• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
supergatito123

homepage res://wcufh.dll/index.html#37794

21 posts in this topic

Please take a look to the following log.

i think the solution should be preatty easy for you guys since i am comparing my situation to others....

i wil really apreciated your replies

 

Logfile of HijackThis v1.98.0

Scan saved at 6:45:29 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\sdpasvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winrb32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\WINDOWS\system32\apijp.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Novell\GroupWise\GrpWise.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\signmaker\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wcufh.dll/index.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wcufh.dll/index.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wcufh.dll/index.html#37794

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0252B10A-EBA8-A173-4231-A94D60BF6A42} - C:\WINDOWS\sdktw32.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [apijp.exe] C:\WINDOWS\system32\apijp.exe

O4 - HKLM\..\RunOnce: [winrb32.exe] C:\WINDOWS\system32\winrb32.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://lgccpdc/msrdp.cab

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laguardia.cc

O17 - HKLM\Software\..\Telephony: DomainName = laguardia.cc

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laguardia.cc

Share this post


Link to post
Share on other sites

The offending problem is HSA or Home Search Assitant

 

I found two way to fix this issue..

 

Microsoft page: http://support.microsoft.com/default.aspx?kbid=247501

 

or a utility at http://hsremove.bravehost.com and download hsremove.exe

 

run it and it seems to work...

 

***** New ***

 

This only fixed part of my issue... there still is something that wants to reload the redirecting software. Will get back

 

***** Update ****

 

ALL,

 

I had to disable spybot and run in safe mode, and this cleaned everything...

 

The only thing is when your done you have to reset your home and search pages as this utility changes them to a confirmation page that your system is clean...

Share this post


Link to post
Share on other sites

the first solution that somebody gave me was about the Microsoft page: http://support.microsoft.com/default.aspx?kbid=247501 can't work since my os is XP and own that page it doesn't saying about it.

second i try http://hsremove.bravehost.com and download hsremove.exe and it said that it did it but i change my home page and the problem still remains.... what can i do???? now??

here is my log........

 

Logfile of HijackThis v1.98.0

Scan saved at 6:45:29 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\sdpasvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winrb32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\WINDOWS\system32\apijp.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Novell\GroupWise\GrpWise.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\signmaker\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wcufh.dll/index.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wcufh.dll/index.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wcufh.dll/index.html#37794

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0252B10A-EBA8-A173-4231-A94D60BF6A42} - C:\WINDOWS\sdktw32.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [apijp.exe] C:\WINDOWS\system32\apijp.exe

O4 - HKLM\..\RunOnce: [winrb32.exe] C:\WINDOWS\system32\winrb32.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://lgccpdc/msrdp.cab

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laguardia.cc

O17 - HKLM\Software\..\Telephony: DomainName = laguardia.cc

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laguardia.cc

Share this post


Link to post
Share on other sites

Hello please download About:Buster and unzip it to your desktop.Don´t run it yet.

 

How to use Ad-Aware to remove Spyware <= Please check this link for instructions on how to download, install and then use adaware. Don´t use it yet.

1 You already have Adaware installed. Make sure it's up to date. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R332 12.07.2004 or higher listed.

 

2 Print out these instructions so you have them handy as most of the steps need to be done in safe mode and you may not be able to go online.

 

3. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

 

4. Reboot to Safe Mode

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

 

5. Make sure your PC is configured to show hidden files

 

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK"

 

6.CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wcufh.dll/index.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wcufh.dll/index.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcufh.dll/sp.html#37794

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wcufh.dll/index.html#37794

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0252B10A-EBA8-A173-4231-A94D60BF6A42} - C:\WINDOWS\sdktw32.dll

O4 - HKLM\..\Run: [apijp.exe] C:\WINDOWS\system32\apijp.exe

O4 - HKLM\..\RunOnce: [winrb32.exe] C:\WINDOWS\system32\winrb32.exe

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

 

7. delete the following files if present.

C:\WINDOWS\sdktw32.dll

C:\WINDOWS\apijp.exe

C:\WINNT\system32\winrb32.exe

C:\WINDOWS\system32\apijp.exe

 

8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

 

9. Scan with Adaware and let it remove any bad files found.

 

10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

11. Reboot to normal mode, scan again with Hijack This and post a new log here.

 

12. Finally, do an online scanHERE. Let it remove any infected files found.

 

 

Post a fresh HijackThis log and the AboutBuster report back here please.

Share this post


Link to post
Share on other sites

i have follow your instruc until #4 however when i went to services.msc i couldn't find network security services. please let me know what do i do now?

Share this post


Link to post
Share on other sites

go ahead with the next step

Share this post


Link to post
Share on other sites

Read carefully the given instructions, it says: If you don´t find this service listed go ahead with the next steps.

Share this post


Link to post
Share on other sites

Hi supergatito123,

Download AboutBuster & unzip it to your Desktop. Do not run AboutBuster yet

Please post a new log here, do not fix anything yet.

Share this post


Link to post
Share on other sites

ok i think i'm done please let me know:

 

step #8

results:

 

-- Scan 1 --------

About:Buster Version 1.30

Removed! : C:\WINDOWS\afoskx.dat

Removed! : C:\WINDOWS\hgopm.dat

Removed! : C:\WINDOWS\iyujx.dat

Removed! : C:\WINDOWS\iyujx.dll

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

step #11

results:

 

Logfile of HijackThis v1.98.0

Scan saved at 6:37:54 PM, on 7/16/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\sdpasvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\signmaker\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://lgccpdc/msrdp.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laguardia.cc

O17 - HKLM\Software\..\Telephony: DomainName = laguardia.cc

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laguardia.cc

 

step #12

results:

 

Logfile of HijackThis v1.98.0

Scan saved at 7:13:26 PM, on 7/16/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\sdpasvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\NetMeeting\CONF.EXE

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rsvp.exe

C:\Program Files\Winamp\winamp.exe

C:\Documents and Settings\signmaker\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://lgccpdc/msrdp.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laguardia.cc

O17 - HKLM\Software\..\Telephony: DomainName = laguardia.cc

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laguardia.cc

 

please let go if i ready to go.........

thank you

Share this post


Link to post
Share on other sites

Good job! :cool:

Your log looks clean now.

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

And also see TonyKlein's good advice

So how did I get infected in the first place?

 

Good luck :D:D

Share this post


Link to post
Share on other sites

Your welcome :D

 

Glad we could help.

SWI

Share this post


Link to post
Share on other sites

hey mmxx66

 

i don't know, but i have the feeling that something is going on here. today i scan my comp with ad-aware and spybot and in ad-aware they found something else. and spybot is still saying DSO explicit and i can't deleated.

but my homepage is working (no Hijack) but when i try to enter to the web it gave the sense that i'll will happend again.

Also my clock is not working at the right time it. Should i'll be concern??? let my now please....

 

i sending my new log:

can u take a look please?????

 

Logfile of HijackThis v1.98.0

Scan saved at 1:08:23 PM, on 7/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\sdpasvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Novell\GroupWise\GrpWise.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\signmaker\My Documents\Files Rz\Lifesavers\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://lgccpdc/msrdp.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laguardia.cc

O17 - HKLM\Software\..\Telephony: DomainName = laguardia.cc

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laguardia.cc

Share this post


Link to post
Share on other sites

This is a minor bug in Spybot 1.3, which I'm sure will be fixed soon and it is not really a security concern if your system is patched via Windows Update.

 

And for the time issue , double click on the time in your task bar and adjust it in that window.

Share this post


Link to post
Share on other sites

i heard that everytime when i get authodicated by the domain at my college my curren time settings get overwritten by the server that i am getting authodicated.

in other words is my comp has 5pm and the server has 4:45pm my time automatically ajust to the server's time. is this true???

Is there any way that i can manage my time dispite that i am getting authodicated by a server??????

 

Thank you very much by your advice

Share this post


Link to post
Share on other sites

When you open the Time and Date Properties( double click on time in your task bar) under the Internet Time tab Unmark Automatically sincronize....

 

That should work and allow you to set your own time in your computer.

Share this post


Link to post
Share on other sites

i'm so sorry but the only time that i see is time zone and the only checkmark that i can uncheck us the one referring to the daylight saving time. there was not internet time the only tab that i saw was time zone.

again thank u for your advice.

Share this post


Link to post
Share on other sites

Click Start/Run/Services.msc

Stop/Disable the W32Time service

Share this post


Link to post
Share on other sites

supergatito123

 

Your threads merged to here. Please stick to just this one thread. It is difficult for our helpers if you post more than one thread. You started 7 topics in spite of the request at the top of this page Please stay with your original topic when posting follow up log files. I have closed or deleted all but the 2 which are merged here.

 

See Helper instruction at http://forums.spywareinfo.com/index.php?sh...indpost&p=60009

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0