• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Jim6q

Nothing has worked

12 posts in this topic

I've tried every suggestion and still cannot eliminate being hijacked when I try to search from the microsoft web browser address box. Please help

 

Logfile of HijackThis v1.97.7

Scan saved at 4:47:20 PM, on 6/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINDOWS\System32\SxgTkBar.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\PROGRA~1\IMAGEC~1\2Tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Eraser\eraser.exe

D:\Program Files\Netscape\Netscape\Netscp.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Sony\Giga Pocket\usbsircs.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

C:\WINDOWS\DownloadWizard\DownloadWizard.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\Sony\Giga Pocket\gps.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\SONY PREFERRED USER\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: # Mozilla User Preferences

 

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

 

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");

user_pref("mail.smtpservers", "");

user_pref("mail.ui.folderpane.version", 3);

user_pref("mailnews.global_html_domains.version", 2);

user_pref("mailnews.html_domains", "netscape.net,netscape.com,aol.com,cs.com,yahoo.com,hotmail.com,msn.com");

user_pref("m

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect 10\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Startup: DLHelperEXE.exe

O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Giga Pocket Initialize.lnk = C:\Program Files\Sony\Giga Pocket\initovl.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = C:\Program Files\Sony\Giga Pocket\usbsircs.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Qshelf.lnk = C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../dlp/popup.html

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37581.5478125

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n6/dlhelper.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

O17 - HKLM\System\CCS\Services\Tcpip\..\{732E6BAC-7B83-4066-AD4C-68C8ACC30B6B}: NameServer = 206.246.140.95 198.70.36.70

Edited by Jim6q

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

I'm still not sure about how to respond. Yesterday I modified my original post with the log file. Today I think I'm doing it right by using the ad reply button. Here is the log file - Thanks for your help

 

Logfile of HijackThis v1.97.7

Scan saved at 4:47:20 PM, on 6/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINDOWS\System32\SxgTkBar.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\PROGRA~1\IMAGEC~1\2Tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Eraser\eraser.exe

D:\Program Files\Netscape\Netscape\Netscp.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Sony\Giga Pocket\usbsircs.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

C:\WINDOWS\DownloadWizard\DownloadWizard.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\Sony\Giga Pocket\gps.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\SONY PREFERRED USER\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: # Mozilla User Preferences

 

/* Do not edit this file.

*

* If you make changes to this file while the browser is running,

* the changes will be overwritten when the browser exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see http://www.mozilla.org/unix/customizing.html#prefs

*/

 

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");

user_pref("mail.smtpservers", "");

user_pref("mail.ui.folderpane.version", 3);

user_pref("mailnews.global_html_domains.version", 2);

user_pref("mailnews.html_domains", "netscape.net,netscape.com,aol.com,cs.com,yahoo.com,hotmail.com,msn.com");

user_pref("m

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect 10\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Startup: DLHelperEXE.exe

O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Giga Pocket Initialize.lnk = C:\Program Files\Sony\Giga Pocket\initovl.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = C:\Program Files\Sony\Giga Pocket\usbsircs.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Qshelf.lnk = C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../dlp/popup.html

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37581.5478125

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n6/dlhelper.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

O17 - HKLM\System\CCS\Services\Tcpip\..\{732E6BAC-7B83-4066-AD4C-68C8ACC30B6B}: NameServer = 206.246.140.95 198.70.36.70

Share this post


Link to post
Share on other sites

:wave: We are dealing with one smart :evilgrin: Just to digress for a moment - I wrote a book "POTPOURRI - APPALACHIAN MOUNTAIN DULCIMER" some years back that includes a lot of info on how to locate frets. I had two retired engineering friends of mine over yesterday to discuss fretting, etc and one of them has the same browser problem I have. Everytime we run Spybot we get 5 DSO's. His son is a programer and he can't fix. I have read and tried all of the suggestions and nothing has worked so far. l am determined to get rid of having my Micrsosoft Browser address bar highjacked even though it is not causing me a big problem. However, I need help to do this. Here is an update Highjackthis file.

 

Logfile of HijackThis v1.97.7

Scan saved at 4:26:36 AM, on 6/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINDOWS\System32\SxgTkBar.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\PROGRA~1\IMAGEC~1\2Tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Eraser\eraser.exe

C:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Netscape\Netscape\Netscp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Sony\Giga Pocket\usbsircs.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

C:\WINDOWS\DownloadWizard\DownloadWizard.exe

C:\Program Files\Sony\Giga Pocket\gps.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\SONY PREFERRED USER\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SONY PREFERRED USER\Application Data\Mozilla\Profiles\default\aosw90x4.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect 10\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Startup: DLHelperEXE.exe

O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Giga Pocket Initialize.lnk = C:\Program Files\Sony\Giga Pocket\initovl.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = C:\Program Files\Sony\Giga Pocket\usbsircs.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Qshelf.lnk = C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../dlp/popup.html

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37581.5478125

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n6/dlhelper.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

O17 - HKLM\System\CCS\Services\Tcpip\..\{732E6BAC-7B83-4066-AD4C-68C8ACC30B6B}: NameServer = 206.246.140.95 198.70.36.70

 

Thanks for any help you can give me.

Share this post


Link to post
Share on other sites

:wave: We are dealing with one smart :evilgrin: Just to digress for a moment - I wrote a book "POTPOURRI - APPALACHIAN MOUNTAIN DULCIMER" some years back that includes a lot of info on how to locate frets. I had two retired engineering friends of mine over yesterday to discuss fretting, etc and one of them has the same browser problem I have. Everytime we run Spybot we get 5 DSO's. His son is a programer and he can't fix. I have read and tried all of the suggestions and nothing has worked so far. l am determined to get rid of having my Micrsosoft Browser address bar highjacked even though it is not causing me a big problem. However, I need help to do this. Here is an update Highjackthis file.

 

Logfile of HijackThis v1.97.7

Scan saved at 4:26:36 AM, on 6/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe

C:\WINDOWS\System32\SxgTkBar.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Trend Micro\Internet Security\pccguide.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\PROGRA~1\IMAGEC~1\2Tray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Eraser\eraser.exe

C:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Netscape\Netscape\Netscp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe

C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

C:\Program Files\Sony\Giga Pocket\usbsircs.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

C:\WINDOWS\DownloadWizard\DownloadWizard.exe

C:\Program Files\Sony\Giga Pocket\gps.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\SONY PREFERRED USER\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SONY PREFERRED USER\Application Data\Mozilla\Profiles\default\aosw90x4.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: (no name) - {30A56549-9D5B-4D34-AFA7-440A7F0538A9} - C:\Program Files\Open Site\opnste.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect 10\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - HKLM\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [2Tray.exe] C:\PROGRA~1\IMAGEC~1\2Tray.exe

O4 - Startup: BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Startup: DLHelperEXE.exe

O4 - Startup: eBot.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Giga Pocket Initialize.lnk = C:\Program Files\Sony\Giga Pocket\initovl.exe

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = C:\Program Files\Sony\Giga Pocket\usbsircs.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Qshelf.lnk = C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe

O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../dlp/popup.html

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37581.5478125

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/ve...n6/dlhelper.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312

O17 - HKLM\System\CCS\Services\Tcpip\..\{732E6BAC-7B83-4066-AD4C-68C8ACC30B6B}: NameServer = 206.246.140.95 198.70.36.70

 

Thanks for any help you can give me.

Share this post


Link to post
Share on other sites

Hi,

Everytime we run Spybot we get 5 DSO's

As long as you have all the "Critical Updates" installed, this is not an issue. It a minor bug in SpyBot and you can simply ignore it. [more info]

 

to get rid of having my Micrsosoft Browser address bar highjacked

Hijacked to where?

 

The only questionable file\entry I see is:

 

O4 - Startup: DLHelperEXE.exe

 

Right-click on "DLHelperEXE.exe" and select: Properties | Version

See who that file belongs to, I suspect it may be > CasinoOnNet

If "DLHelperEXE.exe" = "CasinoOnNet", simply follow the "manual" method mentioned in the PestPatrol article.

 

Have HijackThis "fix" the following: ("?" = broken link)

 

O4 - Global Startup: CorelCENTRAL 10.lnk = ?

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

Share this post


Link to post
Share on other sites

I could not find PestPatrol article. Moving DLHelperEXE.exe out of startup group did not help. Run Spybot with all updates and did not help. I fixed problems with HighJack this that was recommended. So far nothing has helped. Anymore suggestion. Thanks for your help.

Share this post


Link to post
Share on other sites

The forum is very busy now. When the Microsoft browser is waiting for awhile the unwanted browser search page comes up. I had to send this with my Netscape browser. My problem is still with me. I want keep using the Mirosoft

Browser if I can get it fixed. Still need help!

Share this post


Link to post
Share on other sites

Hi,

I could not find PestPatrol article.

See who that file belongs to, I suspect it may be > CasinoOnNet <--right there!

http://www.pestpatrol.com/PestInfo/c/casinoonnet.asp

 

Right-click on "DLHelperEXE.exe" and select: Properties | Version

See who that file belongs to

What info is there?

 

Hijacked to where?

A little info on your part would help ...

Share this post


Link to post
Share on other sites

:bounce: Hey there you all. I found the reason. I sent the following email to info@Zuvio.con:

 

You have highjacked the address bar search address bar on my Microsoft

browser. I demand that you tell me how to eliminate what you have taken

over.

 

Here is their answer:

 

Sometime in your internet travels you were offered to download our program,

Open Site. The only way the program is installed is if you click 'Yes' to

download and install it. Here are instructions to uninstall it:

 

 

Look under My Computer->Control Panel->Add/Remove Programs. Is there an

option to remove a program called Open Site? If so, the uninstall function

will clear your computer of all our files.

 

 

I followed the instructions from Zuvio and that corrected the problem.

 

:love: Love to all who have tried to help. Thank you. I hope this can help others who have the same problem.

Share this post


Link to post
Share on other sites

Hi,

Glad to see you have resolved your problem.

oops.gif I should have caught that as I have that site in my HOSTS file.

 

127.0.0.1 zuvio.com #[uCSearch.ucUCSearch]

127.0.0.1 www.zuvio.com #[Adware.OpenSite][OpenSite]

 

I missed that in your last log, as the following appeared in your first log, but not the 2nd one.

 

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB

 

I would still get rid of "DLHelperEXE.exe" :wave:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0