• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
CelestialHippo

Spyware!!!! AAAH!

10 posts in this topic

I think I have spyware from 'mysearchnow.com'. Wheneva i go on my homepage i have to be redirected thru them first and then an annoyin toolbar called 'pollaxis' pops up and another one without a name appears along the bottom of the screen. I also have a load of weird favourites.

 

How can I remove this? For now i've blocked cookies from this website so everything seems more normal but I want the whole thing out of my system!

 

Here are my current running system processes:

 

dslagent.exe

MsgPlus.exe

mad.exe

gsicon.exe

MOTIVE~1.EXE

msnmsgr.exe

taskmgr.exe

FINDFAST.EXE

explorer.exe

svchost.exe

winampa.exe

nvsvc32.exe

avgserv.exe

spoolsv.exe

mpbtn.exe

svchost.exe

IEXPLORE.EXE

svchost.exe

QuickDCF.exe

rundll32.exe

svchost.exe

svchost.exe

iTouch.exe

ctfmon.exe

Isass.exe

services.exe

winlogon.exe

csrss.exe

smss.exe

OSA.EXE

avgcc32.exe

opware32.exe

System

System Idle Process

 

If you need to know anything else, just ask.

 

Thanks in advance. :D

Edited by CelestialHippo

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

 

Please ensure that the entire log is posted.

 

Also please keep to this thread. you other posting has been closed.

Share this post


Link to post
Share on other sites

Thnx, here u go:

 

Logfile of HijackThis v1.97.7

Scan saved at 19:09:01, on 30/05/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\PROGRA~1\Grisoft\AVG6\avgserv.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Logitech\iTouch\iTouch.exe

E:\Program Files\ScanSoft\OmniPageSE\opware32.exe

E:\WINDOWS\System32\gsicon.exe

E:\WINDOWS\System32\dslagent.exe

E:\Program Files\Winamp\winampa.exe

E:\WINDOWS\System32\RUNDLL32.EXE

E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

E:\Program Files\Messenger Plus! 3\MsgPlus.exe

E:\WINDOWS\System32\ctfmon.exe

E:\Program Files\Exif Launcher\QuickDCF.exe

E:\Program Files\BT Broadband\Help\bin\mad.exe

E:\Program Files\Microsoft Office\Office\FINDFAST.EXE

E:\Program Files\Microsoft Office\Office\OSA.EXE

E:\Program Files\BT Broadband\Help\bin\mpbtn.exe

E:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

E:\Program Files\MSN Messenger\msnmsgr.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Documents and Settings\James\My Documents\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - E:\Program Files\ToPicks\Bin\HtCheck2.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {15FBEEE6-F5F7-0C7D-D933-51231F033B9B} - E:\PROGRA~1\MFCDIS~1\MODE TOOL.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O3 - Toolbar: pollaxis - {DA9FDD51-6E90-1B45-78EE-59654BAEB6B9} - E:\PROGRA~1\MFCDIS~1\MODE TOOL.dll

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Omnipage] E:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [ToPicks Starter] E:\Program Files\ToPicks\Bin\Idhost.exe

O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bleh Exit] E:\PROGRA~1\JOYFOR~1\Window Soap Creative.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: BT Broadband Help.lnk = E:\Program Files\BT Broadband\Help\bin\matcli.exe

O4 - Global Startup: Exif Launcher.lnk = E:\Program Files\Exif Launcher\QuickDCF.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Si&milar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8112.3726967593

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3439D2E-73B8-46D9-9FFF-F3429E318E6B}: NameServer = 217.35.209.180 194.74.65.68

Share this post


Link to post
Share on other sites

I feel your pain. I posted on June first, and haven't got ONE reply. Maybe I did something wrong? But what I ended up doing was printing a copy of my hijack this log, going to google.com, and looking up every single thing it said it was running, for example..sms.exw. That is something I made up. But, if it was something that said it was a virus, etc..i just checked it in hijack this, and got rid of it. I also got rid of Microsoft Java and downloaded Sun Java at their website. I'm not sure if I did it all right, but my computer is now running a LOT better...and I stilll have no reply from this forum. I hope this helps you.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0