• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
adam6803

Undocumented Adware Browser Problem

7 posts in this topic

I've tried every Spyware finder out there, and none have picked this up. When I'm using Internet Explorer, certain words become highlighted after pages load. The words are hyperlinks that are embedded to direct the user to different sites.

 

I've googled the terms, but haven't found any documentation on them as a known problem. Some of the words and their respective links are as follows:

 

 

 

<a href="http://service.bfast.com/bfast/click?bfmid=26917872&siteid=40604510&bfpage=big_island" onMouseover="window.status=''; return true"><a href="http://service.bfast.com/bfast/click?bfmid=26917872&siteid=40604510&bfpage=big_island" onMouseover="window.status=''; return true">VACATION</a></a>

http://service.bfast.com/bfast/click?bfmid...page=big_island

 

<a href="http://www.<a href="http://www.<a href="http://www.<a href="http://www.<a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com</a>/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a></a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.<a href="http://www.<a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com</a>/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a></a>.com</a>/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.<a href="http://www.<a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com</a>/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">BOOK</a></a>

http://www.<a href="http://www.<a href="http://www.<a href="http://www.<a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com</a>/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a></a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.<a href="http://www.<a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a>.com</a>/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true"><a href="http://www.amazon.com/exec/obidos/redirect-home/smartqpon01-20" onMouseover="window.status=''; return true">amazon</a></a>.com</a>/exec/obidos/redirect-home/smartqpon01-20

 

<a href="http://www.ncsreporting.com/LinkTrack/Redirect.asp?LinkID=DCF10260" onMouseover="window.status=''; return true"><a href="http://www.ncsreporting.com/LinkTrack/Redirect.asp?LinkID=DCF10260" onMouseover="window.status=''; return true">discover</a></a>

http://www.ncsreporting.com/LinkTrack/Redi...LinkID=DCF10260

 

<a href="http://www.ncsreporting.com/LinkTrack/Redirect.asp?LinkID=USW10260" onMouseover="window.status=''; return true"><a href="http://www.ncsreporting.com/LinkTrack/Redirect.asp?LinkID=USW10260" onMouseover="window.status=''; return true">VISA</a></a>

http://www.ncsreporting.com/LinkTrack/Redi...LinkID=USW10260

 

<a href="http://www.qksrv.net/click-1350455-9289743" onMouseover="window.status=''; return true"><a href="http://www.qksrv.net/click-1350455-9289743" onMouseover="window.status=''; return true">MORTGAGES</a></a>

http://www.qksrv.net/click-1350455-9289743

 

<a href="http://www.<a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">alienware</a>.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true"><a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">INTEL</a></a>

http://www.<a href="http://www.<a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">alienware</a>.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true"><a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">alienware</a></a>.com/index.aspx?from=vertygo:gaming_pc_banner_468x60

 

<a href="http://www.<a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">alienware</a>.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true"><a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">ATHLON</a></a>

http://www.<a href="http://www.<a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">alienware</a>.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true"><a href="http://www.alienware.com/index.aspx?from=vertygo:gaming_pc_banner_468x60" onMouseover="window.status=''; return true">alienware</a></a>.com/index.aspx?from=vertygo:gaming_pc_banner_468x60

 

 

 

 

I've tried everything, including system restores. But this problem just won't go away. My log is below. Has anyone else had this problem or know how to fix it?

 

 

Regards,

Adam

 

 

 

Please find my HJT log below:

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 3:27:44 PM, on 6/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Macro Magic\Macros.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Adam\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

 

\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINDOWS\system32\bhrw.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0

 

\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

 

AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0

 

\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

 

AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.

 

dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [MS_Critical_Update] c:\CriticalUpdate.exe

O4 - HKLM\..\Run: [RegistryMon] c:\registry.pif

O4 - HKLM\..\Run: [Microsoft Security Hot Fix] "%SystemRoot%\mshotfix.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE

 

"REBOOT"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

 

Loader.exe

O4 - Global Startup: dwin32.exe

O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\Macro Magic\Macros.exe

O4 - Global Startup: screensaver.scr

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.

 

html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/

 

cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll

 

/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/

 

3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar

 

.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/

 

cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.

 

com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1082059925531

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/

 

qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/

 

CAB/x86/unicode/iuctl.CAB?38091.8841550926

O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://intranet.coneinc.com/

 

solweb/SDClientTools.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F11964E-0374-47C5-9F88-3DF53A2557DE}: NameServer = 128.230.12.5

 

,128.230.1.49

O17 - HKLM\System\CS1\Services\Tcpip\..\{3F11964E-0374-47C5-9F88-3DF53A2557DE}: NameServer = 128.230.12.5

 

,128.230.1.49

O17 - HKLM\System\CS2\Services\Tcpip\..\{3F11964E-0374-47C5-9F88-3DF53A2557DE}: NameServer = 128.230.12.5

 

,128.230.1.49

Edited by adam6803

Share this post


Link to post
Share on other sites

Go to http://tomcoyote.org/hjt/ , and download 'Hijack This!'.

Unzip to it's own permant folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log somewhere, and please show us its contents.

 

Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

O4 - HKLM\..\Run: [MS_Critical_Update] c:\CriticalUpdate.exe

O4 - HKLM\..\Run: [RegistryMon] c:\registry.pif

O4 - HKLM\..\Run: [Microsoft Security Hot Fix] "%SystemRoot%\mshotfix.exe"

O4 - Global Startup: dwin32.exe

O4 - Global Startup: screensaver.scr

Reboot, and delete

 

files

c:\CriticalUpdate.exe

c:\registry.pif

c:\windows\mshotfix.exe

dwin32.exe

screensaver.scr

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

I'm having the same problem used Spyboot, Adaware, HJT, the log showed the first three:

O4 - HKLM\..\Run: [MS_Critical_Update] c:\CriticalUpdate.exe

O4 - HKLM\..\Run: [RegistryMon] c:\registry.pif

O4 - HKLM\..\Run: [Microsoft Security Hot Fix] "%SystemRoot%\mshotfix.exe"

but not the rest

this is the HJT log

 

Logfile of HijackThis v1.97.7

Scan saved at 23:42:52, on 4/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Arquivos de programas\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Arquivos de programas\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Arquivos de programas\Logitech\iTouch\iTouch.exe

C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe

C:\Arquivos de programas\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Wilton\Meus documentos\Programas\adaware\HijackThis.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

F0 - system.ini: Shell=

F2 - REG:system.ini: Shell=

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINDOWS\system32\bhrw.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Arquivos de programas\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Arquivos de programas\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTDVDDET] C:\Arquivos de programas\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Arquivos de programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Arquivos de programas\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local

O4 - HKCU\..\Run: [RemoteCenter] C:\Arquivos de programas\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [Popup Killer] C:\Arquivos de programas\Innovative Technologies\Advanced Popup Killer 2003 version 3.5\Killer.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

What do you think do I have chance of geting rid of this anoying thing? :blush:

Share this post


Link to post
Share on other sites

I was having the same prob. Compared my log with yours and found out that the culprit was the Download Accelerator Pro. Removed it and now it looks to be fixed.

Share this post


Link to post
Share on other sites

Sorry guys, false alarm! :blush: DAP is not guilty!!

 

The problem is in the bhrw.dll file!! (in my case, the bhrw_ie.dll file, which causes the same problem)

 

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINDOWS\system32\bhrw_ie.dll

 

This issue is NOT addressed by Ad-aware or Spybot (I tried both).

 

Just check the line which contais bhrw.dll or bhrw_ie.dll in Hijackthis! and click Fix checked. Then go to c:\windows\system32 dir and make sure that this file is deleted!

 

The issue is addressed in the following links:

 

http://www.d-a-l.com/help/showthread.php?t=10594

 

http://www.webuser.co.uk/cgi-bin/forums/sh...sb=5&o=93∂=

 

http://computercops.biz/postt31102.html

 

http://castlecops.com/postt28784.html

 

 

In case somebody is looking for this info on the net (google etc), I compiled some keywords which could trigger the hyperlinks Explorer:

 

athlon mortgages hotels discover area51 alienware amazon visa mastercard book cruises vacation advanta flight "discount airfare" "american express" "rental cars" "airline tickets" note "video card"

 

The question is: how dit that file get there?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0