Comwiz.exe and Winnet.exe

Computing.Net > Forums > Security and Virus > Comwiz.exe and Winnet.exe

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Comwiz.exe and Winnet.exe

Name: Brent H.
Date: October 3, 2003 at 18:46:25 Pacific
OS: Windows XP Pro
CPU/Ram: 1.4ghz/256mb

Comment:

I have the following programs in my tasklist and it is impossible to remove them from my computer. I have tried everything! Ad-aware, Spybot - Search & Destroy, i've searched these forms and tried everything said, even the steps given at http://www.doxdesk.com/parasite/CommonName.html didn't work. So if anyone has any ideas on how to get rid of these two programs it would be well apreciated.

Sponsored Link

Ads by Google

Response Number 1

Name: smithdk
Date: October 3, 2003 at 19:42:53 Pacific

Reply:

Run hijackthis and post back the log here:
http://www.tomcoyote.org/hjt/

Response Number 2

Name: Brent H.
Date: October 3, 2003 at 20:23:03 Pacific

Reply:

Here is the logfile
Logfile of HijackThis v1.97.2
Scan saved at 9:24:04 PM, on 10/3/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\Program Files\Game_Maker51\Game_Maker.exe
D:\Program Files\Opera7\opera.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Brent\Local Settings\Temp\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "wabu.com"); (C:\Documents and Settings\Brent\Application Data\Mozilla\Profiles\default\931mxora.slt\prefs.js)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {04517930-5CD9-4451-A299-6E4285D3B48D} - C:\WINDOWS\System32\eqnrclass.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINDOWS\rem00001.dll
O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINDOWS\bs2.dll
O2 - BHO: (no name) - {8047ac92-9801-430e-b668-354163aa0720} - C:\DOCUME~1\Brent\APPLIC~1\grstcackgtr.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O3 - Toolbar: lrneaawglch - {7d8eb257-bee1-4e6b-a762-1b848e22a6fc} - C:\DOCUME~1\Brent\APPLIC~1\grstcackgtr.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Bsx3] RunDLL32.exe C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [BookedSpace] RunDLL32.exe C:\WINDOWS\bs2.dll,DllRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://webapps.prod.there.com/qualsurvey/ThereInstallHelper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37857.8625694444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4290/mcfscan.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab

Response Number 3

Name: smithdk
Date: October 3, 2003 at 20:48:55 Pacific

Reply:

Disable these lines:
O4 - HKLM\..\Run: [Bsx3] RunDLL32.exe C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [BookedSpace] RunDLL32.exe C:\WINDOWS\bs2.dll,DllRun
N3 - Netscape 7: user_pref("browser.startup.homepage", "wabu.com"); (C:\Documents and Settings\Brent\Application Data\Mozilla\Profiles\default\931mxora.slt\prefs.js)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
I would also run a online virus scan here:
http://housecall.trendmicro.com/

Response Number 4

Name: Tom41
Date: October 3, 2003 at 23:26:07 Pacific

Reply:

Also fix these entries with Hijack:
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {04517930-5CD9-4451-A299-6E4285D3B48D} - C:\WINDOWS\System32\eqnrclass.dll
O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINDOWS\rem00001.dll
O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINDOWS\bs2.dll
O2 - BHO: (no name) - {8047ac92-9801-430e-b668-354163aa0720} - C:\DOCUME~1\Brent\APPLIC~1\grstcackgtr.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O3 - Toolbar: lrneaawglch - {7d8eb257-bee1-4e6b-a762-1b848e22a6fc} - C:\DOCUME~1\Brent\APPLIC~1\grstcackgtr.dll
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab

Response Number 5

Name: Dave
Date: October 13, 2003 at 15:31:23 Pacific

Reply:

Check this out---------forget all above
start in safe mode then remove the folder. restart back into normal mode and its all gone
works a treat, i have just finished doing it tonight

deframmentare livejournal hotmail profiles vista registry location	the hun yellow pages ssdpsrv.exe thehun.net
See More

Response Number 6

Name: Jan159937
Date: October 14, 2003 at 02:39:33 Pacific

Reply:

being female and a bit of a numpty when it comes to these things technical I've followed your advice Dave. Comwiz & Winnet were in a folder in my programmes file called Common Names.....having deleted the above it's left me with the following files: babe.dat, cnbabe.dll, dfs.dat, fws.dat & rsw.dat - can I safely just delete these too?

Response Number 7

Name: StephPeff
Date: October 14, 2003 at 19:07:27 Pacific

Reply:

I am having the same problem, any information or help would be greatly appreciated! Here is my log file!
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.exe
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\WSCRIPT.exe
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.exe
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM32\SERVICE.exe
C:\PROGRAM FILES\POP\POPSRV205.exe
C:\PROGRAM FILES\N-CASE\MSBB.exe
C:\WINDOWS\WJVIEW.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\PROGRAM FILES\AIM95\AIM.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\HXIUL.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.exe
C:\PROGRAM FILES\POP\SYSMONO.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\PROGRAM FILES\EZULA\MMOD.exe
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.exe
C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOLTRAY.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\PRINTMONITOR.exe
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.exe
C:\WINDOWS\EMSW.exe
C:\PROGRAM FILES\LIMESHOP\LIMESHOP.exe
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 129.33.31.127
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {E4B2D26B-E07E-400D-88C0-708CD8AFD7BE} - C:\WINDOWS\SYSTEM\KMFC30.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4\NHELPER.DLL
O2 - BHO: (no name) - {25d7c52b-bef2-4248-b505-df66c9f9734c} - C:\WINDOWS\APPLICATION DATA\LFDOEASTH.DLL
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &My Way Speedbar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: (no name) - {5BBE3E30-C40C-4720-9970-3090C763D450} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: rpravokigle - {fc3b0d74-8547-4559-bacd-7a02c39c6bd9} - C:\WINDOWS\APPLICATION DATA\LFDOEASTH.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NAV Premend OEM Utility] D:\0107301.SYM\PREMEND.exe -silent
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.exe C:\WINDOWS\BS3.DLL,DllRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CharityBuy IE Plugin] C:\CHARITYBUY
O4 - HKLM\..\Run: [service.exe] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [POP] C:\PROGRAM FILES\POP\POPSRV205.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [524JE6F2WSER6Z] C:\WINDOWS\SYSTEM\EgndGcW1.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [AutoUpdater] c:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\default\HXIUL.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\default\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\default\HXIUL.exe
O4 - HKCU\..\RunServices: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\default\Client\HelpExp.exe
O4 - HKCU\..\RunServices: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.exe" /autocheck
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Startup: LiveJournal.lnk = C:\Program Files\LiveJournal\LiveJournal.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: LimeWire 3.5.8.lnk = C:\Program Files\LimeWire\3.5.8\LimeWire.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37647.2521180556
O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: DigiChat Applet - http://fanclubchat.musictoday.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcentral4.sel.sony.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/151c6865d31d756cbf23/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = rh.psu.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.118.253.3,130.203.1.4

Response Number 8

Name: smithdk
Date: October 14, 2003 at 19:17:36 Pacific

Reply:

Go here:
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
and check against what you have loading in O4.

Response Number 9

Name: Bluejooz
Date: October 15, 2003 at 05:24:40 Pacific

Reply:

I found an easier way but I'm not sure whether it was a fluke or not but I'll explain how I got rid of comwiz.exe

I went to my main drive, clicked 'Program Files' and then located a folder called 'CommonName'. Inside this folder there were two more folders, 'Address Bar' and 'Tool Bar'. You will see the exe programs there but you will also see an unistall utility. I simply clicked on them and they were unistalled.
Simple?
Blue.

Response Number 10

Name: brad
Date: November 16, 2003 at 19:57:14 Pacific

Reply:

looking for some help. i have attempted everthing listed here and still can't get rid of this. Anyone have any ideas? I even went to dos and tried to delete teh files...said it was being used by another file..and said access denied.
here are the files i can not get rid of..
c:\program files\commonname\addressbar
babe.dat
comwiz.exe
dfs.dat
exit.dat
fws.dat
rws.dat
winnet.exe

Response Number 11

Name: bethbh
Date: November 24, 2003 at 15:15:03 Pacific

Reply:

Hi all. I'm having a problem with this too. I can't even run MS Word anymore. It just hangs and then i have to reboot. Well I just ran hijack this. I really don't know how to interpret the log so any help on what to remove is much appreciated:
Logfile of HijackThis v1.97.7
Scan saved at 6:02:50 PM, on 11/24/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-huns-yellow-pages.com/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.the-huns-yellow-pages.com/sp.html
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.go.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ocj8cfwb.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ocj8cfwb.slt\prefs.js)
O1 - Hosts: 66.250.171.136 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18d6d1f1329579c4b217/netzip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37848.9563425926
O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx

Response Number 12

Name: Peter
Date: November 24, 2003 at 16:55:43 Pacific

Reply:

For removing those exes go to ADD/REMOVE software in configuration. Remove "commonname". You have to be online. You'll be connected to commonname. There you''ll be asked if you're sure.....If yes then you can download an uninstall-tool.

Response Number 13

Name: MICHAEL
Date: November 26, 2003 at 13:55:19 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 11:47:42 PM, on 11/26/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Changer XP\ChangerXP.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\ftp\INTERNET RELATED & PC SOFTWARE\ANTI TROJAN\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://find.microgirls.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.microgirls.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find.microgirls.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.56.129.54 thehun.com
O1 - Hosts: 69.56.129.54 www.thehun.com
O1 - Hosts: 69.56.129.54 thehun.net
O1 - Hosts: 69.56.129.54 www.thehun.net
O1 - Hosts: 69.56.129.54 www.yahoo.com
O1 - Hosts: 69.56.129.54 yahoo.com
O1 - Hosts: 69.56.129.54 www.google.com
O1 - Hosts: 69.56.129.54 google.com
O1 - Hosts: 69.56.129.54 www.altavista.com
O1 - Hosts: 69.56.129.54 altavista.com
O1 - Hosts: 69.56.129.54 search.microsoft.com
O1 - Hosts: 69.56.129.54 search.msn.com
O1 - Hosts: 69.56.129.54 www.msn.com
O1 - Hosts: 69.56.129.54 msn.com
O1 - Hosts: 69.56.129.54 www.search.com
O1 - Hosts: 69.56.129.54 search.com
O1 - Hosts: 69.56.129.54 www.teoma.com
O1 - Hosts: 69.56.129.54 teoma.com
O1 - Hosts: 69.56.129.54 www.alltheweb.com
O1 - Hosts: 69.56.129.54 alltheweb.com
O1 - Hosts: 69.56.129.54 www.wisenut.com
O1 - Hosts: 69.56.129.54 wisenut.com
O1 - Hosts: 69.56.129.54 www.dmoz.org
O1 - Hosts: 69.56.129.54 dmoz.org
O1 - Hosts: 69.56.129.54 www.excite.com
O1 - Hosts: 69.56.129.54 excite.com
O1 - Hosts: 69.56.129.54 www.lycos.com
O1 - Hosts: 69.56.129.54 lycos.com
O1 - Hosts: 69.56.129.54 www.hotbot.com
O1 - Hosts: 69.56.129.54 hotbot.com
O1 - Hosts: 69.56.129.54 www.casino.com
O1 - Hosts: 69.56.129.54 casino.com
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Changer XP.lnk = C:\Program Files\Changer XP\ChangerXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O11 - Options group: [CommonName] CommonName
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://download.online-dialer.com/MaConnect.cab
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37927.5719097222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF5D3AE-B186-47D6-873C-EA47D367565C}: NameServer = 192.116.202.222 192.116.192.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFB8B674-3D3A-4130-8D76-D7B680144BD0}: NameServer = 192.116.202.222,192.116.192.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{ABF5D3AE-B186-47D6-873C-EA47D367565C}: NameServer = 192.116.202.222 192.116.192.9

Response Number 14

Name: MICHAEL after runing
Date: November 26, 2003 at 14:13:35 Pacific

Reply:

Logfile of HijackThis v1.97.7
Scan saved at 12:12:09 AM, on 11/27/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Changer XP\ChangerXP.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
D:\ftp\INTERNET RELATED & PC SOFTWARE\ANTI TROJAN\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://find.microgirls.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.microgirls.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.microgirls.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find.microgirls.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://find.microgirls.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.56.129.54 www.yahoo.com
O1 - Hosts: 69.56.129.54 yahoo.com
O1 - Hosts: 69.56.129.54 www.google.com
O1 - Hosts: 69.56.129.54 google.com
O1 - Hosts: 69.56.129.54 www.altavista.com
O1 - Hosts: 69.56.129.54 altavista.com
O1 - Hosts: 69.56.129.54 search.microsoft.com
O1 - Hosts: 69.56.129.54 www.search.com
O1 - Hosts: 69.56.129.54 search.com
O1 - Hosts: 69.56.129.54 www.teoma.com
O1 - Hosts: 69.56.129.54 teoma.com
O1 - Hosts: 69.56.129.54 www.alltheweb.com
O1 - Hosts: 69.56.129.54 alltheweb.com
O1 - Hosts: 69.56.129.54 www.wisenut.com
O1 - Hosts: 69.56.129.54 wisenut.com
O1 - Hosts: 69.56.129.54 www.dmoz.org
O1 - Hosts: 69.56.129.54 dmoz.org
O1 - Hosts: 69.56.129.54 www.excite.com
O1 - Hosts: 69.56.129.54 excite.com
O1 - Hosts: 69.56.129.54 www.lycos.com
O1 - Hosts: 69.56.129.54 lycos.com
O1 - Hosts: 69.56.129.54 www.hotbot.com
O1 - Hosts: 69.56.129.54 hotbot.com
O1 - Hosts: 69.56.129.54 www.casino.com
O1 - Hosts: 69.56.129.54 casino.com
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Changer XP.lnk = C:\Program Files\Changer XP\ChangerXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ImTranslator (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37927.5719097222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF5D3AE-B186-47D6-873C-EA47D367565C}: NameServer = 192.116.202.222 192.116.192.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFB8B674-3D3A-4130-8D76-D7B680144BD0}: NameServer = 192.116.202.222,192.116.192.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{ABF5D3AE-B186-47D6-873C-EA47D367565C}: NameServer = 192.116.202.222 192.116.192.9

Response Number 15

Name: Steve Omand
Date: November 30, 2003 at 08:12:03 Pacific

Reply:

(Windows 98) I found that this winnet.exe could not be killed, nor could the startup entry be deleted from the registry. Each time you remove the startup entry it gets re-written; each time I killed winnet it would be restarted. If I tried to delete the winnet.exe file I got an access denied error.
There was no uninstall script in the folder.
What I ended up doing was I wrote a very simple .bat script with the delete commands in it and registered this script in the Run Once registry location: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
I then restarted - the run once entry caused the .bat script to execute, thus deleting winnet.exe before it could be started up from the entry in [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]. At this point I was able to remove the winnet.exe startup registry entry as well.
(Maybe I ought to upgrade from Win98 someday - I think I'll upgrade to Linux ...)
/Steve O.

Response Number 16

Name: Robert
Date: November 30, 2003 at 08:48:16 Pacific

Reply:

hi, i am having the same problems as above. Here is a copy of the file i created, can someone tell me what to remove? Thanks:
Logfile of HijackThis v1.97.7
Scan saved at 10:18:40 AM, on 11/30/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.exe
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.exe
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\TEMP\RAR$EX01.144\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.jethomepage.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.worldnet.att.net/ie4/search/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchdot.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchnow.ws/search/
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - C:\WINDOWS\BSX5.DLL
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Bsx3] RunDLL32.exe C:\WINDOWS\BS3.DLL,DllRun
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe
O4 - HKLM\..\Run: [bxsx5] RunDLL32.exe C:\WINDOWS\BSX5.DLL,DllRun
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Netnews (HKCU)
O12 - Plugin for .EXE: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/generic/wtwdinst.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.org/fvlite/fvliteY.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37669.9259375
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109121.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

Sponsored Link

Ads by Google

ActiveX popup box

Verizon is hiding noptify...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Comwiz.exe and Winnet.exe

Cool.exe and cool2.exe. FTP trojans

Summary

www.computing.net/answers/security/coolexe-and-cool2exe-ftp-trojans/9995.html

b.exe and a.exe? possibly c.exe?

Summary

www.computing.net/answers/security/bexe-and-aexe-possibly-cexe/26924.html

sav.exe and b.exe infection

Summary

www.computing.net/answers/security/savexe-and-bexe-infection/23380.html

From the Geek Dictionary
C2Q - short for Core 2 Quad

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
PowerDVD displays a blank screen (Blu ray)

Pc problem

Problems with Acer Aspire M7200

WPA2 too recent for laptop?

Networking issue

All Awaiting Reply

Tom's News
Queues in Manhattan Form as DROID Launches

Report: $99 iPhone 3GS in Time For the Holidays

Game Boy, Ball Gets Into Toy Hall of Fame

iPhone Developer Stealing Private Info

Nintendo: There is No Wii HD

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE