Jump to content


Photo

IE problems


  • Please log in to reply
4 replies to this topic

#1 fickip

fickip

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 27 June 2004 - 09:30 PM

it keeps telling me to install this zSearch bar and wont let me close or open a new IE until i click yes or restart. Here is my HiJackThis log:



Logfile of HijackThis v1.97.7
Scan saved at 10:30:56 PM, on 6/27/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\FotoNation\EvLstnr.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common files\WinTools\WSup.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bensbargains.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O1 - Hosts: 12.129.205.209 auto.search.msn.com
O1 - Hosts: 12.129.205.209 ieautosearch
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\system32\ATPART~1.DLL
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINNT\system32\mskceo.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINNT\system32\mskhhe.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINNT\system32\msglji.gif
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINNT\system32\mseggo.gif
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINNT\system32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINNT\system32\msfaol.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINNT\system32\msnkmi.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Common Files\FotoNation\EvLstnr.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msgked.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [Utopia Angel] C:\Utopia\Angel\Angel.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7605.8273032407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51F24B8F-9044-4E8E-9230-488EF7AEE172}: NameServer = 151.202.0.84 151.203.0.84

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 28 June 2004 - 08:36 AM

Please get Ad-Aware from the link in my signature.

Install it, then run it.

Click the text marked "Check for updates now" in the lower-right corner. Click "Connect," then click "Yes." When that's done, click "Finish." Scan with it, then remove everything it finds (check all the boxes and hit Quarantine). Say Yes to its wanting to run on reboot, then reboot.

Let it remove what it wants to.

Scan with HJT again and post the new log into a reply to this thread.
Signature file is under revision. This will be back shortly.

#3 fickip

fickip

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 30 June 2004 - 11:34 PM

done:

Logfile of HijackThis v1.97.7
Scan saved at 12:34:46 AM, on 7/1/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bensbargains.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O1 - Hosts: 12.129.205.209 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msmc.exe
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7605.8273032407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51F24B8F-9044-4E8E-9230-488EF7AEE172}: NameServer = 151.202.0.84 151.203.0.84

#4 fickip

fickip

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 04 July 2004 - 08:31 PM

bump

#5 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 07 July 2004 - 08:44 AM

Congratulations, your log is clean.

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at link in my signature

And also see TonyKlein's good advice in
So how did I get infected in the first place?
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button