Jump to content


Photo

Internet explorer start page set to "about blank"


  • Please log in to reply
8 replies to this topic

#1 hammondcw99

hammondcw99

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 30 June 2004 - 07:29 PM

I have a browser hijacker and have tried everthing I can think of to fix it including cwshredder, spybot, and adaware. It keeps showing up and saying it is fixed but always comes back. When I first tried to fix it, my internet connection was disabled. Here is my log from HiJackthis. Can anyone help????

ogfile of HijackThis v1.98.0
Scan saved at 8:06:42 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4597ED16-DA24-4131-BE8C-BC32B941E5E3} - C:\WINDOWS\System32\nif.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fasta...oad/tgctlcm.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {D10B5C22-DC60-430D-B548-489CB49A2367} (FreeScan Class) - http://alternatedown.../zsfreescan.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
O18 - Filter: text/html - {27488728-0AB4-4F42-8056-CD6A46CFB205} - C:\WINDOWS\System32\nif.dll
O18 - Filter: text/plain - {27488728-0AB4-4F42-8056-CD6A46CFB205} - C:\WINDOWS\System32\nif.dll

#2 Archon_Wing

Archon_Wing

    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 30 June 2004 - 07:55 PM

Download Registrar Lite:
http://www.resplendence.com/reglite


Setting up:
Install Registrar Lite.



Start:
Copy and paste this line to reglite's address bar. Then press 'Go':
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

And hit the "go" tab .
Find: "Appinit_Dlls" value on the right side
panel, DoubleClick, copy and post here
the following fields:
-Size:
-Value:

Post the above results and a new HiJackThis log in this thread.
Rights are never important until you don't have them.

#3 hammondcw99

hammondcw99

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 08:13 AM

Thanks for the reply.

The size is : 31

The value is: C:\WINDOWS\System32\comncp.dll

Here is my new HijackThis report, i tried to make some changes yesterday based on some other peoples replies to this topic but it was no help.

Logfile of HijackThis v1.98.0
Scan saved at 9:12:18 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A37261DC-4C25-44F7-9653-3AEA72490BF5} - C:\WINDOWS\System32\nif.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C88488-54A8-4E87-86E1-4BFAF23486FC}: NameServer = 205.152.37.23 205.152.144.23
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
O18 - Filter: text/html - {2D8A20C0-5179-47D9-A298-D0A212F97006} - C:\WINDOWS\System32\nif.dll
O18 - Filter: text/plain - {2D8A20C0-5179-47D9-A298-D0A212F97006} - C:\WINDOWS\System32\nif.dll

#4 Archon_Wing

Archon_Wing

    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 01 July 2004 - 04:19 PM

First download Winfile. http://www10.brinkst...last/pvtool.htm (Second one)
Unzip this file to its own folder.

Now we are going to get rid of the hidden DLL that is causing all the problems.
In Registar Lite:
=====================================
First we need to make it visible:
Copy and paste this line to reglite's address bar. Then press 'Go':

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Rename the Folder Windows to NotWindows
(the folder is highlighted as a purple folder in the left hand pane of reglite)

Click "AppInit_DLLs" again and clear the data value:
C:\WINDOWS\System32\comncp.dll < -- delete this line ,
'Apply' and 'ok' to set.

Rename the NotWindows folder back to its original name Windows
========================================
Restart your computer.

After restart, try to locate the comncp.dll in System32 folder but Don't attempt to delete it yet.

Go to your root drive: C:\ And create new folder.
Name it: "junk"
===============================

Run the 'Winfile' you previously downloaded and unzipped.
Expand and navigate to System32 folder.
You need to navigate by Double clicking to expand.

When in System32 click top menu: File --> Select files
Copy and paste to the box: comncp.dll hit select-
Find and highlite that file.
Next in top menu>Security>permissions, tell us what is listed there for that file.
Also check the 'owner' tab

Lastly, try this: Menu -File --> move...
In From: Copy/paste:
C:\WINDOWS\System32\comncp.dll

In To: Copy and paste:
C:\junk\comncp.dll

Then hit ok.

Close Winfile and check in C:\junk for that file.

No further action is needed yet...
Post the results back when done,

Edited by Archon_Wing, 01 July 2004 - 04:20 PM.

Rights are never important until you don't have them.

#5 hammondcw99

hammondcw99

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 05:08 PM

Archon_Wing,

I think i have completed everything you ask. I certainly hope this works :mellow:

In the security>permissions it was listed as special access

The owner tab had owner listed

I moved the file comncp.dll to the junk folder.

Was I suppose to post another log?

Thanks

#6 Archon_Wing

Archon_Wing

    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 01 July 2004 - 06:58 PM

Just a bit more
Go ahead and use the security tab on the file (in Winfile) and take ownership.
Change the permissions to 'you --> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename it first to different name+ext.
You can do it all in Winfile.
Ex:
comncp.dll >bleh.txt
bleh.txt > badfile.111
Few times... Etc.
Or you can try deleting the entire junk folder.


After that,
Run Cwshredder and adaware again with the latest updates.
Then,
Restart and Post a new HiJackThis log in this thread.
Rights are never important until you don't have them.

#7 hammondcw99

hammondcw99

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 06:54 PM

:D :D :D :D Thanks for your help. After the last thing you had me do I also got an update from McAfee that found a trojan. Then I ran Adaware and Spybot, which found the same items that kept popping back up but now they never come back. Should I delete the junk folder?

#8 hammondcw99

hammondcw99

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 07:16 PM

Ok,

now I think I did what your last post had said and special permissions was already replaced with full but I went under security>permissions and hit OK it took ownership of everything. Then I went under security>owner and hit take ownership. I tried to delete the junk folder in C and it said access denied.

Here is my log:

Logfile of HijackThis v1.98.0
Scan saved at 8:13:52 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C88488-54A8-4E87-86E1-4BFAF23486FC}: NameServer = 205.152.37.23 205.152.144.23


I notice in Spybot a DSO exploit - 5 entries is still popping up but Adaware is no longer picking up the cool web stuff.

This was before I ran the cwshredder - it would not update, said the server may be busy. I will post another later.

#9 Archon_Wing

Archon_Wing

    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 02 July 2004 - 11:21 PM

Make sure that the ownership is "you" as in your user name on the computer. That name should show up on the top of your start menu. Also keep renaming the file.

You may also try safe mode to delete the file. Restart the computer and keep tapping f8 when you see the windows screen.

Get cwshredder here:
http://www.majorgeek...wnload4086.html

The DSO exploit detection is just a bug in Spybot. Just ignore it.

Also, check this out:
http://www.spywarein...showtopic=12609

Edited by Archon_Wing, 02 July 2004 - 11:22 PM.

Rights are never important until you don't have them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button