• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Castle4kq

Url Searchhook

8 posts in this topic

My computer has the urlseachhook infection. I tried CWShredder but it didn't work. Everytime I go into Hijack This to delete it, it just comes back. Any ideas???

 

Logfile of HijackThis v1.97.7

Scan saved at 8:06:35 PM, on 6/14/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL__SpybotSDDisabled (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7921.3589814815

O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://nugs.net/dev/dlControl.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/03312754df0e2f548b18/...ip/RdxIE601.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

Castle4kq and microbug, Please see http://www.spywareinfoforum.com/index.php?showtopic=148

 

Castle4kq,

 

Download: "StartDreck", from here:

http://www.niksoft.at/download/startdreck.htm

 

Unzip to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select the location to save the log file

(default is the same folder as the application)

 

Post the log in this thread.

Edited by Scoff

Share this post


Link to post
Share on other sites

Scoff,

 

Here is the Startdreck log.

 

StartDreck (build 2.1.5 public BETA) - 2004-06-16 @ 11:35:16

Platform: Windows 98 SE (Win 4.10.2222 A)

 

»Registry

»Run Keys

»Current User

»Run

*TV Media=C:\TV MEDIA\TVM.EXE

»RunOnce

*TV Media=C:\TV MEDIA\TVM.EXE

»Default User

»Run

*TV Media=C:\TV MEDIA\TVM.EXE

»RunOnce

*TV Media=C:\TV MEDIA\TVM.EXE

»Local Machine

»Run

*SystemTray=SysTray.Exe

*TV Media=C:\TV MEDIA\TVM.EXE

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

*TV Media=C:\TV MEDIA\TVM.EXE

»RunServices

»RunServicesOnce

**szb=rundll32 C:\WINDOWS\SYSTEM\KBDFG.DLL,StreamingDeviceSetup

»RunOnceEx

»RunServicesOnceEx

»Files

»System/Drivers

»Running Processes

*FFCFC93D=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFF891D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFF848D=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFE378D=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFEDA09=C:\WINDOWS\RUNDLL32.EXE

*FFFD54A5=C:\WINDOWS\EXPLORER.EXE

*FFFDD969=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFFD87D9=C:\WINDOWS\SYSTEM\WMIEXE.EXE

*FFFAD181=C:\WINDOWS\SYSTEM\SPOOL32.EXE

*FFF94C6D=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFFE93AD=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

*FFFB29B9=C:\PROGRAM FILES\HIJACK THIS\STARTDRECK\STARTDRECK.EXE

»Application specific

Share this post


Link to post
Share on other sites

Download: "Win98Fix.zip" from here:

http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm

 

Unzip to its own folder.

 

Open Folder and double click on RunFix.reg file.

Hit 'Yes' to merge it into your registry.

Restart your computer.

 

The bad file should now be visible so you can delete it.

Browse to C:\WINDOWS\SYSTEM\KBDFG.DLL

Right click select 'Properties' and remove any 'Read only' protection.

Right click again and select 'Delete'.

 

(If you cannot find the file, run the 'Who.bat' file in the folder.

The file will be found and listed.)

 

Make sure you have the latest version of CWShredder (v1.59), open it and hit update or download CWShredder from here, run the program, select 'fix' (not scan only) and let it fix everything that it finds.

 

Download Spybot Search and Destroy from here. Install the program, open it and click the Search for Updates button. When updates are found, put a check mark next to all and click the Download Updates button. Now click the Search & Destroy icon in the left pane, then the Check for problems button at the bottom of the window. When the scan completes, make sure all the items in RED are ticked, then click the Fix Selected Problems button. Screenshot instructions for installation and setup are here if needed.

 

Download Adaware from here. Install the program, launch it and configure it as follows. Screenshot instructions for setup are here if needed.

  • In the main window look in the bottom right corner and click on Check for updates now and download the latest reference files.
  • Make sure the following settings are made and on (ON = GREEN)
  • From main window : Click Start then Activate in-depth scan (recommended)
  • Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.
  • Now click on the Tweak button in that same window. Under Scanning Engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot.
  • Click Proceed to save your settings. Now to scan just click the Next button.
  • When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot and post a fresh log, there is more to clean up!

Edited by Scoff

Share this post


Link to post
Share on other sites

Scoff, thanks for all your help so far. Here is the latest startdreck.

 

StartDreck (build 2.1.5 public BETA) - 2004-06-28 @ 17:49:07

Platform: Windows 98 SE (Win 4.10.2222 A)

 

»Registry

»Run Keys

»Current User

»Run

*TV Media=C:\TV MEDIA\TVM.EXE

»RunOnce

*TV Media=C:\TV MEDIA\TVM.EXE

»Default User

»Run

*TV Media=C:\TV MEDIA\TVM.EXE

»RunOnce

*TV Media=C:\TV MEDIA\TVM.EXE

»Local Machine

»Run

*SystemTray=SysTray.Exe

*TV Media=C:\TV MEDIA\TVM.EXE

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

*TV Media=C:\TV MEDIA\TVM.EXE

»RunServices

»RunServicesOnce

»RunOnceEx

»RunServicesOnceEx

»File Associations (CR)

*.bat

*batfile="%1" %*

*.com

*comfile="%1" %*

*.disabled

*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\blindman.exe" %1

*.exe

*exefile="%1" %*

*.hta

*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

*.htm

*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome

*.html

*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome

*.js

*JSFile=C:\WINDOWS\WScript.exe "%1" %*

*.jse

*JSEFile=C:\WINDOWS\WScript.exe "%1" %*

*.pif

*piffile="%1" %*

*.scr

*scrfile="%1" /S

*.txt

*txtfile=C:\WINDOWS\NOTEPAD.EXE %1

*.vbs

*VBSFile=C:\WINDOWS\WScript.exe "%1" %*

*.vbe

*VBEFile=C:\WINDOWS\WScript.exe "%1" %*

*.wsh

*WSHFile=C:\WINDOWS\WScript.exe "%1" %*

*.wsf

*WSFFile=C:\WINDOWS\WScript.exe "%1" %*

*.lnk

`lnkfile= [key or value does not exist]

»Browser Helper Objects (LM)

*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

*BHO.IncrediFindBHO.1/{5D60FF48-95BE-4956-B4C6-6BB168A70310}

`InprocServer32=C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL__SpybotSDDisabled

*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}

`InprocServer32=c:\program files\google\googletoolbar1.dll

»Files

»Autostart Folders

»Current User

»Default User

»Local Machine

»INI-Files

»WIN.INI\[windows]

*LOAD=

*RUN=

»SYSTEM.INI\[boot]

*SHELL=Explorer.exe

»Text Files

*C:\msdos.sys

*C:\config.sys

*C:\autoexec.bat

*C:\WINDOWS\dosstart.bat

*C:\WINDOWS\wininit.bak

»System/Drivers

»Running Processes

*FFCF02A3=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFF4283=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFF4F13=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFFEA803=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFFED63F=C:\WINDOWS\EXPLORER.EXE

*FFFDA2D7=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFFD1B3F=C:\WINDOWS\SYSTEM\WMIEXE.EXE

*FFFBA84B=C:\WINDOWS\NOTEPAD.EXE

*FFFECCBF=C:\PROGRAM FILES\HIJACK THIS\STARTDRECK\STARTDRECK.EXE

»NT Services

»Application specific

Share this post


Link to post
Share on other sites

It looks like CWS has gone. Can you post a new hijack this log as well to double check what else needs to be cleaned.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0