Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Hijack--HTTP 404 error "Coupon.com" Hijack--HTTP 404 error "Coupon.com"
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 11-01-2004, 08:32 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 8
OS: Win2000


Hijack--HTTP 404 error "Coupon.com"
Good afternoon, all. I'm hoping you can help with this annoying problem.

The Internet Explorer error: "HTTP 404 - File Not Found" is continually thrown up on my screen. Message says that "coupon.com" cannot be found. I assume this is a left-over from my deletion of SurfSideKick 2 last week. Obviously, I've not been 100% successful. I'm running Windows 2000 (Version 5). I would appreciate any guidance you can offer. Thank you.

The HijckThis log reads as follows:

Logfile of HijackThis v1.98.2
Scan saved at 11:20:15 AM, on 11/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\gearsec.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\SxgTkBar.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\PFU\ScanSnap\CardMinder V2.0\bcd_file\SbCRecE.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Quick View Plus\PROGRAM\QVP32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Corel\WordPerfect Office 2002\Programs\wpwin10.exe
C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\Connector.EXE
C:\Program Files\HIJACK THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://156.130.40.199/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://156.130.40.199/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [CardMinder] C:\Program Files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: CorelCENTRAL 10.lnk = C:\Program Files\Corel\WordPerfect Office 2002\Programs\CCWin10.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = USCMAIL.DCN
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35D75E8-0D11-4622-9BE9-32556DB38E6F}: Domain = uscmail.dcn
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = USCMAIL.DCN
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = USCMAIL.DCN
Mrshudson9 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 11-01-2004, 09:53 AM   #2 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 8
OS: Win2000


The title should have read "couponage.com" Sorry.
Correction to title only.
Mrshudson9 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 11-01-2004, 11:25 AM   #3 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Location: Independence, KY
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Send a message via AIM to CTSNKY Send a message via Yahoo to CTSNKY
Hi Mrs. H., not much to do here, should be quick and painless.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Download LSPFix and run it. Click on calsp.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts.

Reboot into Safe Mode (hit F8 key until menu shows up).

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\calsp.dll

Reboot into Safe Mode (hit F8 key until menu shows up). Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

c:\winnt\system32\calsp.dll

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 11-01-2004, 01:48 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 8
OS: Win2000


Success!
Good afternoon, CTSNKY. Thank you for your prompt reply to my plea for help. I've done what you instructed and the resulting HijackThis log is as follows:

Logfile of HijackThis v1.98.2
Scan saved at 4:34:44 PM, on 11/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\gearsec.exe
C:\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\SxgTkBar.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\PFU\ScanSnap\CardMinder V2.0\bcd_file\SbCRecE.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://156.130.40.199/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [CardMinder] C:\Program Files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: CorelCENTRAL 10.lnk = C:\Program Files\Corel\WordPerfect Office 2002\Programs\CCWin10.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = USCMAIL.DCN
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35D75E8-0D11-4622-9BE9-32556DB38E6F}: Domain = uscmail.dcn
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = USCMAIL.DCN
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = USCMAIL.DCN

This appears to have worked. I can't thank you enough. This "cyber neighborhood" of ours makes the delivery of freshly baked cookies quite impossible (and NOBODY wants unidentified "cookies" these days anyway)--so maybe I'll just make a donation. Bless you all!
Mrshudson9 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 11-01-2004, 02:46 PM   #5 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Location: Independence, KY
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Send a message via AIM to CTSNKY Send a message via Yahoo to CTSNKY
Log does appear clean, well done.

To help prevent future spyware installations/infections, please read the Anti-Spyware Section and use the tools provided.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:40 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81