• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
farmcity

PC ANYWHERE & CWS VARIANT

7 posts in this topic

I recently go hit with that horrible CWS hijack crud. THis site helped me find a cure. during the process I used adaware, spybot, spysweeper and a few others. Now, When I try to connect to my office via PC anywhere a connection cannot be made. I have not changed anything to the best of my knowledge. shoud i reinstall PC anywhere? I use GNAT BOX VPN. I also recently downloaded Zone ALarm but it doesnt load when I boot up. Thanks for any advice you can offer. :techsupport:

Share this post


Link to post
Share on other sites

Hello and Welcome to S.W.I. :wave:

I would like to make a suggestion for you that will make your Post a little easier for all of us at (S.W.I.). This will enable us to a give you a better answer and response to your question.

Here is a link to a program called HijackThis also known as (HJT), from here on out we will refer to this as HJT, please download HJT from this URL:

http://www.spywareinfo.com/~merijn/downloads.html .

When you Download HJT, Save it to your C: Drive or whatever letter your Hard drive letter is, To: (C: Program Files/New Folder) name the New Folder (HJT) or something similar to that so you can find it easier, this is where your Log Files for HJT will be kept. Now Install HJT.

How to get a Log File after you Install HJT:

Open HJT, the Splash Screen will open, then Click Scan,

At this time Do Not Click Fix , after the Scan you will see the Save Log button were the Scan Button was, Click Save Log and then save it to your HJT File in

C:Programs / HJT Folder.

Then when you Post your question to S.W.I. post your HJT Log File from your

HJT Folder.

From there we can begin the process of helping you.

And remember to update HJT as they become available on the Web.

Thank you very much. (Helper Trainee @ S.W.I.)

Share this post


Link to post
Share on other sites

THanks for the help!! here is the log file you requested.

 

Logfile of HijackThis v1.98.0

Scan saved at 8:37:24 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\GTA\GNAT Box VPN Client\IreIKE.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE

C:\Program Files\GTA\GNAT Box VPN Client\IPSecMon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ofps.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG04.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\hphmon04.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\HPHipm11.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\GTA\GNAT Box VPN Client\SafeCfg.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\FDIW\UpdtChk.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\FRU\Remind32.exe

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Aaron Farmer\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dll

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe

O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\FRU\Remind32.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: GNAT Box VPN Client.lnk = C:\Program Files\GTA\GNAT Box VPN Client\SafeCfg.exe

O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: WebWorks Help 3.0 - file://F:\Documentation\WebDoc\wwhelp3.cab

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAg...ctiveX/smsx.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20011004...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/094f11f8fb41e0...ip/RdxIE601.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://216.157.26.3/svideo.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://admin.pressplay.com/duet/registration/isetup.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...370/mcfscan.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab

O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/contr...ate/sdkinst.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Share this post


Link to post
Share on other sites

Also, It seems as thought the only thing that wont happen is I cannot connect to get updates from various programs. like the ports have been closed or something. I deleted ad aware and then reinstalled and same thing, you go to check updates and there is an error.

Share this post


Link to post
Share on other sites

Hi farmcity I just want to let you that my title Helper Trainee is just that, I am in Boot Camp Training and for now and I do not have the experience to give you the proper fix removal, however may I suggest that your reply back to your Post and Topic Title with just the word (Bump) ,and someone that is better qualified will give you the proper fix, please be patient as we try to respond back as quick as we can to help you.

Thank you

Edited by roadrage

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0