• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
WickedNeo

Hijacked

3 posts in this topic

 

Hi, it would appear i am suffering from the same as a lot of other ppl that post here are suffering.

I have read thru those threads and tried the advice given

alas i still have those damn nasty porn popups.

These are not generated by visiting those dodgy sites but appear at random when i am on forums ( www.tranceaddict.com/forum ) i help run and sites i know well which do not have porn pop ups.

 

they are only generated thru IE

 

i have run ad-watch and ad-aware and they picked up a couple of dataminers which are now gone, my firewall prevents dataminers sending out anything anyway.

 

so i have DLed Hijack This and have the following log

 

anything in there that suggests a nasty addition to my IE ?

 

Operating System: (Win2K Professional 5.0 Service Pack 4 (Build #2195)

 

Logfile of HijackThis v1.98.0

Scan saved at 23:52:32, on 11/07/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINNT\system32\mcc.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransparentW.exe

D:\Program Files\mIRC\mirc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\My Documents\Applications\HijackThis.exe

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINNT\system32\mcc.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - Global Startup: TransparentW.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

 

mcc.exe outgoing is blocked by my firewall

 

 

Thanks for your time and any info provided

 

Edited by WickedNeo

Share this post


Link to post
Share on other sites

This is still occuring, seems to be mainly happening when you boot up the machine and start surfing.

the first 10 to 15 minutes of surfing brings the pop ups then after that period they stop

 

Share this post


Link to post
Share on other sites

Actualy this mcc/telenet thing is fairly new (At lease I'm just starting to see it.) removeal is fairlt straight forward.

 

 

1) Right-click on the taskbar at the bottom of the screen and select "Task Manager".

2) Select the tab marked "Processes".

3) Under the "Image Name" select the process for "mcc.exe"

4) With mcc.exe highlighted click "End Process"

5) Close Task Manager.

6) Click on the start>Run> type "regedit" (no quotes

7) Navigate to the registry setting for "hkey_current_user\software\media codecs" and delete the whole registry key.

8) Navigate to "hkey_local_machine\software\microsoft\windows\currentversion\run" and delete the registry value associated with mcc.exe

 

Now continue on with the rest of the Hijack This log

Move HijackThis to it's own, permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

 

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present

 

Put a check next to these in hijackthis:

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINNT\system32\mcc.exe

 

THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

 

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-

C:\WINNT\system32\mcc.exe

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

[*]C:\Windows\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.

[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\

[*]Empty your "Recycle Bin"

 

Then Reboot and post a fresh log back to this thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0