Browser redirect and IE pop-ups
Solved/Closed
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
-
Oct 27, 2010 at 03:37 PM
patring87 Posts 9 Registration date Tuesday October 26, 2010 Status Member Last seen October 29, 2010 - Oct 29, 2010 at 08:20 PM
patring87 Posts 9 Registration date Tuesday October 26, 2010 Status Member Last seen October 29, 2010 - Oct 29, 2010 at 08:20 PM
Related:
- Browser redirect and IE pop-ups
- Torch browser - Download - Browsers
- Google redirect - Guide
- Flock browser - Download - Browsers
- Redirect blocker opera - Guide
- Uc browser - Download - Browsers
9 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 27, 2010 at 03:51 PM
Oct 27, 2010 at 03:51 PM
Greetings
Thanks you for the log.
1. Please run another Hyjackthis scan, no log and check the following:
O4 - HKCU\..\Run: [Nfatuyosegef] rundll32.exe "C:\Users\PATRICIA\AppData\Local\LAuibsLe.dll",Startup
O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\PATRICIA\AppData\Roaming\000837E740018246B1830D29C877B375\mediafix70700 en02.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
2. Now click on fic checked and close Hyjackthis
3. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Good luck
Thanks you for the log.
1. Please run another Hyjackthis scan, no log and check the following:
O4 - HKCU\..\Run: [Nfatuyosegef] rundll32.exe "C:\Users\PATRICIA\AppData\Local\LAuibsLe.dll",Startup
O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\PATRICIA\AppData\Roaming\000837E740018246B1830D29C877B375\mediafix70700 en02.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
2. Now click on fic checked and close Hyjackthis
3. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Good luck
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 27, 2010 at 04:17 PM
Oct 27, 2010 at 04:17 PM
Hello!
Thank you so much for such a quick reply. I didn't notice until now that I haven't clicked the search and destroy icon on spybot, nevertheless it is currently finding problems on my laptop. After I downloaded the spybot and run it, my antivirus is now blocking only one site but the other symptoms are still present. I will follow your advice and update you on the progress as soon as I can. Again, Thank you.
Patring 87
Thank you so much for such a quick reply. I didn't notice until now that I haven't clicked the search and destroy icon on spybot, nevertheless it is currently finding problems on my laptop. After I downloaded the spybot and run it, my antivirus is now blocking only one site but the other symptoms are still present. I will follow your advice and update you on the progress as soon as I can. Again, Thank you.
Patring 87
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 27, 2010 at 04:22 PM
Oct 27, 2010 at 04:22 PM
Patring,
Please keep in mind that Spybot is now outdated agains the new families of viruses. I used to recommend it, but no longer.
Yes please keep me updated.
Please keep in mind that Spybot is now outdated agains the new families of viruses. I used to recommend it, but no longer.
Yes please keep me updated.
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 28, 2010 at 09:46 AM
Oct 28, 2010 at 09:46 AM
Hello Ambucias!
Here are the updates:
After I used spybot, it removed a lot of viruses and malware. Then I followed the steps above. When I was looking on the log from HJT, I can't anymore find the first one that you asked me to remove/check (maybe it was already removed by spybot) but I was able to remove the 2nd and the 3rd. I still downloaded and used malware (but I uninstalled first the spybot) it removed a few viruses and malware as well. Then I restarted my laptop. When I connected on the internet, everything seems to be just fine not until about five minutes has passed. From then on, I started to see 3 sites blocked by my antivirus, 2 are new and 1 is an old site that i've seen before, they still have there weird names like "crj71ki818ck.com (and so on)". Also I observed that unexpected pop - ups of browser/page appeared (Opera and IE). However, redirection to another unknown / weird sites were solved. I posted below a new log from HJT
Thanks for the patience. I'm looking forward to hearing from you.
Patring87
NEW LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:00 AM, on 10/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
C:\Windows\PixArt\PAP7501\PACTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: Sopcast Toolbar - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSop0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sopcast Toolbar - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSop0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Sopcast Toolbar - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSop0.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\PATRICIA\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Here are the updates:
After I used spybot, it removed a lot of viruses and malware. Then I followed the steps above. When I was looking on the log from HJT, I can't anymore find the first one that you asked me to remove/check (maybe it was already removed by spybot) but I was able to remove the 2nd and the 3rd. I still downloaded and used malware (but I uninstalled first the spybot) it removed a few viruses and malware as well. Then I restarted my laptop. When I connected on the internet, everything seems to be just fine not until about five minutes has passed. From then on, I started to see 3 sites blocked by my antivirus, 2 are new and 1 is an old site that i've seen before, they still have there weird names like "crj71ki818ck.com (and so on)". Also I observed that unexpected pop - ups of browser/page appeared (Opera and IE). However, redirection to another unknown / weird sites were solved. I posted below a new log from HJT
Thanks for the patience. I'm looking forward to hearing from you.
Patring87
NEW LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:00 AM, on 10/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
C:\Windows\PixArt\PAP7501\PACTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: Sopcast Toolbar - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSop0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sopcast Toolbar - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSop0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Sopcast Toolbar - {3b5aaea6-ae6d-45ab-a626-99ac24fd105b} - C:\Program Files\Sopcast\tbSop0.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\PATRICIA\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Oct 28, 2010 at 10:06 AM
Oct 28, 2010 at 10:06 AM
Sorry for butting in Ambucias as i he should try Fire Fox maybe.
hello there patring87
have you tried to use Fire Fox at all lately as i was told by an person that IE at the moment is full of viruses and that.
but give Fire Fox a go and see if you still get the pop up's of the websites from IE.
https://ccm.net/downloads/internet/4553-mozilla-firefox-for-pc/ use this link as it is safe to download from ok buddy.
Cheers, Gervarod
hello there patring87
have you tried to use Fire Fox at all lately as i was told by an person that IE at the moment is full of viruses and that.
but give Fire Fox a go and see if you still get the pop up's of the websites from IE.
https://ccm.net/downloads/internet/4553-mozilla-firefox-for-pc/ use this link as it is safe to download from ok buddy.
Cheers, Gervarod
Didn't find the answer you are looking for?
Ask a question
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 28, 2010 at 11:20 AM
Oct 28, 2010 at 11:20 AM
Hi Gervarod!
Thanks for that suggestion. Whenever I click the link you gave me, another page will appear saying "page isn't redirecting properly" that is using opera. So I downloaded mozilla through its site. I'm currently trying mozilla, but the problem keeps going on: a new mozilla page appears with lists of different files and folders (i don't know if its from my laptop) and my antivirus keeps on blocking sites that I don't know. I was using mozilla before, actually I uninstalled it because the symptoms that I said keeps on happening, I was hoping that by doing that and installing again it'll be a good remedy but I'm wrong. I was about to do that same thing to IE but it is weird that I can't find IE on the control panel where I can uninstall it.
I tried running malwarebyte last night two times, the first one it was able to found viruses and malware and the second time it is already cleaned. Today I run my antivirus and it found two viruses coming from a java program/application. My laptop is crazily infected. I'm hoping that someone could help me. I'm afraid that the last resort could me a re-installation but I don't have the software for this and I don't know how. Well, still crossing my fingers for a positive result.....
Thanks Again for helping me out :)
Patring87
Thanks for that suggestion. Whenever I click the link you gave me, another page will appear saying "page isn't redirecting properly" that is using opera. So I downloaded mozilla through its site. I'm currently trying mozilla, but the problem keeps going on: a new mozilla page appears with lists of different files and folders (i don't know if its from my laptop) and my antivirus keeps on blocking sites that I don't know. I was using mozilla before, actually I uninstalled it because the symptoms that I said keeps on happening, I was hoping that by doing that and installing again it'll be a good remedy but I'm wrong. I was about to do that same thing to IE but it is weird that I can't find IE on the control panel where I can uninstall it.
I tried running malwarebyte last night two times, the first one it was able to found viruses and malware and the second time it is already cleaned. Today I run my antivirus and it found two viruses coming from a java program/application. My laptop is crazily infected. I'm hoping that someone could help me. I'm afraid that the last resort could me a re-installation but I don't have the software for this and I don't know how. Well, still crossing my fingers for a positive result.....
Thanks Again for helping me out :)
Patring87
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Oct 28, 2010 at 04:57 PM
Oct 28, 2010 at 04:57 PM
OK no worries let us try Eusing free Registry cleaner to see if that cleans out anything out of you Registry at all.
see if you can get to this site OK..... https://www.eusing.com/Download.htm
b ut one more thing have you tried to surf the net by using Run by clicking on your flag on your key board and type in run and paste the site i gave you in there to see if you get there to down load it ok.
see if you can get to this site OK..... https://www.eusing.com/Download.htm
b ut one more thing have you tried to surf the net by using Run by clicking on your flag on your key board and type in run and paste the site i gave you in there to see if you get there to down load it ok.
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 28, 2010 at 05:18 PM
Oct 28, 2010 at 05:18 PM
Hi Gervarod!
Thanks for the reply. Your suggestion about "...Run by clicking on your flag on your key board and type in run and paste the site..." i have not tried, this is the first time I heard about it. Also, what do you mean by "flag" on my keyboard? sorry I don't understand that much the instruction you gave me, I'm not used with computer terms, sorry about that.
The second link you gave me, definitely works. Since I downloaded a firewall no more unexpected pop-ups appear from IE, mozilla and firefox. However, regarding someone might be trying to intrude (because my antivirus keeps on blocking sites with weird names that also shows an IP address) is still my concern.
Thanks Gervarod for helping :)
Thanks for the reply. Your suggestion about "...Run by clicking on your flag on your key board and type in run and paste the site..." i have not tried, this is the first time I heard about it. Also, what do you mean by "flag" on my keyboard? sorry I don't understand that much the instruction you gave me, I'm not used with computer terms, sorry about that.
The second link you gave me, definitely works. Since I downloaded a firewall no more unexpected pop-ups appear from IE, mozilla and firefox. However, regarding someone might be trying to intrude (because my antivirus keeps on blocking sites with weird names that also shows an IP address) is still my concern.
Thanks Gervarod for helping :)
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 28, 2010 at 03:21 PM
Oct 28, 2010 at 03:21 PM
Hello Ambucias!
In one of the threads, in which you also replied, that an IP address appear and someone is possibly intruding her computer. My antivirus which often blockes a site with weird names comes with an IP address. Could it be the same situation, wherein someone is trying to intrude?
In one of the threads, in which you also replied, that an IP address appear and someone is possibly intruding her computer. My antivirus which often blockes a site with weird names comes with an IP address. Could it be the same situation, wherein someone is trying to intrude?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 28, 2010 at 05:10 PM
Oct 28, 2010 at 05:10 PM
Hello Pat
Your log looks okay however the following item is useless:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
The following items are questionnable and are unknow to me, only you can itentify them and delete if necessary:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
As for your intrusion question, if Nod32 blocks a site you can feel relatively safe about. However, it seems that your firewall is not stleathing to appear invisible and that the same intruders are looking for you whenever your connect to the net. They are looking for open ports.
I suggest that you give them another pole of attraction by changing your IP.
If your issue persists, let me know.
Regards
Your log looks okay however the following item is useless:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
The following items are questionnable and are unknow to me, only you can itentify them and delete if necessary:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
As for your intrusion question, if Nod32 blocks a site you can feel relatively safe about. However, it seems that your firewall is not stleathing to appear invisible and that the same intruders are looking for you whenever your connect to the net. They are looking for open ports.
I suggest that you give them another pole of attraction by changing your IP.
If your issue persists, let me know.
Regards
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 28, 2010 at 05:30 PM
Oct 28, 2010 at 05:30 PM
Hello!
It is nice to hear from you again Ambucias. Sad to say, I don't know what are those last two logs (that seems questionable to you) i'm planning to delete it.
I recently downloaded a firewall and run a PCFlankLeaktest... the result...it passed, YEY! Also after having it, I noticed that there were no more unexpected pop-ups from IE, mozilla and Opera :) However continuous blocking of my antivirus of these sites with an IP address is still there.
I would like to know on how I can change my IP address. Crossing my fingers on this.
A million thanks Ambucias :)
It is nice to hear from you again Ambucias. Sad to say, I don't know what are those last two logs (that seems questionable to you) i'm planning to delete it.
I recently downloaded a firewall and run a PCFlankLeaktest... the result...it passed, YEY! Also after having it, I noticed that there were no more unexpected pop-ups from IE, mozilla and Opera :) However continuous blocking of my antivirus of these sites with an IP address is still there.
I would like to know on how I can change my IP address. Crossing my fingers on this.
A million thanks Ambucias :)
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 29, 2010 at 04:39 AM
Oct 29, 2010 at 04:39 AM
Hello Patring
To change your IP go to command prompt and run
Type cmd and enter
In that black screen type: ipconfig/release and enter
Type ipconfig/renew and enter
If you ip has not changed immediatly...
Turn off your modem
Repeat ipconfig/release, enter. Leave your modem turned off for 3 hours. When you return online, you should have a new IP.
Regards
To change your IP go to command prompt and run
Type cmd and enter
In that black screen type: ipconfig/release and enter
Type ipconfig/renew and enter
If you ip has not changed immediatly...
Turn off your modem
Repeat ipconfig/release, enter. Leave your modem turned off for 3 hours. When you return online, you should have a new IP.
Regards
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 29, 2010 at 10:57 AM
Oct 29, 2010 at 10:57 AM
Hi!
I changed my antivirus, now it has a firewall and antivirus in one. I followed the steps wherein I should type ipconfig on the command prompt. It says "media disconnected" I think I can't change my IP because i'm using a network connection. I also don't have the access on the modem/router.
After I followed the advice you gave, I noticed that from the first 2 hours my firewall blocked about 30 intrusions coming from the sites/IPs I told you. On the third hour, I decided to restart my computer. And magically, my firewall hasn't blocked anything (sites/ips). It's like these sites stopped from bugging me, (or did they? or maybe they are now i full access of my information?) everything seems normal again, but i think my IP remains the same.
I'm still puzzled on how it became so normal again. I'm still a bit afraid to do personal stuff on this laptop (my one and only) 'coz my information/identity might be stolen. I'm not sure if I should trust my laptop's behavior.
I'm hoping I can hear you opinion about this. Nonetheless, A million thanks to you Ambucias and to Gervarod for the help and the patience. Thanks...Thanks...
Best Regards,
Patring87
I changed my antivirus, now it has a firewall and antivirus in one. I followed the steps wherein I should type ipconfig on the command prompt. It says "media disconnected" I think I can't change my IP because i'm using a network connection. I also don't have the access on the modem/router.
After I followed the advice you gave, I noticed that from the first 2 hours my firewall blocked about 30 intrusions coming from the sites/IPs I told you. On the third hour, I decided to restart my computer. And magically, my firewall hasn't blocked anything (sites/ips). It's like these sites stopped from bugging me, (or did they? or maybe they are now i full access of my information?) everything seems normal again, but i think my IP remains the same.
I'm still puzzled on how it became so normal again. I'm still a bit afraid to do personal stuff on this laptop (my one and only) 'coz my information/identity might be stolen. I'm not sure if I should trust my laptop's behavior.
I'm hoping I can hear you opinion about this. Nonetheless, A million thanks to you Ambucias and to Gervarod for the help and the patience. Thanks...Thanks...
Best Regards,
Patring87
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Oct 29, 2010 at 04:07 PM
Oct 29, 2010 at 04:07 PM
Hello Pat
You are so polite, it is a pleasure helping you. You have a Canadian accent!
I am glad that you are now firewalled, it will make a world of difference. So you are safe now because of it. The pirates gave up and are looking for another victim. They have nothing else to do in their lives.
Nice work!
Regards
You are so polite, it is a pleasure helping you. You have a Canadian accent!
I am glad that you are now firewalled, it will make a world of difference. So you are safe now because of it. The pirates gave up and are looking for another victim. They have nothing else to do in their lives.
Nice work!
Regards
patring87
Posts
9
Registration date
Tuesday October 26, 2010
Status
Member
Last seen
October 29, 2010
Oct 29, 2010 at 08:20 PM
Oct 29, 2010 at 08:20 PM
Hi Ambucias!
I'm more thankful to find a forum like this, wherein people are so much helpful and knowledgeable with regards to computer world. Also it is, well organized in terms of threads, discussions and site layout. I hope you and the other moderators will continue helping out. And Yes! I'm from Canada :)
Thanks Again! and More Power!
Best Regards
I'm more thankful to find a forum like this, wherein people are so much helpful and knowledgeable with regards to computer world. Also it is, well organized in terms of threads, discussions and site layout. I hope you and the other moderators will continue helping out. And Yes! I'm from Canada :)
Thanks Again! and More Power!
Best Regards
