• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hammondcw99

Internet explorer start page set to "about blank"

9 posts in this topic

I have a browser hijacker and have tried everthing I can think of to fix it including cwshredder, spybot, and adaware. It keeps showing up and saying it is fixed but always comes back. When I first tried to fix it, my internet connection was disabled. Here is my log from HiJackthis. Can anyone help????

 

ogfile of HijackThis v1.98.0

Scan saved at 8:06:42 PM, on 6/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4597ED16-DA24-4131-BE8C-BC32B941E5E3} - C:\WINDOWS\System32\nif.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: SmartUI.lnk = ?

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {D10B5C22-DC60-430D-B548-489CB49A2367} (FreeScan Class) - http://alternatedownload.zeroads.com/zeros.../zsfreescan.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

O18 - Filter: text/html - {27488728-0AB4-4F42-8056-CD6A46CFB205} - C:\WINDOWS\System32\nif.dll

O18 - Filter: text/plain - {27488728-0AB4-4F42-8056-CD6A46CFB205} - C:\WINDOWS\System32\nif.dll

Share this post


Link to post
Share on other sites

Download Registrar Lite:

http://www.resplendence.com/reglite

 

 

Setting up:

Install Registrar Lite.

 

 

 

Start:

Copy and paste this line to reglite's address bar. Then press 'Go':

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

And hit the "go" tab .

Find: "Appinit_Dlls" value on the right side

panel, DoubleClick, copy and post here

the following fields:

-Size:

-Value:

 

Post the above results and a new HiJackThis log in this thread.

Share this post


Link to post
Share on other sites

Thanks for the reply.

 

The size is : 31

 

The value is: C:\WINDOWS\System32\comncp.dll

 

Here is my new HijackThis report, i tried to make some changes yesterday based on some other peoples replies to this topic but it was no help.

 

Logfile of HijackThis v1.98.0

Scan saved at 9:12:18 AM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\msdtc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {A37261DC-4C25-44F7-9653-3AEA72490BF5} - C:\WINDOWS\System32\nif.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: SmartUI.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C88488-54A8-4E87-86E1-4BFAF23486FC}: NameServer = 205.152.37.23 205.152.144.23

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

O18 - Filter: text/html - {2D8A20C0-5179-47D9-A298-D0A212F97006} - C:\WINDOWS\System32\nif.dll

O18 - Filter: text/plain - {2D8A20C0-5179-47D9-A298-D0A212F97006} - C:\WINDOWS\System32\nif.dll

Share this post


Link to post
Share on other sites

First download Winfile. http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm (Second one)

Unzip this file to its own folder.

 

Now we are going to get rid of the hidden DLL that is causing all the problems.

In Registar Lite:

=====================================

First we need to make it visible:

Copy and paste this line to reglite's address bar. Then press 'Go':

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

Rename the Folder Windows to NotWindows

(the folder is highlighted as a purple folder in the left hand pane of reglite)

 

Click "AppInit_DLLs" again and clear the data value:

C:\WINDOWS\System32\comncp.dll < -- delete this line ,

'Apply' and 'ok' to set.

 

Rename the NotWindows folder back to its original name Windows

========================================

Restart your computer.

 

After restart, try to locate the comncp.dll in System32 folder but Don't attempt to delete it yet.

 

Go to your root drive: C:\ And create new folder.

Name it: "junk"

===============================

 

Run the 'Winfile' you previously downloaded and unzipped.

Expand and navigate to System32 folder.

You need to navigate by Double clicking to expand.

 

When in System32 click top menu: File --> Select files

Copy and paste to the box: comncp.dll hit select-

Find and highlite that file.

Next in top menu>Security>permissions, tell us what is listed there for that file.

Also check the 'owner' tab

 

Lastly, try this: Menu -File --> move...

In From: Copy/paste:

C:\WINDOWS\System32\comncp.dll

 

In To: Copy and paste:

C:\junk\comncp.dll

 

Then hit ok.

 

Close Winfile and check in C:\junk for that file.

 

No further action is needed yet...

Post the results back when done,

Edited by Archon_Wing

Share this post


Link to post
Share on other sites

Archon_Wing,

 

I think i have completed everything you ask. I certainly hope this works :mellow:

 

In the security>permissions it was listed as special access

 

The owner tab had owner listed

 

I moved the file comncp.dll to the junk folder.

 

Was I suppose to post another log?

 

Thanks

Share this post


Link to post
Share on other sites

Just a bit more

Go ahead and use the security tab on the file (in Winfile) and take ownership.

Change the permissions to 'you --> with Admin rights-> FULL control

Then try to delete it, if that fails try to rename it first to different name+ext.

You can do it all in Winfile.

Ex:

comncp.dll >bleh.txt

bleh.txt > badfile.111

Few times... Etc.

Or you can try deleting the entire junk folder.

 

 

After that,

Run Cwshredder and adaware again with the latest updates.

Then,

Restart and Post a new HiJackThis log in this thread.

Share this post


Link to post
Share on other sites
:D:D:D:D Thanks for your help. After the last thing you had me do I also got an update from McAfee that found a trojan. Then I ran Adaware and Spybot, which found the same items that kept popping back up but now they never come back. Should I delete the junk folder?

Share this post


Link to post
Share on other sites

Ok,

 

now I think I did what your last post had said and special permissions was already replaced with full but I went under security>permissions and hit OK it took ownership of everything. Then I went under security>owner and hit take ownership. I tried to delete the junk folder in C and it said access denied.

 

Here is my log:

 

Logfile of HijackThis v1.98.0

Scan saved at 8:13:52 PM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\BRMFRSMG.EXE

C:\WINDOWS\System32\wuauclt.exe

c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hijackthis\HijackThis.exe

 

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup

O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - Global Startup: SmartUI.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C88488-54A8-4E87-86E1-4BFAF23486FC}: NameServer = 205.152.37.23 205.152.144.23

 

 

I notice in Spybot a DSO exploit - 5 entries is still popping up but Adaware is no longer picking up the cool web stuff.

 

This was before I ran the cwshredder - it would not update, said the server may be busy. I will post another later.

Share this post


Link to post
Share on other sites

Make sure that the ownership is "you" as in your user name on the computer. That name should show up on the top of your start menu. Also keep renaming the file.

 

You may also try safe mode to delete the file. Restart the computer and keep tapping f8 when you see the windows screen.

 

Get cwshredder here:

http://www.majorgeeks.com/download4086.html

 

The DSO exploit detection is just a bug in Spybot. Just ignore it.

 

Also, check this out:

http://www.spywareinfoforum.com/index.php?showtopic=12609

Edited by Archon_Wing

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0