• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Laxen

CWS.searchX problems

2 posts in this topic

I have a problem with removing CWS.searchx from reinfecting my system. According to CWShredder which I use (daily now..() it's removed, but it instantly reemerges. Neither ADaware or S&D will help. Nor does my antivirus program.

 

CRTL+ALT+DEL and chosing processes will show 2 items which I dont know have any significance, Link bash joy and "up deaf".

 

Having a limited experience with computers, I dont know if a log from "hijackthis" will help you, but since it has been requested for almost all other topics here, I will supply mine:

 

-----------

 

Logfile of HijackThis v1.98.0

Scan saved at 12:25:19, on 2004-07-28

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DeltTray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Winamp\Winampa.exe

C:\WINDOWS\System32\msnqmgr.exe

c:\program\intern~1\iexplore.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\TGTSoft\StyleXP\StyleXP.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\DC++\DCPlusPlus.exe

C:\Program\Winamp\Winamp.exe

c:\program\intern~1\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\laxen\Skrivbord\Gamla genvägar\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar_en_2.0.111-big.dll

O2 - BHO: (no name) - {AC55DDA9-6176-59C4-FB65-88DBD58669E8} - C:\Program\OPENAM~1\Hope Mail.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar_en_2.0.111-big.dll

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [MixHeart] C:\Program\BONEST~1\Link Bash Joy.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Program\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Per\Deamon Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe

O4 - HKLM\..\Run: [Mapi Thunk More For] C:\Documents and Settings\All Users\Application Data\The Ace Mapi Thunk\Up Deaf.exe

O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program\google\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program\google\GoogleToolbar_en_2.0.111-big.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program\google\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...llInstaller.exe

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/en/wowbeta/Si.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab

 

-----------

 

Service pack 1 is installed, as is the latest upgrades for Win XP from Microsofts site.

 

----------

 

 

The problem presents itself as im directed to CWS as homepage, usually together with an popup, and alot of added sites to my "favourites" bar.

 

 

---------

 

Very thankful for any help!

Share this post


Link to post
Share on other sites

Hello,

 

NOTE: Please print a copy of these instructions because you will be working in Safe Mode and/or with all windows closed except HijackThis.

 

Please run HijackThis in Safe Mode....

 

Reboot into safe mode, this way:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Also, enable the ”Show Hidden Files and Folders” option:

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Place a check mark next to the following items then, WITH ALL OTHER WINDOWS CLOSED, select “fix checked.”

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: (no name) - {AC55DDA9-6176-59C4-FB65-88DBD58669E8} - C:\Program\OPENAM~1\Hope Mail.exe

 

O4 - HKLM\..\Run: [MixHeart] C:\Program\BONEST~1\Link Bash Joy.exe

 

O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe

 

O4 - HKLM\..\Run: [Mapi Thunk More For] C:\Documents and Settings\All Users\Application Data\The Ace Mapi Thunk\Up Deaf.exe

 

O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

 

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...llInstaller.exe

 

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/en/wowbeta/Si.cab

 

Now, search for, and delete if found, (some files may not be present after previous steps) the following:

 

Folders:

 

C:\Program\OPENAM~1\ This folder's name begins with OPENAM and other letters will follow that. You will have to search for it to find it. It will be located in the Program folder.

 

C:\Program\BONEST~1\ The same for this folder... also in the Program folder, and its name begins with BONEST with other letters following. Search for it and delete it when found.

 

C:\Documents and Settings\All Users\Application Data\The Ace Mapi Thunk\

 

File:

 

msnqmgr.exe

 

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example:

 

C:\WINDOWS\Temp\

 

C:\Temp\

 

C:\Documents and Settings\username\Local Settings\Temp\

 

Also delete your Temporary Internet Files, be sure to also select "delete all offline content."

 

Empty your Recycle Bin.

 

Reboot into normal mode.

 

Check CWShredder for updates. Run the program, with all other windows closed, and hitting fix as opposed to scan. Run it a second time. Reboot when finished.

 

Proceed to the Windows Update site (see link below) download and install ALL critical updates.

 

Reboot when finished.

 

If you are not running version 1.3 of Spybot S & D, click here to download Spybot Search & Destroy v1.3 - install, update, reboot into Safe Mode, scan and fix all RED items it finds. Reboot into normal mode when done.

 

Perform a customized Ad-aware scan in Safe Mode........

 

If you do not have the latest version of Ad-aware, version 6, Build 6.181, click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then boot into Safe Mode, start the program, and click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot into normal mode when finished.

 

Next, perform online virus and Trojan scans, using the links in my signature below. Allow the programs to delete all that they may find. Reboot after each scan.

 

Scan with HijackThis and post a fresh log into this same thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0