• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Guest Amateur

EvidenceShredder

9 posts in this topic

Everytime I start up Internet Explorer, I see this page:

1139206DetectedSpyware.JPG

 

And when I click on one of the links at the bottom of the page, I am taken to this website:

1139207EvidenceShredder.JPG

 

Norton Systemworks 2004 detected a virus but it would not give me the option to clean it or delete it and the window would not go away after I pressed OK. I had to uninstall Norton in order to continue using the computer.

 

I then went to TrendMicro.com and used their free online virus scan and it detected a trojan and removed it but it did not get rid of the blue webpage.

 

The spyware or whatever it is, will not let me visit website like yahoo or google or any search engine website for that matter. I can visit any website so long as I know the address.

 

If anyone could help it would be greatly appreciated. I can perform a clean install of WindowsXP but I would rather not. Thanks.

 

Here is my HijackThis log:

 

ogfile of HijackThis v1.98.0

Scan saved at 6:31:50 PM, on 7/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\WINDOWS\System32\wisptis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jim Renberg\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINDOWS/secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O21 - SSODL: System - {58F27183-FE6E-41DD-9E0F-B04D118A5449} - C:\WINDOWS\system32\system32.dll (file missing)

Share this post


Link to post
Share on other sites

It's a startup page downloader trojan.

First, go in and see if you can manually change your homepage!

Do you have Hijack This, Spybot Search & Destroy, and Adaware 6.0?

If not, I can give you the addresses to go there.

I'll also give you info. on other free virus scan options.

if need be.

Share this post


Link to post
Share on other sites

Well, I obviously have HijackThis :-) but I will download Spybot Search and Destroy. I tried Adaware and that didn't pick anything up. I will get back to you if Spybot detects anything.

Share this post


Link to post
Share on other sites

OK, CWShredder fixed the problem. I can now use yahoo.com and other search engines. Thanks alot.

 

One more question. How do I replace the missing file in the HijackThis log: O21 - SSODL: System - {58F27183-FE6E-41DD-9E0F-B04D118A5449} - C:\WINDOWS\system32\system32.dll (file missing)

Share this post


Link to post
Share on other sites

Are you familiar with the sfc tool (System file check)?

It scans your pc for any important windows files that

have been damaged or replaced, then it replaces them

with valid copies.

This is especially helpful if your computer has been

infected with viruses/trojans/etc. that have attacked your

files.

To run it, Click on Start-Run , type: sfc /scannow and Press the "Enter" key. Have the Windows XP CD handy, because if your files have been

damaged, it will ask for the CD so a clean copy can be obtained. If you are asked what you want to do after you insert the disk, just click on

"exit". Let the SFC do the rest. After about 10 min., when it is done, remove the disk. That should do it.

And, may I suggest that you go into Spybot S&D to tools/Browser pages

and make sure your search pages are set appropriately. You may look into the Host File tool also, since it blocks servers that are notorious for "bad behaviour"--like CoolWebSearch.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0