Sandboxer pop-up with Internet Explorer

Discussion in 'adware, spyware & hijack cleaning' started by mbehbood, Jun 27, 2004.

Thread Status:
Not open for further replies.
  1. mbehbood

    mbehbood Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    2
    This problem only occurs with Interent Explorer (i.e. The pop-up does not occur with Netscape 7.1). The following URL pops up continously. It is just a blank web page.
    http://www.sandboxer.com/redirect.aspx?ID=0&MID=4P4YSNF5PMX3SR5K7JNL933RZQXM5AWZCL54RJ98EX

    I ran Ad-aware 6.0 followed bt Hijackthis 1.97 to get the following log. I would appreciate it if someone could let me know how to stop this. I reaaly don't wnat to reinstall Windows and all my applications:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:22:24 PM, on 6/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\svchost.exe
    D:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
    d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\system32\stisvc.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\System32\mspmspsv.exe
    D:\WINNT\system32\svchost.exe
    D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    D:\WINNT\Explorer.EXE
    D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\WINNT\system32\atiptaxx.exe
    D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    d:\progra~1\mcafee.com\vso\mcvsescn.exe
    D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe
    D:\Program Files\ATI Multimedia\main\launchpd.exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program Files\Compaq S200 Scanner\S200Btns.exe
    D:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    D:\WINNT\system32\Suspend.exe
    D:\Program Files\Office97\Office\OSA.EXE
    D:\Program Files\Palm\HOTSYNC.EXE
    D:\WINNT\system32\Araiah6.exe
    D:\WINNT\system32\Araiah6.exe
    D:\PROGRA~1\Netscape\Netscape\Netscp.exe
    D:\Documents and Settings\Mehrdad Behbood\My Documents\Downloads\Apps\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intouchsupport.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    F2 - REG:system.ini: UserInit=D:\WINNT\system32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\Mehrdad Behbood\Application Data\Mozilla\Profiles\default\mwo9f913.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {0B618FC9-02C3-4D88-8461-C9B946CCA17F} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [ButtonMonitor] S200
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [McAfee Guardian] "D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [Fix-It AV] D:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Ad-watch] "D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [3DEM#W#26J5#FS] D:\WINNT\system32\QmtPCB55.exe
    O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "D:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [Sscr] D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - Startup: QuickShelf 2000.lnk = D:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O4 - Startup: Office Startup.lnk = D:\Program Files\Office97\Office\OSA.EXE
    O4 - Startup: HotSync Manager.lnk = D:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Compaq S200 Button Manager.lnk = D:\Program Files\Compaq S200 Scanner\S200Btns.exe
    O8 - Extra context menu item: &Define - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Coupons - file://D:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: Look Up in &Encyclopedia - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Net2Phone (HKLM)
    O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: Researcher (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://intouchsupport.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) - http://a248.g.akamai.net/7/248/9286/200309241629/ps.theport.com/xmlplayer/eng2/download.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/193b85bf864799f6bd23/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37801.825625
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFullSInst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,439
    Location:
    Netherlands
    Hi mbehbood,

    I would advise to install IE6, even though you use Netscape this will enhance your security.

    First, download and run: Peper uninstaller
    The program needs internet access to finish.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O3 - Toolbar: (no name) - {0B618FC9-02C3-4D88-8461-C9B946CCA17F} - (no file)

    O4 - HKLM\..\Run: [3DEM#W#26J5#FS] D:\WINNT\system32\QmtPCB55.exe

    O4 - HKCU\..\Run: [Sscr] D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe

    O8 - Extra context menu item: Coupons - file://D:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/193b85bf864799f6bd23/netzip/RdxIE601.cab

    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFullSInst.cab

    O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe

    Then reboot and delete:
    D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe
    D:\Program Files\couponsandoffers <= entire folder

    Regards,

    Pieter
     
  3. mbehbood

    mbehbood Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    2
    Thankyou Pieter. I followed your instructions and it seems to have worked. No more annoying sandboxer for now.
    By the way, I had removed IE6 in an attemp to remove sandboxer, but of course it did not work. I've now reinstalled IE6.
    Thanks again for your help.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.