Sandboxer pop-up with Internet Explorer

Discussion in 'adware, spyware & hijack cleaning' started by mbehbood, Jun 27, 2004.

Thread Status:
Not open for further replies.
  1. mbehbood

    mbehbood Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    2
    This problem only occurs with Interent Explorer (i.e. The pop-up does not occur with Netscape 7.1). The following URL pops up continously. It is just a blank web page.
    http://www.sandboxer.com/redirect.aspx?ID=0&MID=4P4YSNF5PMX3SR5K7JNL933RZQXM5AWZCL54RJ98EX

    I ran Ad-aware 6.0 followed bt Hijackthis 1.97 to get the following log. I would appreciate it if someone could let me know how to stop this. I reaaly don't wnat to reinstall Windows and all my applications:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:22:24 PM, on 6/26/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\WINNT\System32\svchost.exe
    D:\PROGRA~1\Ontrack\Fix-It\mxtask.exe
    d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\system32\stisvc.exe
    D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\System32\mspmspsv.exe
    D:\WINNT\system32\svchost.exe
    D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    D:\WINNT\Explorer.EXE
    D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\WINNT\system32\atiptaxx.exe
    D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    D:\PROGRA~1\mcafee.com\agent\mcagent.exe
    d:\progra~1\mcafee.com\vso\mcvsescn.exe
    D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe
    D:\Program Files\ATI Multimedia\main\launchpd.exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program Files\Compaq S200 Scanner\S200Btns.exe
    D:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    D:\WINNT\system32\Suspend.exe
    D:\Program Files\Office97\Office\OSA.EXE
    D:\Program Files\Palm\HOTSYNC.EXE
    D:\WINNT\system32\Araiah6.exe
    D:\WINNT\system32\Araiah6.exe
    D:\PROGRA~1\Netscape\Netscape\Netscp.exe
    D:\Documents and Settings\Mehrdad Behbood\My Documents\Downloads\Apps\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intouchsupport.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    F2 - REG:system.ini: UserInit=D:\WINNT\system32\Userinit.exe
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\Mehrdad Behbood\Application Data\Mozilla\Profiles\default\mwo9f913.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {0B618FC9-02C3-4D88-8461-C9B946CCA17F} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [ButtonMonitor] S200
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [McAfee Guardian] "D:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [Fix-It AV] D:\PROGRA~1\Ontrack\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Ad-watch] "D:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
    O4 - HKLM\..\Run: [3DEM#W#26J5#FS] D:\WINNT\system32\QmtPCB55.exe
    O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKLM\..\Run: [StorageGuard] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "D:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [Sscr] D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - Startup: QuickShelf 2000.lnk = D:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O4 - Startup: Office Startup.lnk = D:\Program Files\Office97\Office\OSA.EXE
    O4 - Startup: HotSync Manager.lnk = D:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Compaq S200 Button Manager.lnk = D:\Program Files\Compaq S200 Scanner\S200Btns.exe
    O8 - Extra context menu item: &Define - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Coupons - file://D:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: Look Up in &Encyclopedia - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Encarta Encyclopedia (HKLM)
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Net2Phone (HKLM)
    O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
    O9 - Extra button: Define (HKLM)
    O9 - Extra 'Tools' menuitem: Define (HKLM)
    O9 - Extra button: Researcher (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://intouchsupport.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) - http://a248.g.akamai.net/7/248/9286/200309241629/ps.theport.com/xmlplayer/eng2/download.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/193b85bf864799f6bd23/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37801.825625
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFullSInst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi mbehbood,

    I would advise to install IE6, even though you use Netscape this will enhance your security.

    First, download and run: Peper uninstaller
    The program needs internet access to finish.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O3 - Toolbar: (no name) - {0B618FC9-02C3-4D88-8461-C9B946CCA17F} - (no file)

    O4 - HKLM\..\Run: [3DEM#W#26J5#FS] D:\WINNT\system32\QmtPCB55.exe

    O4 - HKCU\..\Run: [Sscr] D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe

    O8 - Extra context menu item: Coupons - file://D:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/193b85bf864799f6bd23/netzip/RdxIE601.cab

    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast.com/download/SBFullSInst.cab

    O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe

    Then reboot and delete:
    D:\Documents and Settings\Mehrdad Behbood\Application Data\eceb.exe
    D:\Program Files\couponsandoffers <= entire folder

    Regards,

    Pieter
     
  3. mbehbood

    mbehbood Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    2
    Thankyou Pieter. I followed your instructions and it seems to have worked. No more annoying sandboxer for now.
    By the way, I had removed IE6 in an attemp to remove sandboxer, but of course it did not work. I've now reinstalled IE6.
    Thanks again for your help.
     
Thread Status:
Not open for further replies.