• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hedgehog26

Spyware problem

4 posts in this topic

I am having a problem with Internet Explorer v. 7. At first, I cannot go to any secured sites (HTTPS & FTP). Then, when I try accessing Internet Options under "Tools" it won't open. Attached is my Hijackthis and AVG Anti-spyware logs.

 

Thanks.

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 6:05:45 PM 6/2/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP348\A0030929.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP348\A0030930.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP348\A0030931.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).

HKU\S-1-5-21-3950369803-3220990495-722126292-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Adware.Generic : Cleaned with backup (quarantined).

C:\MAGIX\Media_Manager_2004\CDR_MediaManager\QMP2DC.DLL -> Dropper.Mkar.e : Cleaned with backup (quarantined).

C:\MAGIX\mp3_maker_10_deLuxe\CDR_MediaManager\QMP2DC.DLL -> Dropper.Mkar.e : Cleaned with backup (quarantined).

C:\MAGIX\mp3_maker_10_deLuxe\QMP2DC.DLL -> Dropper.Mkar.e : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP351\A0031780.dll -> Logger.Goldun.ms : Cleaned with backup (quarantined).

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[1].txt -> TrackingCookie.Com : Cleaned.

:mozilla.61:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tw7k43v1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.62:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tw7k43v1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.

:mozilla.27:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tw7k43v1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.28:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tw7k43v1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.59:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tw7k43v1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.11:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\tw7k43v1.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

 

 

::Report end

 

HIJACKTHIS Log:

 

Logfile of HijackThis v1.99.1

Scan saved at 6:22:11 PM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Norton Internet Security\ISSVC.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.samsoncellular.com/phones

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CleanupHelper Class - {6DFD889B-7F81-44C4-BC1F-06A857C01C41} - C:\Program Files\ArmorIE\SX.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [startup Manager] "startUp manager.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: ArmorIE - {0565CF3E-6070-4272-8EEF-51E5083BE3D9} - C:\Program Files\ArmorIE\SX.dll (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831} (WSSystemInfo Class) - https://gopublic.wspan.com/secure/DLLs/WSSy...Information.cab

O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.smart-clip.com/activex/SmartClip.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180824525437

O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888} (WSFileIO Class 3) - https://gopublic.wspan.com/Secure/Dlls/WSFileIO3.cab

O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v14.217/qboax8.cab

O16 - DPF: {9145A52A-9B22-4858-AEE7-74D6C7D3F366} (BrowserConfig Class) - https://gopublic.wspan.com/Secure/DLLs/WSBrowserConfig.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Entitlement Service v2 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QBPOS Database Extended Manager (QBPOSDBExtServices) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Print these instructions for your reference.

 

Launch Notepad, and copy and paste the Bolded text below into a new text file.

 

Save it as file name: fixme.reg. Save as file type: All files (*.*) and save it on your Desktop.

 

Just save the file do not run it yet. I will tell you when later.

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

@="http://"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"ftp"="ftp://"

"gopher"="gopher://"

"home"="http://"

"mosaic"="http://"

"www"="http://"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]

@=""

"http"=dword:00000003

"https"=dword:00000003

"ftp"=dword:00000003

"file"=dword:00000003

"@ivt"=dword:00000001

"shell"=dword:00000000

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]

@=""

"http"=dword:00000003

"https"=dword:00000003

"ftp"=dword:00000003

"file"=dword:00000003

"@ivt"=dword:00000001

"shell"=dword:00000000

 

Close all Browsers and Windows.

 

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

 

Submit a fresh HijackThis log and let me know what problem remains.

 

 

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0