• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
WelfareHigh

Browser Hijacked...Need Help

3 posts in this topic

Okay, this has got me really, really pissed off. About 3 weeks ago my browser's homepage (I use the newest version of Internet explorer) was changed to some stupid search thing. It turns out it was CoolWebSearch. Now I've spent the last 2 hours trying to remove it. I've gone through CWShredder, it's found nothing, but Ad-aware tells me it's there. AboutBuster hasn't work. A friend who is very knowledgeable in this spent these 2 hours working with me. He said you guys could help me because you trained him. He said to post a log of HiJackThis so here you go.

Logfile of HijackThis v1.97.7

Scan saved at 11:35:31 PM, on 20/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\netfk32.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\crxg32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Kylie\Local Settings\Temporary Internet Files\Content.IE5\0SHCJ2U4\HijackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dykgq.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dykgq.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dykgq.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dykgq.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dykgq.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dykgq.dll/sp.html#96676

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1D626295-5E91-2B59-7E71-D5BE067A9719} - C:\WINDOWS\system32\atljx32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

 

Any help would be amazing because this stuff isn't cool.

Share this post


Link to post
Share on other sites

I'll be glad to help you, but the log you posted is incomplete. There's bound to be quite a bit more after that single O4 line.

 

Before you post a new log, you need to relocate HijackThis to a permanent folder. Use Windows Explorer to make a folder on your C: drive - like C:\HJT - and move HJT into it.

 

Also, you should update your HijackThis to the newest version (currently v1.98.0) by clicking the Config... button - then click the Misc Tools button - finally, click Check for update online.

 

If for some reason the update website is unavailable, just download a new copy from an alternate site like http://www.downloads.subratam.org/hijackthis.zip and unzip it into the folder replacing the old one.

 

Also, make sure you have the latest version of About:Buster and be sure you have Ad-aware updated as well. See Using Ad-aware to remove Spyware for info on how to set up Ad-aware for a Full Scan so it will be most effective.

 

Next, make sure you have Windows Explorer configured to Show Hidden Files/Folders:

 

Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the Files and Folders section.

Select: Display the contents of system folders.

Scroll down to the Hidden Files and Folders section.

Select: Show hidden files and folders, Ok the prompt

Uncheck: Hide file extensions for known file types

Uncheck: Hide protected operating system files

Ok the Prompt, click Apply

Click the Apply to all Folders button.

 

After taking care of those preparations, post the new log, and we'll knock this infection out.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0