• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kbeefy

hijacked by res://msaps.dll/index.html

2 posts in this topic

Howdy, been reading stuff around here for a bit trying to figure this stuff out, I'm amazed that theres so many helpfull people on here.

Well, heres my story...

Friend (who is somehow more computer illiterate than myself) has contracted a hijacker or two and asked me to help. Running Win2000Pro and a bunch of other junk.

 

I downloaded the current versions and updates for Spyware S&Dm AAW 1.81, CWS and HJT. They Cleaned up alot, but the hijacking persists. Also, Ad-Aware will freeze at random points if doing a deep scan with 'scan archives' selected. It does this in safe mode, I've also created a blank folder and deselected it, along with several other folders that the scan frooze up on to no avail, it just freezes on a different folder before finishing. This requires task manager to exit from, abort and close don't work after freeze.

I've also had HJT fix several entries that I recognized as spyware and/or hijackers but the simply return with the next reboot.

 

Heres a HJT file from a fresh boot, complete w/ all the ressurected entries.

Please advise me if I should instead post a HJT log after running S&D or AAW, as I mentioned alot of these entries come back after rebooting.

 

Thanks for any help!!

 

Logfile of HijackThis v1.98.0

Scan saved at 9:01:59 AM, on 7/19/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\WINNT\Explorer.EXE

C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE

C:\WINNT\system32\ntvdm.exe

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINNT\system32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Documents and Settings\Administrator\My Documents\misc\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [winupd] C:\WINNT\system32\winupd.exe

O4 - HKLM\..\Run: [tapisys] C:\WINNT\System32\tss.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [tapisys] C:\WINNT\System32\tss.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll

Share this post


Link to post
Share on other sites

How to Remove CoolWebSearch with CoolWeb Shredder <= Please click on this link for instructions on how to download and use CoolWebSearch Shredder which will help remove a CWS infection on your computer. Make sure you close all programs and windows before running it and be sure to click on the "Fix" button.

 

To fix About:Blank problems:

  1. Please download About:Buster from one of the following locations:

[*]Please close all windows.

[*]Run HijackThis, click on "Scan" and then place a check mark in the following boxes, And click on "Fix Checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html

R3 - Default URLSearchHook is missing

[*]Unzip AboutBuster.zip and doubleclick the exe.

[*]Next click ok and allow the program to run. (it may take a few minutes)

[*]Make a copy of the log it creates for posting later.

[*]Then run the About:Buster a second time just to be sure it got everything.

[*]Make a copy of the log it creates again.

[*]Reboot and post the 2 about buster logs and a fresh HijackThis log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0