• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
SMR

Help! CWShredder stops working and Hijackthis too

2 posts in this topic

I am infected by some @!#$%& Cool Web Search variant that I have not been able to completely kill. I am not being hijacked to anymore stoooopid Calopozzo(sp?) Casino web page, nor are shortcuts to porn pages appearing on my desktop anymore. I was able to get rid of these problems myself by following the excellent advice given in this forum, and I thank each and everyone of you that takes time out to help all of these people. Anyway here is the problem I face now.

 

1. Upon startup, McAfee says that I am infected by the “QHosts-1!hosts virus”, and it says that the files C:\windows\hosts and C\:windows\system32\drivers\etc\hosts files are infected and that “Access is denied” to these files. I then have to terminate McAfee using windows task manager or it will keep trying to delete these 2 files. Even if I have McAfee delete them, they immediately come back.

2. When I run CWShredder, it usually “locks up” when it scans CWS.bootconf. I have got it to run all the way through before and it has found and killed the CWS.svchost32 on a few occasions.

3. After finding and fixing 86 objects on my computer, Ad-Aware runs perfectly clean now.

4. Spybot runs clean, but has this error message: Common Hijacker (Datei C:\Windows\system32\drivers\etc\hosts. Access is denied)

5. Hijackthis also has an error message when it trys to run. Here is the error message and here is my Hijackthis log. I must say that when I run Hijackthis, it usually does not include the R1 and R2 entries, but for some reason it did this last time.

 

An unexpected error has occurred at procedure: modMain_CheckOther1Item()

Error #75 - Path/File access error

 

Please email me at merijn@spywareinfo.com, reporting the following:

* What you were doing when the error occurred

* How you can reproduce the error

* A complete HijackThis scan log, if possible

 

Windows version: Windows NT 5.01.2600

MSIE version: 6.0.2800.1106

HijackThis version: 1.98.0

 

This message has been copied to your clipboard.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 9:03:19 AM, on 7/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

D:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\system32\explorer.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Labtec Wireless Desktop\MagicKey.exe

C:\WINDOWS\System32\devldr32.exe

D:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe

D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

G:\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "d:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "D:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe

O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

 

 

Any help/suggestions you can give would be greatly appreciated!

Share this post


Link to post
Share on other sites

As far as the error goes , Redownload (not update) HijackThis; there is a patched version out (will have same ver #); and install to a NEW location..Don't use existing one as there can be a conflict with the backups...

 

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\system32\explorer.exe

Put a check next to these in hijackthis:

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE <---Optional but Highly recommended to remove not needed at start and huge resource hog

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

 

 

Make sure you are set to Show Hidden Files and Folders reboot to safemode (instructions) and delete the following files/folders:-

C:\WINDOWS\system32\explorer.exe <------ Make certian you have the right explorer, there are others in different locations..Just delete THIS one!!!

C:\WINDOWS\msopt.dll

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

[*]C:\Windows\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

[*]Empty your "Recycle Bin"

 

Then Reboot and post a fresh log back to this thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0