• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kenshinmuyo

mediatickets problem grr

11 posts in this topic

whenever i'm connected to the net, my ie6 goes to some website asking if i want to install mediatickets. i've run ad-aware and cwshredder and nothing works. it also doesn't let me sign into my e-mail at hotmail.com..any help will be appreciated

 

here is my hijackthis log

 

Logfile of HijackThis v1.97.7

Scan saved at 10:35:25 PM, on 6/11/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\navmgrd.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\systemse.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Wong\My Documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animenfo.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe

O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe

O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8144.8265856481

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{655C969D-BAC9-4892-99D0-8C396FF87205}: NameServer = 198.235.216.110 209.226.175.224

Share this post


Link to post
Share on other sites

I am also having this problem... I've tried everything... I think this is a pretty new problem. I have yet to find any perminant solutions. :mellow:

Share this post


Link to post
Share on other sites

sorry if i'm posting too much..but while i was trying to fix this problem of mine..a dos window popped up onto my desktop and a few lines of coding scrolled across. way too fast for me to read any of it, and then it disappeared. after that happened my ie6 instantly went to another page asking to dl that mediaticket crap....

Share this post


Link to post
Share on other sites
..a dos window popped up onto my desktop and a few lines of coding scrolled across. way too fast for me to read any of it, and then it disappeared.

Same thing happend to me a few mins ago!

 

A dos window opened and said something like...

 

Can't find files [somefile]

sys32.exe...

 

Or something... It went away really fast, I couldn't really see either.

 

 

When you get done with the log file in #private, please look at my log as well in my post. Please.

Share this post


Link to post
Share on other sites

First:

You are running an outdated and therefore unsafe version of Internet Explorer.

You NEED to upgrade to IE 6.0 SP1

http://v4.windowsupdate.microsoft.com/en/default.asp

 

(Make sure you get the correct language version for your operating system! ).

 

Next, go to the Windows Update site, and download and install ALL Critical Updates on offer.

That will fix innumerable bugs, update a large number of important system files, and plug many security holes.

 

 

You also need to install Windows SP1 and all Critical Updates for Windows.

 

This step is mandatory if you are to avoid Gaobot, Sasser, and Help file exploits.

 

 

I realize this is a long a time consuming process, but it is necessary. It can wait until your log is clean, but no longer.

 

 

Second:

1.Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip

2. Install the program and run it.

3. Press 'Restore Original Hosts' and press 'OK'

4. Exit Program.

 

 

Third:

Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. I suggest 'c:\program files\hijackthis\' but any folder other than the Desktop or a temporary folder is fine.

 

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

 

Check the following items in HijackThis.

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe

O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe

O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe

 

Close all windows except HijackThis and click Fix checked:

 

While still in Safe Mode*, delete the following: (you may need to show hidden files**)

C:\WINDOWS\UpdReg.EXE

C:\Windows\System32\navmgrd.exe

C:\Windows\System32\systemse.exe

 

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406

**Show hidden files/folders as per the instructions here http://www.tacktech.com/display.cfm?ttid=190

 

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

 

Reboot in normal mode.

 

Post another HiJackThis log in this thread for review.

Edited by LoPhatPhuud

Share this post


Link to post
Share on other sites

here's my second log, i couldn't finish updating my windows because it crapped out on my half way

 

Logfile of HijackThis v1.97.7

Scan saved at 2:03:18 AM, on 6/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animenfo.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8144.8265856481

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{655C969D-BAC9-4892-99D0-8C396FF87205}: NameServer = 198.235.216.110 209.226.175.224

Share this post


Link to post
Share on other sites

At last, your system is clean and free of spyware! Want to keep it that way?

 

Here are some simple steps you can take to reduce the chance of infection in the future.

 

 

 

1. Adjust your security settings for ActiveX:

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

 

2. Download and install the following free programs]

a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html

c. IE/Spyad: http://www.staff.uiuc.edu/~ehowes/resource.htm

 

1. Install Spyware Detection and Removal Programs:

You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. AdAware: http://www.lavasoft.de/

b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download

 

 

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

Share this post


Link to post
Share on other sites

Thanks for the luck, kenshinmuyo. Hope it stays away for you.

 

Its reassuring to see that there IS a solution!

 

Me next, LoPhatPhuud?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0