• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
elhijodelcanibal

Need help, tryed everything

3 posts in this topic

I removed a common version of CWS but now my home page keeps redirected to http://weba.directwebsearch.net/search.html

Adaware finds nothing, although the home page is redirected. CWShredder and HijackThis find the redirection registries. But everytime I reboot the homepage is redirected.

 

Here's a Hijack this log just after rebooting:

================================

Logfile of HijackThis v1.97.7

Scan saved at 11:56:30, on 21/07/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\SBPCI\CTMIX32.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PWSTRAY.EXE

C:\WINDOWS\RunDLL.exe

C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\MY DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html

O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Dimension4] C:\ARCHIVOS DE PROGRAMA\D4\D4.EXE

O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T

O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [PWSTray] PwsTray.exe

O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools\umsd.exe sys_auto_run C:\Program Files\UMSD Tools

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .pdf: C:\ARCHIV~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .mpeg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mp3: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mid: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin2.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

I need help plz, I will pass CWShredder to remove the registry entries and then post the new log.

Share this post


Link to post
Share on other sites

Here's the log after CWShredder

 

Logfile of HijackThis v1.97.7

Scan saved at 16:43:44, on 21/07/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\SBPCI\CTMIX32.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\PWSTRAY.EXE

C:\WINDOWS\RunDLL.exe

C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\MY DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize <-------

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Dimension4] C:\ARCHIVOS DE PROGRAMA\D4\D4.EXE

O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T

O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [PWSTray] PwsTray.exe

O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools\umsd.exe sys_auto_run C:\Program Files\UMSD Tools

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .pdf: C:\ARCHIV~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .mpeg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mp3: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mid: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin2.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

I found the red arrow marked is associated with spyware in 2-spyware.com but neither adaware nor SpybotSD report it.

 

I still need help

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - (no file)

 

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe

O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc

Reboot and delete

 

files

C:\WINDOWS\SYSTEM\winupd.exe

C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0