Browser behaving strangely/crashing - ar.atwola.com

Discussion in 'adware, spyware & hijack cleaning' started by markpappas, May 9, 2004.

Thread Status:
Not open for further replies.
  1. markpappas

    markpappas Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    1
    Help please. Today my browsers (Mozilla Firefox 0.8, Netscape 7.1, Mozilla 1.8, and ie 6 sp1) all started behaving strange - instead of connecting to my homepage (www.cnn.com) - I noticed it was instead downloading data from ar.atwola.com, even though it says in my addressbar www.cnn.com. After a brief period, i get an error saying my browser has encountered an error and must close. (IE doesnt crash - unbelievable i know - but it too tries to download from the site ar.atwola.com) They have never done this before.

    I updated ran Adaware 6.0 and Spybot S&D, they found nothing. I updated ran my antivirus (Norton Internet Security 2004/Norton Antivirus 2004) - again, nothing. I've redownloaded hijackthis to ensure i have the most recent version and attached the log below.

    Any guidance you can give me would be most appraciated. thanks.

    -M

    Logfile of HijackThis v1.97.7
    Scan saved at 1:10:00 PM, on 5/9/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\Program Files\Aladdin Systems\Internet Cleanup\icserv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\hpoipm07.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Mark\Desktop\Utilitites\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\ecwq1lra.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\ecwq1lra.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\Program Files\Aladdin Systems\Internet Cleanup\ic3hlpr.dll
    O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\Program Files\Aladdin Systems\Internet Cleanup\PopFiltr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit"
    O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\onictask.exe
    O4 - Global Startup: HP OfficeJet Series 700 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: IC 3.0 (HKLM)
    O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.