• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
johnnywel

help

5 posts in this topic

I have read and tried all of the suggestions to remove the browser hijackers. I have run a search with spy bot and with CW Shredder. I tried to download Ad-aware but the hijacker seems to not let the download occur. I have run HiJack this and this is the report that it gave.

If you could take a look at this, I would be greatly appreciative.

 

Logfile of HijackThis v1.97.7

Scan saved at 7:36:47 PM, on 6/8/2004

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\WINNT\System32\svchost.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\Webscanx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\pctspk.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINNT\system32\PRPCUI.exe

C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe

C:\Program Files\iPod\bin\iPodManager.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Picasa\PicasaMediaDetector.exe

C:\WINNT\system32\wind.exe

C:\WINNT\runwin32.exe

C:\WINNT\wininet32.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\Program Files\Palm\HOTSYNC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\system32\wuauclt.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe

O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [window.exe] C:\WINNT\system32\window.exe

O4 - HKCU\..\Run: [wind.exe] C:\WINNT\system32\wind.exe

O4 - HKCU\..\Run: [runwin32] C:\WINNT\runwin32.exe

O4 - HKCU\..\Run: [wininet32] C:\WINNT\wininet32.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hello johnny

 

Looks like you have a combined virus/spyware problem

 

These processes are either viral or a variant of cool web search so they need to go

 

 

O4 - HKCU\..\Run: [window.exe] C:\WINNT\system32\window.exe

O4 - HKCU\..\Run: [wind.exe] C:\WINNT\system32\wind.exe

O4 - HKCU\..\Run: [runwin32] C:\WINNT\runwin32.exe

O4 - HKCU\..\Run: [wininet32] C:\WINNT\wininet32.exe

 

and i would also remove these as well

restart your computer afterwards and then see if you can download adaware

http://www.lavasoft.de/support/download/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

Edited by Charybdis

Share this post


Link to post
Share on other sites

Hi Charybdis,

I was able to download Ad Aware and it pulled up about 25 problems. Transponder data miner, tracking cookies, and coolWebSearch. The interesting thing is that the cool websearch stuff seems to be attached to a bunch of the my favorites. I'm assuming that I should delete these particular favorites.

Also, when I run CW shredder it says that "All not present" for known trojans but it cleans up or "restores" 8 items in the Internet Explorer Pages.

I will delet all of the things that Ad Aware brought up. Should I then send you a new list from the HiJack this? Thanks for you help and I am going to see if everything appears to be ok.

-Johnny

Share this post


Link to post
Share on other sites

Delete everything adaware found, did you update adaware before running it, also i forgot to mention to tell you to open adaware, click start then customize then tick scan my hosts and my favourites.

 

note, cwshredder will only remove cool web search, you need another antivirus program to remove the others

 

try

http://www.bitdefender.com/scan/licence.php

 

sorry gotta go be back in about 2 hrs

Edited by Charybdis

Share this post


Link to post
Share on other sites

Hi Charybdis,

It looks like everything is ok. I'll check and let you know if this pops up again. I really appreciate your help and think that this solved everything.

John

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0