• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ZupzGee

I've tried everything!!

2 posts in this topic

Hello, i've been trying to remove the infamous CWS crap off my WinXP (NFTS) computer for the past 4 hours now and i've almost completely given up. i have no clue what to do next... i'm thinking i might have to reformat (noooo).

 

the only annoying thing that is happening to me now is my browser takes me to that infamous page (s1di.d8t.biz/index.php?aid=20038) whenever i mistype a web address. that's all. my browser doesnt even show that blank page on load (it loads my homepage fine).

 

this is my biggest problem because i already think i've taken care of that nasty file problem. no more .dlls or obvious spyware files are popping up after hours of using ad-aware, spybot, cwshredder, & hijackthis.

 

i've tried so many different combinations and methods of cleaning my pc like shutting off system restore, deleting my hosts files and my user temporary files, going into safe mode, clearing all internet files, etc. nothing will stop my browser from taking me to that damn page if i type the wrong address, so what do i do? somene please help, i feel like i'm just one step away from solving this but i have no idea where to go from here.

 

here's my hijackthis log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:48:14 AM, on 7/8/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Documents and Settings\Admin\My Documents\Tools\Tclock\tclock2.exe

C:\WINDOWS\wanmpsvc.exe

C:\Documents and Settings\Admin\My Documents\Tools\GtfoIRC\mirc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\America Online 5.0\waol.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Admin\Desktop\New Folder\HijackThis.exe

C:\WINDOWS\System32\dwwin.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Startup: TClock.lnk = C:\Documents and Settings\Admin\My Documents\Tools\Tclock\tclock2.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Run WinHTTrack (HKLM)

O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

 

as you can see not much is running on there and i don't suspect a single file on the list. i also tried looking into my registry and although it's tough to know where to look exactly, i found nothing suspicious in the run/runservices threads or elsewhere.

Share this post


Link to post
Share on other sites

Due to the time passed and the fact that you are running an older version ...

  1. HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:

[*]Install/Unzip it into C:\HJT.

[*]Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.

[*]Run HijackThis, click on scan and wait for the scan to finish.

[*]The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.

[*]Notepad will open with a copy of the log.

  • Click on "Edit" => "Select All".
  • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.

[*]Please post your entire log here for analysis.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0