• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Screaminghell

CWS wont pick this up and It wont go away with HJT

4 posts in this topic

My browser is being hijacked by "res://socna.dll/index.html#96676" but that ".dll" file gets regenerated. :unsure: Here is my HJT log but whenever I delete the bad files they are regenerated just like the about:blank problem, but I cannot get rid of this one :techsupport: also startup Monitor keeps asking if i want "msfx32.exe" (or something like that) of course i dont let it run but it keeps appearing. thank you so much in advance.

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\socna.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://socna.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://socna.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\socna.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://socna.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\socna.dll/sp.html#96676

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C88D1F4A-0570-A95A-9CF7-DE2D8831986E} - C:\WINDOWS\netpb.dll

O2 - BHO: (no name) - {D6036847-0CE9-CD98-8490-CBE09650BB49} - C:\WINDOWS\winna.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [win updates] wugrds.exe

O4 - HKLM\..\Run: [Microsoft Update] SCVHOSTXP.exe

O4 - HKLM\..\Run: [RasCon Remote Access Service Manager] rasmngr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\RunServices: [win updates] wugrds.exe

O4 - HKLM\..\RunServices: [Microsoft Update] SCVHOSTXP.exe

O4 - HKLM\..\RunServices: [RasCon Remote Access Service Manager] rasmngr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [win updates] wugrds.exe

O4 - HKCU\..\Run: [RasCon Remote Access Service Manager] rasmngr.exe

O4 - HKCU\..\Run: [Microsoft Update] SCVHOSTXP.exe

O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe

O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe

O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8146.6848726852

 

thanks again

Edited by Screaminghell

Share this post


Link to post
Share on other sites

I think that the thing that you are missing is running fixdll. Here is the order that did it for me.

 

Run HJT and "fix" all of the R0 and R1 lines.

 

Then change your homepage manually in your Control Panel>Internet Options

 

Then run dllfix. That worked for me. At the first option, choose 2 for fix. At the second prompt, select 2. "fix without DLL name ..." and let it run. It will probably need to reboot and control your startup to get rid of the hidden .dll generating files.

 

After you are back up, check your homepage setting again in control panel, run Shredder one more time and then run Adware or Spybot S&D and then see if your browser stays hijack free. (I found Adware to be more effective. There is presently a bug in Spybot that gives my system false readings of DSO exploits. The Spybot folks are working on it but the patch isn't done yet.)

 

I am far from an expert, but that sequence worked for me with dealing with CWS search X

 

Make sure you have the software downloaded, unzipped and ready to go before you start this sequence if you haven't downloaded the programs already. dllfix was the silver bullet for me. Hope this helps!

Share this post


Link to post
Share on other sites
:techsupport: thanks for taking the time to help! After running fixdll, it removes a few things but then gives me the prompt "Error: The system was unable to find the specified registry key or values." and after rebooting everything is regenerated again. :techsupport:

Share this post


Link to post
Share on other sites

also, after i delete all of the bad files and restore everything the bad files aren't regenerated until I get the pop titled "only the best" then i have a newly regenerated .dll files...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0