Messages:
    5,402
  7. davet

    davet Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    6
    Adaware is 162 Professional - I ran the update, did a scan, found 3 new entries, saved the file, and ran the following HijackThis:

    Logfile of HijackThis v1.97.7
    Scan saved at 4:48:47 PM, on 4/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DRIVERS\HijackThis.exe

    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.3 boards.cexx.org
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.22 lavasoft.de
    O1 - Hosts: 127.0.0.23 lavasoftusa.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.76 www.lavasoft.de
    O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [win32.exe] C:\WINNT\win32.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O19 - User stylesheet: C:\WINNT\win32.bmp
     
  8. Infidel_Kastro

    Infidel_Kastro

    Joined:
    Nov 21, 2003
    Messages:
    5,402
    Have you run cws.exe?
    probably not because I haven't told you. Go to ww.sherrylynn.us.privacypolicy and click on cws.exe. Save it and close all browsers and programs. Open up cws and click on "update". After click on "fix" and when it prompts click "ok". After it runs post a new hjt log.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and check:

    O1 - Hosts: ALL OF THEM
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
    O19 - User stylesheet: C:\WINNT\win32.bmp

    Close all applications and browser windows before you click "fix checked".
     
  10. davet

    davet Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    6
    When I tried to update CWS - it said
    Fetching CWShredder update information...
    Unable to retrieve CWShredder update information

    I ran CWS.exe. Below is the message I received:

    Done!
    Your system was completely clean.

    Windows 2000 (5.00.2195 SP4)
    CWShredder v1.49.1
    Written by Merijn - [email protected]

    BUT - I STILL HAVE THE SAME PROBLEMS - MARTFINDER.COM AS MY HOME PAGE AND SCROLLING VERY, VERY SLOW. - WHAT'S NEXT????
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Post another log and we will take it from there.
    ;)
     
  12. davet

    davet Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    6
    I tried Cybertech's solution of deleting the following and it seems to work - I reset my home page to Yahoo and it stayed through seven log on tries - also the scrolling is fast again. I've run the log for your review - anything else I should do?

    O1 - Hosts: ALL OF THEM
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\winnt\win.exe
    O19 - User stylesheet: C:\WINNT\win32.bmp




    Logfile of HijackThis v1.97.7
    Scan saved at 12:06:11 PM, on 4/27/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DRIVERS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [win32.exe] C:\WINNT\win32.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  13. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Fix this entry with HijackThis:
    O4 - HKLM\..\Run: [win32.exe] C:\WINNT\win32.exe

    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Locate and delete:
    C:\WINNT\win32.exe

    Should be good to go after that.

    ;)
     
  14. davet

    davet Thread Starter

    Joined:
    Apr 26, 2004
    Messages:
    6
    Infidel_Kast, Cybertech, & $teve - Thanks very much for the help. Right now, IE defaults to Yahoo.com and there is no delay in scrolling or typing. I will let you know if it stays OK or reverts back to Martfinder.com.

    Thanks again for the help,
    Dave
     
  15. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Your welcome Dave......(y)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224034

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice