Problem with Webcoolsearch and problems with IE being redirected

Discussion in 'adware, spyware & hijack cleaning' started by JPD49, Feb 6, 2004.

Thread Status:
Not open for further replies.
  1. JPD49

    JPD49 Guest

    Hey there! I am having problems with webcoolsearch, and the #354 IE redirect problem. Here is a copy of my log:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:11:38 PM, on 2/6/04
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS2\SYSTEM\KERNEL32.DLL
    C:\WINDOWS2\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS2\SYSTEM\MPREXE.EXE
    C:\WINDOWS2\SYSTEM\mmtask.tsk
    C:\WINDOWS2\SYSTEM\MSTASK.EXE
    C:\WINDOWS2\EXPLORER.EXE
    C:\WINDOWS2\TASKMON.EXE
    C:\WINDOWS2\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS2\SYSTEM\IRMON.EXE
    C:\WINDOWS2\LOADQM.EXE
    C:\WINDOWS2\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\PROGRAM FILES\GLOBALDIALER\DOUBL00028\24857776.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\LINKSYS\WPC11 CONFIG UTILITY\WPC11CFG.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS2\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS2\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS2\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS2\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS2\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\ZERO-P~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS2\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS2\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
    O4 - HKLM\..\Run: [UpdateMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\UPDATEMGR.EXE" /NOCM
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [ATTBroadbandClient] C:\Program Files\AT&T\BBClient\Programs\RegCon.exe /admincheck
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS2\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS2\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\doubl00028\24857776.EXE -remove
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37925.685150463
    O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - http://download.globaldialer.net/GlobalDialer.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    HELP!!, and thanks!

    j.d.
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi JPD49 :)

    Welcome to Wilders.

    Could u please download and run CWShredder at this link,

    http://www.merijn.org/files/CWShredder.exe

    then post a fresh HijackThis log.



    snowbound
     
Thread Status:
Not open for further replies.