• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
alagas54

'jacked by CoolWebSearch

4 posts in this topic

O.K. --- I give in. I've been 'jacked by CoolWebSearch and I can't get rid of it. For a couple of days I've been getting educated (the hard way) about viruses and trojans. Afetr finding you guys I've tried to follow directions you've suggested --- Spybot, Ad-Aware,CWShredder (after application of a dollop of Smartkiller), AVG --- I'm still getting 'jacked by CoolWebSearch. I have faith in you --- I'm just afraid I'm the victim of a new strain.

So, I'm going the next level --- here's my HijackThis log:

 

Logfile of HijackThis v1.98.0

Scan saved at 2:38:34 PM, on 6/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Washer\washer.exe

C:\Documents and Settings\crice\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\spfxi.dll/sp.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://spfxi.dll/index.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\spfxi.dll/sp.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\spfxi.dll/sp.html#27063

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://spfxi.dll/index.html#27063

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {A3C4602E-2D9C-7869-388B-D9E372D7661E} - C:\WINDOWS\system32\d3ae32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [sdkgu.exe] C:\WINDOWS\system32\sdkgu.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Washer] c:\\Program Files\Washer\washer.exe /0

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1B8C4AA-4910-4A04-B79C-3F3F0779E73E}: NameServer = 24.116.0.81,24.116.0.201

 

Help! Logfile of HijackThis v1.98.0

Scan saved at 2:38:34 PM, on 6/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Washer\washer.exe

C:\Documents and Settings\crice\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\spfxi.dll/sp.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://spfxi.dll/index.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\spfxi.dll/sp.html#27063

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\spfxi.dll/sp.html#27063

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://spfxi.dll/index.html#27063

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {A3C4602E-2D9C-7869-388B-D9E372D7661E} - C:\WINDOWS\system32\d3ae32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [sdkgu.exe] C:\WINDOWS\system32\sdkgu.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Washer] c:\\Program Files\Washer\washer.exe /0

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1B8C4AA-4910-4A04-B79C-3F3F0779E73E}: NameServer = 24.116.0.81,24.116.0.201

 

Thanks.

Share this post


Link to post
Share on other sites

Visit this page http://www.ducky.atribune.org . Download About:Buster and save it to your desktop. Then startup Hijack this. Tick the boxes next to these items.

 

O2 - BHO: (no name) - {A3C4602E-2D9C-7869-388B-D9E372D7661E} - C:\WINDOWS\system32\d3ae32.dll

O4 - HKLM\..\Run: [sdkgu.exe] C:\WINDOWS\system32\sdkgu.exe

 

Then close all windows and hit fix checked. Start About:Buster. On the first prompt hit ok, then start, then ok again. It will run a while. Once it is done there will be a log in the white box. Save that log somewhere. Restart your computer. Post a new Hijack this log and the buster log.

 

If the fix does not work. Reboot into safe mode by tapping F8

Several times when the computer is first booting. Then running About:Buster.

Share this post


Link to post
Share on other sites

RD: here are my logs after running Buster:

 

Logfile of HijackThis v1.98.0

Scan saved at 10:21:43 AM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Washer\washer.exe

C:\PROGRAM FILES\AMICUS50\aa50.exe

C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\crice\Desktop\HijackThis.exe

 

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Washer] c:\\Program Files\Washer\washer.exe /0

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1B8C4AA-4910-4A04-B79C-3F3F0779E73E}: NameServer = 24.116.0.81,24.116.0.201

 

 

About:Buster Version 1.23

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Pages Reset... Done!

 

I ran these after rebooting. What next?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0