• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
moifay

CWS Problems (IT WONT STOP AHHH)

13 posts in this topic

Hi, I have been having this problem for about a week, I used CWShredder, it worked for a while, then a few days later, it comes back, now in between that time, i have had "Ad-Watch" watching the whole time, yet still, some how, my page loads to "about:blank" can anyone help me? PLEASE? :)

 

 

Hijack this Log:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:57:30 AM, on 09/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Messenger Plus! 2\MsgPlus.exe

D:\WINDOWS\explorer.exe

D:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Winamp\winamp.exe

D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\moifay\Desktop\Spyware Tools\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SKOOL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vc.shawcable.net:8080

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: AOL Instant Messenger (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

O15 - Trusted Zone: *.akamai.net

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll

O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab

O16 - DPF: {BD9B72E4-DC9C-4922-80E9-2D3315E3AADC} (UAClientControl Control) - http://www.ultimatearena.com/UAClientControl.ocx

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - http://www.microsoft.com/typography/clearadj.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab27571.cab

 

 

im also curious about the one that is repeted many times

 

O10 - Unknown file in Winsock LSP: d:\windows\system32\ua_lsp.dll

 

 

any help would be awesome!

 

Thanx in advance,

Moifay

Share this post


Link to post
Share on other sites

also, i have updated adaware 6, and it still doesnt catch anything? i dont understand this!!! how does it keep doing it???

Share this post


Link to post
Share on other sites

--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

09/06/2004

05:07 PM

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

D: "MooKazoo" (ECA4:DA51) - FS:NTFS clusters:4k

Total: 15 348 338 688 [14G] - Free: 344 395 776 [328M]

 

 

*IE version and Service packs:

6.0.2800.1106 D:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.1.2600.0 D:\WINDOWS\system32\notepad.exe

5.1.2600.0 D:\WINDOWS\notepad.exe

*Media Player version :

8.0.0.4490 D:\Program Files\Windows Media Player\wmplayer.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q828750;Q330994;Q824145;Q837009;Q832894;

 

 

 

Locked or 'Suspect' file(s) found...

\\?\D:\WINDOWS\System32\KBDH.DLL +++ File read error

\\?\D:\WINDOWS\System32\KBDH.DLL +++ File read error

 

 

Scanning for main Hijacker:

 

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_Dlls REG_SZ

 

*Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Share this post


Link to post
Share on other sites

Locked or 'Suspect' file(s) found...

\\?\D:\WINDOWS\System32\KBDH.DLL +++ File read error <=== dont even see this file on my computer??? helpppp?

Share this post


Link to post
Share on other sites

this is so weird, i cant find what is causing it to reinstall but everytime i run cwshredder, its "search.x" ????

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0