• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
BellaC

How to Remove Intelligent Explorer Plugin

2 posts in this topic

BUMP THIS PLEASE.

 

I added the Hijack This Log to the posting as requested by Gwyrox732. Please review and provide me some suggestions at your earliest convenience. Thanks

----------------------------------------------

 

I have been trying for weeks to get rid of an IE plug in. It comes up after several hours of inactivity on my machine and takes control and apparently starts sending info. out to the world somewhere! It is called a "Synchronization Manager" with a URL http://active.ieplugin.com/active.cdf When it activates itself, nothing else on the machine will run. I can click on the little ICON it puts on the bottom of the machine and it will pop up a box that has an option to STOP it. After I do this, everything returns to normal until a few hours after I get off the machine. Next morning or later that day it will be BAAAAACCCKKKK!!! Not sure what all this thing is sending out or to who.

 

I have run AdAware, and Spybot and they did find and remove a lot of stuff but not this thing. I also ran Hijack This last night and then compared the results to the extensive postings of BHO's and the Startup List, etc. I linked to from this forum. I can post the Hijack This Log if anyone can help. I removed Red Swoosh which Hijack This found. However, I am a novice at this stuff so I'm afraid to delete much more.There are two listed in o4 Autoloading Programs I don't recognize and that are not in the database I checked. They are "simonw32.exe" and "ctres.exe" Also have some suspicious looking stuff under 016 but none of them refer to an IE Plugin with a name like Sync Manager.

 

I noted from one website that there is an Uninstall Program offered for IE Plugins at http://www.ieplugin.com/uninstall.html but I'm concerned about downloading and running an executable file from an unknown source that appears to be the original authors of my problem program. All suggestions appreciated!

 

Below is the Hijack This Log as requested by Gwyrox732. Don't know how to save as an attachment so this message is getting lengthy. Thanks.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:08:42 PM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\MMKeybd.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Netropa\Traymon.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.prod.entergy.com:80

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\MMJB\mm_tray.exe

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [KAZAA] C:\RECYCLER\S-1-5-21-720897496-2014835873-67682326-1006\Dc403\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [simonw32] C:\WINDOWS\System32\simonw32.exe

O4 - HKCU\..\Run: [ctres] C:\WINDOWS\ctres.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01112B00-3E00-11D2-8470-0060089874ED} (Support.com RemoteControl Class) - http://usercenter.cox.net/rsuite/sdccommon/download/tgrc.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab

O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8164.3443171296

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://offers.contentwatch.com/audit/inclu...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Edited by BellaC

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0