• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
marissa

Help! I can't get rid of CWS hijacker!

2 posts in this topic

Hello all,

 

Several days ago my homepage started resetting to res://mshp.dll/index.html#37049. It turns out I have recently been infected with the CWS virus, and I downloaded CWShredder. It runs it's course and removes CWS affiliate: WINSHOW. I set CWShredder to delete instead of moving files to recycle bin.

 

I searched for the CWShredder update before running and it said I had the most recent version. I have run adaware to no avail. Even after running shredder, if I reopen Explorer my homepage invariably returns to res://mshp.dll/index.html#37049.

 

I'd also like to ad that since I've been infected with this virus, I am unable to access my control panel to add/remove items.

 

I use Windows 98. Is there any help for me? My Hijack this log is at the bottom of this post.

 

Thanks to all!

Marissa

 

Logfile of HijackThis v1.97.7

Scan saved at 7:37:30 PM, on 6/9/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE

C:\WINDOWS\SYSTEM\DAEMON.EXE

C:\WINDOWS\SYSTEM\PRPCUI.EXE

C:\WINDOWS\SYSTEM\IBMBAYSN.EXE

C:\WINDOWS\SYSTEM\IBMBAY2M.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\WINDOWS\SYSTEM\S3MON.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE

C:\PROGRAM FILES\THINKPAD\UTILITIES\TPONSCR.EXE

C:\PROGRAM FILES\AIM\AIM.EXE

C:\PROGRAM FILES\QUICK VIEW PLUS\PROGRAM\QVP32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SOL.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE

C:\PROGRAM FILES\COMMON FILES\MOZILLA.ORG\GRE\1.4F_2003062408\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://corporate.ul.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\bqjb0tcw.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\bqjb0tcw.slt\prefs.js)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\IETH\IETH32.DLL

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\PROGRAM FILES\SAFEGUARD POP-UP BLOCKER PRO FREE EDITION\POPUPBLOCKER.DLL

O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\SYSTEM\PDF6D5A.DLL

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\IETH\APPAG.DLL

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\IETH\IPKV32.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (file missing)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE

O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe

O4 - HKLM\..\Run: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [iBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE

O4 - HKLM\..\Run: [iBMUltraBayHotSwapCPLLoader] c:\windows\SYSTEM\IBMBAY2M.EXE

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [s3Mon] S3Mon.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\SYSTEM\PDFUPD.DLL

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

O4 - HKLM\..\Run: [safeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\PDF6D5A.DLL

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install

O4 - HKCU\..\RunOnce: [updater] rundll32 C:\WINDOWS\APPLIC~1\IETH\IETH32.dll,UpdateDll s

O4 - Startup: Quick View Plus.lnk = C:\Program Files\Quick View Plus\Program\qvp32.exe

O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {21157916-4d49-11d4-a3e0-00c04fa32518} -

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7973.5448263889

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0