• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
elaanela

Hijack This Log for drsnsrch.com

4 posts in this topic

Hi,

After finally getting rid of my popups, I am still trying to get rid of drsnsrch.com, which now automatically comes up instead the regular IE error page.

 

I have tried to follow the instructions given here for eliminating spyware (I have run Adaware 6, have switched to using Mozilla Firefox instead of Explorer, etc.). I ran the Hijack This program and deleted all the most obvious files with drsnsrch in the description. However, I don't think this has eliminated the problem. Can someone please tell me if there are other files I need to delete? I hate the idea of having this stuff on my computer.

 

Thanks in advance for your expertise and I apologize if I have accidentally broken any rules for posting on this site!

EL

 

Logfile of HijackThis v1.97.7

Scan saved at 11:08:47 PM, on 6/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Iomega HotBurn\Autolaunch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\progra~1\samsung\smarthru\PORTCTRL.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\ugiygi.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\PackethSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\System32\gearsec.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.wm.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 2011

O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - (no file)

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [GW Port Controller] c:\progra~1\samsung\smarthru\PORTCTRL.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"

O4 - HKLM\..\Run: [WordPerfect Office 1115] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="WordPerfect Office 11" /date=061704 serial=WP11WED-0234930-LAG

O4 - HKLM\..\Run: [workflo(1)] D:\install\workflow.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [cbiretaj] C:\WINDOWS\cbiretaj.exe

O4 - HKLM\..\Run: [ijiufwq] C:\WINDOWS\System32\ugiygi.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Support (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

Edited by elaanela

Share this post


Link to post
Share on other sites

Hi,

 

You broke no rules .. ;)

 

Reset your Web settings:

 

Right click on your blue Internet Explorer icon on your desktop, click on 'Properties', then click on 'Programs' ..... and click 'Reset Web Settings' .. then click APPLY, and OK ...... reboot

 

Run Hijack's scan again, select the following, then click on 'FIX' ....

 

O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - (no file)

 

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

 

O4 - HKLM\..\Run: [cbiretaj] C:\WINDOWS\cbiretaj.exe

O4 - HKLM\..\Run: [ijiufwq] C:\WINDOWS\System32\ugiygi.exe

 

************

 

Download the new Spybot 1.3 Final ,

 

Open Spybot and click 'check for problems , when it's finished, click on 'fix problems' ...... that will be everything listed in red,

 

After you it has finished deleting, switch to the 'Advanced Mode' , it's in the top menu,

 

Look to the left and click on 'TOOLS', when that opens click on 'Browser Pages' ......

 

Look in the right window through all the website names. Do you see anything with drsnsrch.com, if you do .... click it, then click on 'CHANGE' .... either use 'microsoft defaults' or change to what you like,

 

That tweak is a backup to the 'reset web settings' ..... you shouldn't find it, but if you do, change it,

 

:)

Share this post


Link to post
Share on other sites

Dear Starwaves,

Thanks again for taking the time to help me out. I could have never figured this out without you. It seems like this has solved my problem, so far so good! Great site, and very generous of all of you who take the time to reply to the posts.

Have a great night!

EL

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0