• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
budcombs10

How do I remove specific spyware?

3 posts in this topic

My homepage is no longer under my control.

When I try to put it where I want it it always goes to "Search for..." and I get some ads pertaining to spyware fixers or something.

I have already downloaded "Highjackthis" and have the information that was given.

Can anyone help me to remove this piece of @#*&. It is getting on my nerves. I generally open "about blank" and then pick a search engine from my favorites but I can no longer do that since I have this Search for.. browser popping up with its ads.

please help!

Bud

Share this post


Link to post
Share on other sites

budcombs10,

 

It sounds like you have the CWS about:blank varient. If you have not done so, read this and follow the directions (FAQ) http://www.spywareinfoforum.com/index.php?showtopic=227

 

That alone will not help get rid of this, but it will get rid of other malware that might be effecting your machine and it will make the final solution to your problem easier.

 

Also, have Hijack This downloaded into a folder on your hard drive. Call the folder HijackThis or HJT, or what you want, but please have it in its own folder. Here is a page where you can find many handy tools including Hijack This:

 

http://www.spywareinfo.com/downloads.php?cat=sp#det

 

If you feel you can do so without causing more harm, and only if you feel this way, you can read any or all of the several dozen threads from people with the same problem and see if that helps you solve the problem --particularly the pinned threads. If not, just do this:

 

After following the FAQ, run HJT, then save the log and cut in paste it into your next post with any updated information on your problem(s).

Edited by mjp65aa

Share this post


Link to post
Share on other sites

Here is what I got from Highjackthis:

 

Logfile of HijackThis v1.97.7

Scan saved at 3:30:20 PM, on 7/5/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Norton Internet Security\IAMAPP.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\SYSTEM32\USRshutA.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Norton Internet Security\NISSERV.EXE

C:\Program Files\Norton Internet Security\SymProxySvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Bud\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Bud\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Bud\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Bud\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Bud\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Bud\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Bud\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {149D0002-081D-4F5C-8602-F065236622A8} - C:\WINDOWS\System32\fffdgh.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [sPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT

O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PayPal Plug-In for Outlook Express.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8130.3174768519

O17 - HKLM\System\CCS\Services\Tcpip\..\{86166B67-C5BB-4E67-85B6-3FBDB4E52B23}: NameServer = 209.142.136.85 64.91.3.46

 

Please let me know if anyone has anything.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0