• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
capraru

Jksearch - MERGED 2 threads

4 posts in this topic

CWS- Jksearch

I can't remove it from my computer OS 2000NT Prof

Thanks in advance!

 

 

My Hijackthis.log is:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:09:33, on 2004-06-11

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE

C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\PspContr.Exe

C:\WINNT\system32\Promon.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\QuickTime\qttask.exe

C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe

C:\WINNT\system32\internat.exe

C:\Program\C Technologies\C-Pen 10\CPen10.exe

C:\Program\Nikon\NkView5\NkvMon.exe

C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe

C:\Program\Microsoft Office\Office\1053\msoffice.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\winnt\iehr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll (file missing)

O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll

O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)

O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll

O4 - HKLM\..\Run: [PspContr] PspContr.Exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [sMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [scanSpyware v3.5] "C:\Program\ScanSpyware v3.5\Scanner.exe"

O4 - Startup: Digital Patrol Update.lnk = C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: C-Pen 10.lnk = C:\Program\C Technologies\C-Pen 10\CPen10.exe

O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program\FotoStation Easy\FotoStation Easy AutoLaunch.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView5\NkvMon.exe

O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm

O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm

O9 - Extra button: Merriam-Webster (HKLM)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00000000-0000-0000-0000-000020030000} -

O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4...0367/wmavax.CAB

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5...WebMonProj1.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail4.sll.se/iNotes.cab

O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} -

O16 - DPF: {2DBEFB64-B6C4-4A2C-BE6A-16FF065B99C6} (cuadruple Class) -

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail4.sll.se/iNotes6.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe

O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/sw/5/060204se.exe

O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://pclog/install/Client/insftwebcli.exe

O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://mail3.sll.se/download/dolcontrol.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200310...llInstaller.exe

O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) -

O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C365} - http://content.netvenda.com/sites/games-se/se/games6.cab

O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C369} - http://content.netvenda.com/sites/games-se/se/games6.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8118.0593171296

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.merriam-webster.com/tools/toolbar/cabs/m-w.cab

Edited by capraru

Share this post


Link to post
Share on other sites

Download http://www.spywareinfo.com/~merijn/files/CWShredder.exe and run it.

 

Then download http://www.spywareinfo.com/~merijn/files/hijackthis.zip

 

Create a folder for Hijackthis e.g. C:\HJT, and extract Hijackthis.exe from the zip to the folder.

 

Run the program from it's folder. Click "scan", when the scan button changes to "save log", save the log, and copy and paste the WHOLE thing into a post in this thread.

Share this post


Link to post
Share on other sites

This is the new log after cleaning with Hijackthis:

Logfile of HijackThis v1.97.7

 

 

Scan saved at 14:55:51, on 2004-06-11

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE

C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\PspContr.Exe

C:\WINNT\system32\Promon.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\QuickTime\qttask.exe

C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

C:\WINNT\system32\internat.exe

C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe

C:\Program\C Technologies\C-Pen 10\CPen10.exe

C:\Program\Nikon\NkView5\NkvMon.exe

C:\Program\Microsoft Office\Office\1053\msoffice.exe

C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll

O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll

O4 - HKLM\..\Run: [PspContr] PspContr.Exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [sMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [MSNSysRestore] C:\WINNT\system32\pc32.exe bg

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [scanSpyware v3.5] "C:\Program\ScanSpyware v3.5\Scanner.exe"

O4 - Startup: Digital Patrol Update.lnk = C:\Program\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: C-Pen 10.lnk = C:\Program\C Technologies\C-Pen 10\CPen10.exe

O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program\FotoStation Easy\FotoStation Easy AutoLaunch.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView5\NkvMon.exe

O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = C:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm

O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm

O9 - Extra button: Merriam-Webster (HKLM)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4...0367/wmavax.CAB

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5...WebMonProj1.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mail4.sll.se/iNotes.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail4.sll.se/iNotes6.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://mail3.sll.se/download/dolcontrol.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200310...llInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8118.0593171296

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.merriam-webster.com/tools/toolbar/cabs/m-w.cab

Share this post


Link to post
Share on other sites

Are you running two antivirus programs? :huh:

 

Is ScanSpyware something that you bought or is it a trial version? If it's a trial version uninstall it, there are better programs for free.

 

I don't see anything really bad left, but you can fix these items with Hijackthis if you want:

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

 

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

 

Put a check against each one in HJT, close all other windows and click "Fix Checked"

 

I'd also recommend you read this article for advice on preventing yourself being hijacked again http://www.spywareinfo.com/articles/hijacked/prevent.php

Edited by expertec

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0