IE Pluggin and websearch bar

Discussion in 'Networking and Internet' started by lifeismusic4, May 1, 2004.

  1. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    Hey everyone, ok heres my problem now.. when i start up and logon, i have this Active IE pluggin that is on my desktop as a toolbar. it's also on the taskbar. i've run ad-aware, i've run SB, i've also run some other spyware/adware killing programs, but nothing. anyone have this, antone know how to get rid of it?
     
    lifeismusic4, May 1, 2004
    #1
    1. Advertisements

  2. lifeismusic4

    Phil VIP Member

    Joined:
    Dec 20, 2003
    Messages:
    959
    Likes Received:
    14
    Location:
    Ontario, Canada
    Yea try running HighjackThis and Post the lod and also try CWS shredder. These are located in the Handy Tools Section.
     
    Phil, May 1, 2004
    #2
    DaVo likes this.
    1. Advertisements

  3. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    here's the log, and i'll try CWS shredder now.


    Logfile of HijackThis v1.97.7
    Scan saved at 9:38:51 AM, on 5/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
    C:\WINDOWS\System32\gearsec.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\DELLMO~1\moh.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\mHotKey.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realevent.exe
    C:\Program Files\Common Files\Real\Update_OB\realevent.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Ebrahim\My Documents\Applications\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
    O4 - HKLM\..\Run: [vglmbsf] C:\WINDOWS\vglmbsf.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\moh.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1937e5b85de98ae2af20/netzip/RdxIE601.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C15E4677-61A3-4B43-BA35-20CF4DF5A1E2}: NameServer = 205.188.146.146
     
    lifeismusic4, May 1, 2004
    #3
  4. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    i ran CWS shredder, all were "Not Present".. but thanks see anything in the log that helps?
     
    lifeismusic4, May 1, 2004
    #4
  5. lifeismusic4

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    Remove these: See if this helps.

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\PROGRA~1\DELLMO~1\moh.exe
    C:\PROGRA~1\DELLMO~1\moh.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1937e5b85de98a...ip/RdxIE601.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C15E4677-61A3-4B43-BA35-20CF4DF5A1E2}: NameServer = 205.188.146.146
     
    James, May 1, 2004
    #5
  6. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    well, the first one of those has something to do with realoneplayer, so i left it, the next is for Dell Modem On Hold (moh) and i deleated the next three. the only problem, is that it's still there when i start up. i'm really clueless. :? :helpLifeismusic4
     
    lifeismusic4, May 3, 2004
    #6
  7. lifeismusic4

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    The MOH is something you cannot use in the states. I don't think any ISP / Telco supports it yet. You moved the other plugs below via HJT and when you reboot they still come back? What does the plugin looking?
     
    James, May 3, 2004
    #7
  8. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    oh no wonder MOH wasn't working! yeah i rebooted and it was still there. here's what happens, when i start up, stuff loads like normal, then the tool bar would pop up and appear at the top right of the screen, but there is a setting which just makes it appear only as a icon on the taskbar. i'll get you the process next time i log on, which is after i get offline..

    thanks for the help, you (james) and the rest of you are great!!
     
    lifeismusic4, May 3, 2004
    #8
  9. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    hope that wasn't too confusing
     
    lifeismusic4, May 3, 2004
    #9
  10. lifeismusic4

    Bubba Gump XBL: John Voda VIP Member

    Joined:
    Dec 12, 2003
    Messages:
    764
    Likes Received:
    5
    Location:
    Minnesota
    Could you post a screenshot of the toolbar thing?
     
    Bubba Gump, May 4, 2004
    #10
  11. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    ok, the process is wdskctl.exe, and here are screenshots of it minamized and open...

    ok, when i tried to insert image, i typed in the file name, and the pics appeared on my broswer in this post, but when i posted them, it was just a file name. how do i post pics?
     
    lifeismusic4, May 4, 2004
    #11
  12. lifeismusic4

    DaVo Banned for Life

    Joined:
    Dec 18, 2003
    Messages:
    494
    Likes Received:
    1
    Location:
    Melbourne, OZ
    Insert it as an "attachment"
     
    DaVo, May 4, 2004
    #12
  13. lifeismusic4

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Reboot to safe mode, enable viewing of hidden/system files and then delete these files:

    C:\WINDOWS\System32\72413271.exe (if you have it)
    C:\WINDOWS\wdskctl.exe
    It appears that these two files are spyware/malware.
     
    Fenis-Wolf, May 4, 2004
    #13
    James likes this.
  14. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    ok, it says that the web site isn't responding when i try to send an attachment, and it reid more than once. what now? also, how do i restart in safe? do i hit f2 or f8, i forget which one it is.
     
    lifeismusic4, May 4, 2004
    #14
  15. lifeismusic4

    Bubba Gump XBL: John Voda VIP Member

    Joined:
    Dec 12, 2003
    Messages:
    764
    Likes Received:
    5
    Location:
    Minnesota
    Ok, email your pictures in an attachment to me at hoolagons3@myclearwave.net

    I will host them on some of my webspace and post them here.
     
    Bubba Gump, May 4, 2004
    #15
  16. lifeismusic4

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    You have to use our attachment system found under the full reply option and the image has to be within our specified guidelines that are list in the attachment window.
     
    James, May 4, 2004
    #16
  17. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    ok here's the pics. also, how do i start in safe mode?
     

    Attached Files:

    lifeismusic4, May 4, 2004
    #17
  18. lifeismusic4

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    I can't see anything, the picture is far too small.
     
    Fenis-Wolf, May 4, 2004
    #18
  19. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    sorry, thats the largest it would let me upload. it 87 kb max is 106 i can try getting it to be just under the limit, give me a minute
     
    lifeismusic4, May 4, 2004
    #19
  20. lifeismusic4

    lifeismusic4 VIP Member

    Joined:
    Apr 2, 2004
    Messages:
    132
    Likes Received:
    1
    Location:
    Vermont
    here htey are as larg as possable. can you download them and then zoom in? sry, this is all the site's letting me do
     

    Attached Files:

    lifeismusic4, May 4, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.