• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hitranger

SpySweeper & Ad-Aware Won't Kill It

2 posts in this topic

My Windows ME running IE 5.50 is infected with some kind of adware and I'm running Ad-Aware, SpySweeper, HiJackThis! and PopThis! and still the darn thing keeps re-generating. SpySweekper finds the bugs and deletes them, but 1 minute later they come back, even as I type this, something called java.exe keeps trying to start up and SpySweeper keeps telling me and I keep deleting it.

My default homepage keeps being hijacked to:

res://jcjhi.dll/index.html#96676

I ran the HiJackThis logfile and attached it. Any help would be appreciated...

Logfile:

 

Logfile of HijackThis v1.98.0

Scan saved at 2:00:57 PM, on 7/28/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\IEBD32.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\JAVATU.EXE

C:\WINDOWS\DESKTOP\HJTLOG.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jcjhi.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jcjhi.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jcjhi.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jcjhi.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jcjhi.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jcjhi.dll/index.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {A7367BB2-EC6D-86CC-D35F-619C39373118} - C:\WINDOWS\WINNX32.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {E10CFF79-7387-A961-D8F3-A733C71183E3} - C:\WINDOWS\WINSY32.DLL (file missing)

O2 - BHO: Class - {992CC6B0-F19C-96EB-B2AC-26F988029CAD} - C:\WINDOWS\IPQN.DLL (file missing)

O2 - BHO: Class - {C4012D49-A194-A75E-2913-A6B0116BD90C} - C:\WINDOWS\IECT32.DLL (file missing)

O2 - BHO: Class - {A78C683B-955A-AA50-0ABD-D5989A728228} - C:\WINDOWS\SYSTEM\SDKFG.DLL (file missing)

O2 - BHO: Class - {B990B770-D62A-B542-EDA6-516033B76258} - C:\WINDOWS\JAVADJ.DLL (file missing)

O2 - BHO: Class - {372F8931-D513-1387-33C0-8D1E94346E23} - C:\WINDOWS\CRTW32.DLL (file missing)

O2 - BHO: Class - {45095715-4837-DE78-F8F8-76551A4633CF} - C:\WINDOWS\SYSTEM\MSHM32.DLL

O2 - BHO: Class - {CDC4F9B8-74D2-78D7-264C-744CE85D9BF8} - C:\WINDOWS\SYSTEM\SYSGE.DLL (file missing)

O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [spyStopper] C:\PROGRAM FILES\SPYSTOPPER\spystopper.exe

O4 - HKLM\..\Run: [JAVATU.EXE] C:\WINDOWS\JAVATU.EXE

O4 - HKLM\..\RunServices: [NTWS.EXE] C:\WINDOWS\NTWS.EXE

O4 - HKLM\..\RunServices: [WINKL32.EXE] C:\WINDOWS\SYSTEM\WINKL32.EXE

O4 - HKLM\..\RunServices: [NETXS.EXE] C:\WINDOWS\SYSTEM\NETXS.EXE

O4 - HKLM\..\RunServices: [MSNR32.EXE] C:\WINDOWS\MSNR32.EXE

O4 - HKLM\..\RunServices: [APPYN.EXE] C:\WINDOWS\SYSTEM\APPYN.EXE

O4 - HKLM\..\RunServices: [iPBB32.EXE] C:\WINDOWS\SYSTEM\IPBB32.EXE

O4 - HKLM\..\RunServices: [NETLX.EXE] C:\WINDOWS\NETLX.EXE

O4 - HKLM\..\RunServices: [MSUF.EXE] C:\WINDOWS\MSUF.EXE

O4 - HKLM\..\RunServices: [MSKM.EXE] C:\WINDOWS\MSKM.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [CRLH.EXE] C:\WINDOWS\CRLH.EXE

O4 - HKLM\..\RunServices: [MFCWG.EXE] C:\WINDOWS\SYSTEM\MFCWG.EXE

O4 - HKLM\..\RunServices: [MFCWB.EXE] C:\WINDOWS\MFCWB.EXE

O4 - HKLM\..\RunServices: [iEBD32.EXE] C:\WINDOWS\SYSTEM\IEBD32.EXE

O4 - HKLM\..\RunServices: [MSJX.EXE] C:\WINDOWS\SYSTEM\MSJX.EXE

O4 - HKLM\..\RunServices: [MFCAO32.EXE] C:\WINDOWS\MFCAO32.EXE

O4 - HKLM\..\RunServices: [APPNH32.EXE] C:\WINDOWS\SYSTEM\APPNH32.EXE

O4 - HKLM\..\RunServices: [MSKY32.EXE] C:\WINDOWS\MSKY32.EXE

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\RunServices: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Printkey-Pro.lnk = C:\Program Files\Printkey-Pro\Printkeypro.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL (file missing)

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

 

Thanks for any help provided....Deryl

Share this post


Link to post
Share on other sites

Hello Hitranger, and welcome to the forums. Please print out my instructions for reference during the fix.

 

1. Download About:Buster from http://www.ducky.atribune.org/

 

2. Boot in Safe Mode - Hit the F8 key several times while booting, until you get a menu.

 

3. Run About:Buster while you are in Safe Mode. Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs. Save the log somewhere.

 

4. Repeat Step 3.

 

After you do that, reboot and post a new Hijack This log along with the About: Buster logs.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0