[svetipetar]

My spy sweeper keeps detecting cool www - adware.
I do not notice any problems, acept maybe, I can't acces Merjin.org directly.
Here is the HJT log, see if you can see anything and help me learn more about this pest. I did not found anything about it at the Merjins site.

Logfile of HijackThis v1.97.7
Scan saved at 12:35:37 PM, on 4/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\SvcTools\VNC\WinVncEv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\svctools\softmgmt\rstate.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\System\CCAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\QuickTime\qttask.exe
C:\svctools\softmgmt\rstate.exe
C:\Windows\System32\ctfmon.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Reflection\r2win.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carclient.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carclient.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CCAgent] C:\Program Files\System\CCAgent.exe
O4 - HKLM\..\Run: [EVUtil] C:\SvcTools\Asset\EVUtil.exe
O4 - HKLM\..\Run: [EverdreamVNC] "C:\SvcTools\VNC\WinVncEv.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mobile Automation Agent] c:\svctools\softmgmt\rstate.exe /LOGON
O4 - HKCU\..\Run: [CCAgent] C:\Program Files\System\CCAgent.exe
O4 - HKCU\..\Run: [EVUtil] C:\SvcTools\Asset\EVUtil.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [CCAgent] C:\Program Files\System\EDRun.exe
O4 - HKLM\..\RunOnce: [EVUtil] C:\SvcTools\Asset\EDRun.exe
O4 - HKCU\..\RunOnce: [CCAgent] C:\Program Files\System\EDRun.exe
O4 - HKCU\..\RunOnce: [EVUtil] C:\SvcTools\Asset\EDRun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nolrpjtx.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://desklog.carclient.net/Mead/smsx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37930.4316550926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[putasolution]

Download and run CWShredder

Fix it all it finds

Download Spybot and Adaware

Update and run them

Repost a fresh Hijack this log when done

 

[svetipetar]

I tryed all of the above. Non reporting anything.

 

[svetipetar]

I think I solved this problem. How do I close this thread?

 

[Fidelista]

How did u solve??

 

[svetipetar]

First I do not think that the ad-ware is always present but that I get infected every time I wisit certain sites. What I did now is ran "spysweeper" and deleted the file. It was not back after reboot.
However, I still can not acces www.merjin.org, but get redirected to this site:http://newnet.qsrch.com/dpark?s=merjin.org&prt=nn01. You can check it out, it smells like the CWS.