Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    Mar 2006
    Posts
    1
    Points
    0

    Default Web Nexus Removal please help

    Hello
    I'm trying to stop pop ups on my browser, and I've gone through the steps in the Spyware remova guide, ran the programs and cleaned everything yet I still get pop ups, even with Google toolbar popup blocker. At the bottom the pop ups say Web Nexus Network, click here for information and removal, but I have yet to click on their link.
    Hijack Detective found some suspicious items so I will post my log
    Thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 5:01:36 PM, on 3/15/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINNT\system32\SxgTkBar.exe
    C:\Program Files\Caere\OmniPagePro90\opware32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://business.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://business.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://business.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O1 - Hosts: 198.181.235.80 asphrsixtd
    O1 - Hosts: 198.181.235.81 asphrsitxt
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\WINNT\Downloaded Program Files\ycomp5_1_3_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [svclm] C:\WINNT\system32\disktasklog.exe
    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
    O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache

    Cleaner\dsCacheCleaner.exe -action delete
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ppcowi.exe reg_run
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [svclm] C:\WINNT\system32\disktasklog.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft

    Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program

    files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program

    files\google\GoogleToolbar1.dll/cmtrans.html
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application

    manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application

    manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application

    manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application

    manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application

    manager\gapsp.dll
    O16 - DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} (IDXssl Class) -

    http://asphrsixtd/IDXML/idxssl.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} -

    http://adserver.sharewareonline.com/...er/Install.cab
    O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) -

    http://10.68.19.14/ami/install/amiconference.cab
    O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) -

    https://my.mercycares.com/dana-cache...terisSetup.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -

    http://housecall65.trendmicro.com/ho...activex/hcImpl.

    cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

    http://198.181.235.80/IDXML/msxml4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} (TerminalID Class) -

    http://asphrsixtd/idxweb/IDXWF/Context/IDXTools.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

    Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} (IDX TermWin Control) -

    http://asphrsixtd/IDXICW/IDXM/icw.CAB
    O16 - DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} (IDXcsvr Control Class) -

    http://asphrsixtd/IDXICW/IDXM/idxcsvr.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) -

    http://bhsiis/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -

    https://clinapps.bio.ri.ccf.org/jinitiator/jinit.exe
    O16 - DPF: {EE7747CC-FFC7-4845-9178-DEF33578F752} (IDXTimeOut Class) -

    http://198.181.235.80/IDXWF/Context/IDXTools.cab
    O16 - DPF: {EECF9899-FC3A-4841-986F-30B874921B36} (BrowserObj Class) -

    http://asphrsixtd/idxweb/IDXWF/Context/IDXBrowser.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -

    http://us.dl1.yimg.com/download.yaho...bio5_1_3_0.cab
    O16 - DPF: {F9FC6CCD-DCDE-4F9B-96C9-1D4DBD33D798} (AMI ViewApp Control 6.0 (SPA10)) -

    http://10.68.19.14/ami/install/amiviewer.cab
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation -

    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program

    Files\Dell\OpenManage\Client\ActionAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -

    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
    O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program

    Files\Dell\OpenManage\Client\EventAgt.exe
    O23 - Service: DLT - Dell Computer Corporation - C:\Program

    Files\Dell\OpenManage\Client\DLT.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software

    Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program

    Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

    AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

    AntiVirus\Rtvscan.exe
    O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

  2. #2
    Member Bear's Avatar
    Join Date
    Oct 2004
    Posts
    1,839
    Points
    372
    Comptia A+ and Network + Certified. Microsoft MCP in Windows 2000 Pro. Server, Advanced Server and Data Center Sever.