Jump to content


Photo

IE Problem - Cannot enter text in search bars ..


  • Please log in to reply
8 replies to this topic

#1 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 22 July 2004 - 08:38 AM

Logfile of HijackThis v1.97.7
Scan saved at 9:40:54 AM, on 7/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\HP Web JetAdmin\hpwebjetd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\windows\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINNT\System32\automove.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe"
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8180.5474537037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pmp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pmp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pmp.com

Thank you for helping

#2 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 23 July 2004 - 11:05 AM

Just bumping this up - can someone please look at my log??

#3 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 23 July 2004 - 11:33 AM

Can you please download HijackThis from this link, install it into C:\HJT. Run it, click on scan, save log and please post your entire log here for analysis. (this is a new version)

Thank you.

#4 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 29 July 2004 - 07:29 AM

:D
Here is my Hijackthis log - sorry it took so long to post

Logfile of HijackThis v1.97.7
Scan saved at 8:34:35 AM, on 7/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\HP Web JetAdmin\hpwebjetd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\WINNT\System32\automove.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINNT\System32\automove.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe"
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8180.5474537037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pmp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pmp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pmp.com

#5 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 29 July 2004 - 03:14 PM

  • What is CoolWebSearch?
    CoolWebSearch, or CWS, is a browser hijacker that redirects your browser to the coolwebsearch.com web site and other affiliated sites. We are pretty sure now CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the Byte Verify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc. Check the following list of infected domains to see which sites are known to be CWS related. It is known only to affect Internet Explorer, so those who are using Mozilla or Netscape should not be infected with this Hijacker.
    How do I get rid of CoolWebSearch?
    • Download CWShredder from any of the following sites:
    • NOTE: If CWShredder does not run, a variant of CWS could be preventing you from running the shredder. Download the CoolWebSearch.Smartkiller (v1/v2) Miniremoval Tool and save that to a directory called C:\CWS. Run the downloaded program, called miniremoval_coolwebsearch_smartkiller.exe, to remove the variant of CoolWebSearch that is stopping you from running your removal tool.
    • Save CWShredder.exe in C:\CWS.
    • Close all programs and windows.
    • Navigate using windows explorer or My Computer to the C:\CWS folder and double click on the file CWShredder.exe.
    • The first thing you should do is check for updates to CWShredder. You can do this by clicking on the button labeled "Check for update". If updates are found, click on the “Download and open the update” bar.
    • Click on the “Fix” icon and let it scan your computer.
    • CWShredder will then start scanning your hard drive for the various CoolWebSearch variants and remove them if they are found. If one is found it will tell you, otherwise it will state that it is "not present". When it is done you will be presented with a button labeled "Next".
    • When you are finished examining the results, press the “Next” button to see a summary of the fixing process.
    How do I prevent future infection?
    We strongly recommend you install the patch, available from this MS security bulletin. If you have Windows XP with Service Pack 1a, your system has no MS Java VM. Information on removing the MS Java VM completely and replacing it with the newer, safer Sun Java VM can be found here.
  • Run HijackThis (This should, typically, be run from C:\HJT\HijackThis.exe)
    • Click on "Config" in the bottom right corner of the HijackThis window.
    • Make sure that the "Main" tab is selected at the top.
    • Place a checkmark in the box labelled "Make backups before fixing items".
    • Click on "Back" in the bottom right corner.
    • Make sure all Browser windows are closed otherwise it may interfere with the fixing of items.
    • Click on "Scan" and then place a check mark in the following boxes (If they still exist), And click on "Fix Checked":
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[*]Please reboot into safe mode - How do I boot into "Safe" mode?
[*]The following DIRECTORY CONTENTS (But not the directory), DIRECTORIES and FILES, need to be deleted while in safe mode. Make sure your settings allow you to view "Hidden files". Open up any explorer window and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". If the files etc listed are not present - Do not worry, just delete those that you can find. If no path is listed, you may need to search for the file(s) - To search, click on "Start" => "Search" => "For Files and Folders" => "All Files and Folders" and type in the file name. You can delete it right from the search results window.
  • DIRECTORY CONTENTS (But not the directory)
    • %windir%\Temp\
    • %temp%\
    • %userprofile%\Local Settings\Temp\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
    • Click on "Start" => "Settings" => "Control Panel" => "Internet Options". Click on "Delete Files", select "Delete All Offline Content" and click on "OK". <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested. Click on "OK" once more to close the options panel.
    • Right click on "Recycle Bin" and select "Empty Recycle Bin" and respond "Yes" when prompted.
  • DIRECTORIES
    • :\Program Files\MyWebSearch\
    • C:\Program Files\TV Media\
  • FILES
    • C:\WINNT\Updreg.exe
[*]Reboot again and log in normally, repost a new HijackThis log into this message for further review.
[/list]

#6 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 30 July 2004 - 09:26 AM

:hmmm:

Now I can't even get IE to bring up a web page - it states "detecting proxy settings" - then goes to the unable to find page


Logfile of HijackThis v1.97.7
Scan saved at 10:30:24 AM, on 7/30/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\HP Web JetAdmin\hpwebjetd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE
C:\WINNT\System32\automove.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINNT\System32\automove.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive2k\PlayCenter2\CTNMRun.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8180.5474537037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pmp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pmp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pmp.com

#7 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 30 July 2004 - 09:34 AM

The log looks clean :)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Run Ad-Aware with the latest update.
    • Download the latest version of Ad-Aware from here.
    • After installing Ad-aware, and before running the program, Please be sure to update the reference file as per these instructions.
    • Reconfigure Ad-Aware for Full Scan as per the following instructions:
      • Launch the program, and click on the Gear at the top of the start screen.
      • Click the "Scanning" button (On the left side).
      • Under Drives & Folders, select "Scan within Archives" (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • Click "Click here to select Drives + folders" and select your installed hard drives.
      • Under Memory & Registry, select all options.
      • Click the "Advanced" button (On the left hand side).
      • Under "Log-file detail", select all options.
      • Click the "Tweak" button (Again, on the left hand side).
      • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
        • "Include additional Ad-aware settings in logfile"
        • "Unload recognized processes during scanning."
      • Under "Cleaning Engine", select the following:
        • "Automatically try to unregister objects prior to deletion."
        • "Let Windows remove files in use after reboot."
      • Click on "Proceed" to save these Preferences.
      • Click on the "Scan Now" button on the left.
      • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
      • Select "Activate in-Depth scan".
    • Close all programs except ad-aware.
    • Click on "Next" in the bottom right corner to start the scan.
    • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
    • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
  • Download the latest version of Spybot from either:
    • Install spybot and by default is should install into C:\Program Files\Spybot - Search & Destroy.
    • Run Spybot by clicking on "Start" => "Programs" => "Spybot - Search & Destroy" => "Spybot - Search & Destroy".
    • The first time you run it, allow it to create a backup of your registry when prompted. This will take a few minutes to complete.
    • Click on "Search for Updates".
    • If any updates are found, place a check mark next to each and click on "Download Updates".
    • Click on "Immunize" and once it detect what has or has not been blocked, block all remaining items by clicking on the green plus sign next to immunize at the top.
    • Click on "Search & Destroy" => "Check for Problems".
    • If any problems are found, be sure to click on "Fix Selected Problems".
As for not accessing the Internet - I assume you are on a network "pmp.com" - If so, you would typically be using a proxy server to connect. I do not see any indication of the proxy settings in IE. Do you happen to have the settings on hand as to what is your proxy server and what port - Usually port 80. I should add ... Microsoft article explaining in more detail

#8 burke3797

burke3797

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 31 July 2004 - 09:12 AM

:huh:

Thanks for the help - we are still having one problem. At a website (such as yahoo or google) where you have spaces to type something in, nothing shows up thus prohibiting the use of sites like these. What could be the problem????

Thanx in advance...

#9 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 31 July 2004 - 10:58 AM

I am not sure I am following? It sounds like you are now able to access the Internet, correct? Is it only certain sites or is it all that have text boxes to type in? Does the rest of the site come up okay? Did you follow the instructions for installing MVPS Hosts, IE-Spyad etc? can you post another HijackThis Log?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button