• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gary_stanley_uk

Think I have a worm

12 posts in this topic

hELLO,

I only just got internet explorer to work again after a long battle with my computer however it starts with a search 200 thing and i try to get rid of it in hijack this and it comes back instantly please help me cleanse my system. Thank you in advance!!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 16:43:12, on 04/07/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\VetMsgNT.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe

C:\PROGRA~1\PLANSI~1\glueonce.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\Sky Alerts\skinkers.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\PROGRA~1\INCRED~1\bin\INCMAIL.EXE

C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Scotty B\My Documents\Anti Hack software\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...er=6&ar=msnhome

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe

O4 - HKLM\..\Run: [Chic long] C:\PROGRA~1\PLANSI~1\glueonce.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [skySportsCluster] C:\Program Files\Sky Alerts\skinkers.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstall...seInstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8172.3164351852

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab27571.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4CBE9ACC-382D-4547-9B3A-5E26F49C2086}: NameServer = 194.72.9.38 194.74.65.68

Share this post


Link to post
Share on other sites

this is bad

 

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

 

this is what your internet is routing though, I would download The internet fix I posted and then download Hi-jack this and remove those 4 things listed for starters, If the internet stops working after that run the Internet fix, after you do all that download Adaware 6 and update and scan the system, the downlaod Avast Home and do a boot time scan, then download Cwshredder to fix the 200 problem, then everything should be pretty cleaned up, If you have any other problems just post them.

 

 

 

Internet Fix XP/2000/ME/98

Avast Home

Adaware 6

Edited by dave38

Share this post


Link to post
Share on other sites

gary_stanley_uk,

 

Please ignore the advice from theshit... it is incorrect and will likely cause you to lose your ability to access email and the internet... Please wait for assistance from someone who is qualified to help...

 

theshit,

 

You need to check your PMs as soon as possible...

Share this post


Link to post
Share on other sites

DO NOT FOLLOW thesh's advice.

You will probably lose your internet connection if you do!

 

EDIT: Sorry Budfred, you beat me to it. Ididn't see you there.

Edited by Trilobite

Share this post


Link to post
Share on other sites

yes more than likely you will lose you Internet connection but some times Hijack this fixes the problem, thats why I posted The Internet fix to fix that problem, I have done this many times on over 100 computers maybe more, If you do not want to take my advice that fine, this is all I do all day long is remove spyware and adware and fix customers computers,Iv been doing this since spyware and adware started to show up on computer systems, I get paid to do this, ITS MY JOB. All I want is to help other people with there problems, If they follow my Instructions Exactly then there wont be a problem. If I didnt know what I was doing I wouldnt be getting Paid to do it.

Edited by dave38

Share this post


Link to post
Share on other sites

gary_stanley_uk,

 

I am sorry you are having to deal with this squabble... If you fix those items with HJT, you will almost certainly lose your ability to access websites and you will make doing the proper fix more difficult... Please do not act on this bad advice....

Share this post


Link to post
Share on other sites

Hi gary_stanley_uk,

 

You have a few things going on here.....

 

First, go here and download this program called CWShredder. Unzip the .exe to your desktop. Then, make sure ALL windows are closed and run CWShredder.exe and click Fix (not scan).

 

Next, run hijackthis again, click Scan. Check the boxes next to these entries. Then close all windows except HijackThis. Tell HijackThis to 'Fix checked'.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...er=6&ar=msnhome

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstall...seInstaller.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab

 

Reboot your computer.

 

Now, lets get rid of those lines that are causing those O10 entries. True, they are bad, but as Budfred pointed out, fixing them with hijackthis would have severed your internet connection. So we'll remove them this way.

 

Go here and download this tool called Vx2Finder. Save it to your desktop, run it and click the Click to find Vx2/BetterInternet button, then click Make Log. Copy that log and a new hijackthis log back into this thread.

Share this post


Link to post
Share on other sites

Well, luckily they're using Windows XP, so even after removing the LSPs, it's simply a matter of running

 

netsh interface ip reset reset.log

 

to reset the TCP/IP stack and Winsock settings to restore internet connectivity.

Share this post


Link to post
Share on other sites

Hi thesh,

 

That's nice, thesh, but your missing the point here. Fixing those O10 entries will not get rid of the main culprit, in this case, Look2Me. Any why fix them with hijackthis when the user will have to go and download yet another utility to fix the problem?? We try and fix people's computers with the least amount of steps possible. Fixing those entries with hijackthis creates more steps and adds aggrevation to the mix once the computer loses internet connectivity.

 

sardak, using that command will fix the problem, but most users won't even know that command exists; or how to use it (where to put it in).

 

The point is fixing those lines with hijackthis is not a solution. It only creates more work for the people helping and the user, who is already frustrated about pop-ups, hijacks, etc.

 

I'd be happy to discuss this with you, but this thread is not the place. I'm sure your utility works just fine and will be a nice option to lspfix and/or the command sardak pointed out. Feel free to join our chat room (chat.spywareinfo.com) or PM me if you'd like to continue this. The only requests I'll be responding to in this thread are ones from gary_stanley_uk. Thanks for your understanding.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0