Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP Security
Re: spyware, adware? Help nothing works!!!
Forums
Newsgroups
Windows XP
Windows XP Security
Re: spyware, adware? Help nothing works!!!
 |
Re: spyware, adware? Help nothing works!!! |
|
|
Thread Tools | Rate Thread |
03-08-2004, 06:54 PM
|
#1 |
|
Guest
Posts: n/a
|
Re: spyware, adware? Help nothing works!!!
Hi Joe, I am having the exact same problems and have tried the same
resources and getting the same results. I used SpyBot, AdAware, HiJack This and Spyware Blaster. DSO Exploit keeps reappearing after a Spybot scan. Have you found a fix yet? -Jeff Joe <Joe@discussions.microsoft.com> wrote in message news:<AD38E9C8-B777-4BB2-82AC-A7D83EBB5285@microsoft.com>... > Hello, > > It seems as though my home page and search engine have been "hijacked" I set my homepage to hotmail.com and everytime I open IE the homepage is (res://gfpty.dll/index.html#96676). I have downloaded a number of different programs none of which seem to have completely taken care of the problem. > > I downloaded googles pop-up blocker which *seems* to have taken care of the search engine problem but it still allows the pop-ups on the homepage. > > The next program I tried was Ad-Aware 6.0 which found something called Alexa and then deleted it. This had no effect on the homepage. > > Then I tried spybot - search & destroy which found and removed 6 items. Alexa again and something called DSO Exploit (which had 5items within it). Again it did not fix the problem > > I have also tried SpywareBlaster, hijackthis and CWshredder - all up to date versions > > hijackthis creates a log from which you choose what items you want to remove, the items are as follows; > > > Logfile of HijackThis v1.98.0 > Scan saved at 18:16:54, on 13/07/2004 > Platform: Windows XP SP1 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > C:\Program Files\Norton AntiVirus\navapsvc.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\apihz32.exe > C:\WINDOWS\Explorer.EXE > C:\WINDOWS\System32\hkcmd.exe > C:\WINDOWS\BCMSMMSG.exe > C:\WINDOWS\system32\dla\tfswctrl.exe > C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe > C:\Program Files\Dell\Media Experience\PCMService.exe > C:\WINDOWS\System32\DSentry.exe > C:\Program Files\Common Files\Symantec Shared\ccApp.exe > C:\Program Files\QuickTime\qttask.exe > C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe > C:\WINDOWS\apibc32.exe > C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-gb\msnappau.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\Microsoft Office\Office\FINDFAST.EXE > C:\Program Files\Microsoft Office\Office\OSA.EXE > C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe > C:\Documents and Settings\Karl Fahy\Desktop\Fix ME\hijackthis\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gfpty.dll/sp.html#96676 > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfpty.dll/index.html#96676 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gfpty.dll/index.html#96676 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gfpty.dll/sp.html#96676 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gfpty.dll/sp.html#96676 > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfpty.dll/index.html#96676 > R3 - Default URLSearchHook is missing > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll > O2 - BHO: (no name) - {5B49DA64-500D-B9E6-2E0D-45BCCF27DD7E} - C:\WINDOWS\system32\atlzn.dll > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-gb\msntb.dll > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe > O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe > O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe > O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" > O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" > O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime > O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe > O4 - HKLM\..\Run: [apibc32.exe] C:\WINDOWS\apibc32.exe > O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-gb\msnappau.exe" > O4 - HKLM\..\RunOnce: [apihz32.exe] C:\WINDOWS\apihz32.exe > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background > O4 - Startup: PowerReg Scheduler.exe > O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE > O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE > O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE > O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe > O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll > > > > Any help or sugestions would be most appreciated, > > Many thanks, > > Joe |
|
|
08-08-2004, 11:57 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: spyware, adware? Help nothing works!!!
I use Webroots's "Spy Sweeper", Ver 3.0. It finds
msnappau and traps it each time it tries to start, and then gives me the choice to delete or keep it. I keep deleting it, and everything seems to be okay. (I like Spy Sweeper. It's easy to use and very effective.) JJK >-----Original Message----- >Hi Joe, I am having the exact same problems and have tried the same >resources and getting the same results. I used SpyBot, AdAware, >HiJack This and Spyware Blaster. DSO Exploit keeps reappearing after >a Spybot scan. Have you found a fix yet? > >-Jeff > > >Joe <Joe@discussions.microsoft.com> wrote in message news:<AD38E9C8-B777-4BB2-82AC- A7D83EBB5285@microsoft.com>... >> Hello, >> >> It seems as though my home page and search engine have been "hijacked" I set my homepage to hotmail.com and everytime I open IE the homepage is (res://gfpty.dll/index.html#96676). I have downloaded a number of different programs none of which seem to have completely taken care of the problem. >> >> I downloaded googles pop-up blocker which *seems* to have taken care of the search engine problem but it still allows the pop-ups on the homepage. >> >> The next program I tried was Ad-Aware 6.0 which found something called Alexa and then deleted it. This had no effect on the homepage. >> >> Then I tried spybot - search & destroy which found and removed 6 items. Alexa again and something called DSO Exploit (which had 5items within it). Again it did not fix the problem >> >> I have also tried SpywareBlaster, hijackthis and CWshredder - all up to date versions >> >> hijackthis creates a log from which you choose what items you want to remove, the items are as follows; >> >> >> Logfile of HijackThis v1.98.0 >> Scan saved at 18:16:54, on 13/07/2004 >> Platform: Windows XP SP1 (WinNT 5.01.2600) >> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) >> >> Running processes: >> C:\WINDOWS\System32\smss.exe >> C:\WINDOWS\system32\winlogon.exe >> C:\WINDOWS\system32\services.exe >> C:\WINDOWS\system32\lsass.exe >> C:\WINDOWS\system32\svchost.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\system32\spoolsv.exe >> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe >> C:\Program Files\Norton AntiVirus\navapsvc.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\apihz32.exe >> C:\WINDOWS\Explorer.EXE >> C:\WINDOWS\System32\hkcmd.exe >> C:\WINDOWS\BCMSMMSG.exe >> C:\WINDOWS\system32\dla\tfswctrl.exe >> C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe >> C:\Program Files\Dell\Media Experience\PCMService.exe >> C:\WINDOWS\System32\DSentry.exe >> C:\Program Files\Common Files\Symantec Shared\ccApp.exe >> C:\Program Files\QuickTime\qttask.exe >> C:\Program Files\Hewlett-Packard\HP Share-to- Web\hpgs2wnd.exe >> C:\WINDOWS\apibc32.exe >> C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en- gb\msnappau.exe >> C:\Program Files\Messenger\msmsgs.exe >> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE >> C:\Program Files\Microsoft Office\Office\OSA.EXE >> C:\Program Files\Hewlett-Packard\HP Share-to- Web\hpgs2wnf.exe >> C:\Documents and Settings\Karl Fahy\Desktop\Fix ME\hijackthis\HijackThis.exe >> >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/...gen/default.htm >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gfpty.dll/sp.html#96676 >> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfpty.dll/index.html#96676 >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gfpty.dll/index.html#96676 >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gfpty.dll/sp.html#96676 >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gfpty.dll/sp.html#96676 >> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfpty.dll/index.html#96676 >> R3 - Default URLSearchHook is missing >> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59- B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 \Reader\ActiveX\AcroIEHelper.dll >> O2 - BHO: (no name) - {5B49DA64-500D-B9E6-2E0D- 45BCCF27DD7E} - C:\WINDOWS\system32\atlzn.dll >> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll >> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx >> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238- 8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll >> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1- 64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-gb\msntb.dll >> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32 \igfxtray.exe >> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32 \hkcmd.exe >> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe >> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32 \dla\tfswctrl.exe >> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r >> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" >> O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32 \DSentry.exe >> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" >> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" >> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime >> O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to- Web\hpgs2wnd.exe >> O4 - HKLM\..\Run: [apibc32.exe] C:\WINDOWS\apibc32.exe >> O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-gb\msnappau.exe" >> O4 - HKLM\..\RunOnce: [apihz32.exe] C:\WINDOWS\apihz32.exe >> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background >> O4 - Startup: PowerReg Scheduler.exe >> O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE >> O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE >> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present >> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF- AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) >> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) >> O9 - Extra button: Messenger - {FB5F1910-F110-11d2- BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE >> O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910- F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE >> O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...6/qtinstall.inf o.apple.com/mickey/us/win/QuickTimeInstaller.exe >> O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599- CB7458766220} - C:\WINDOWS\msopt.dll >> >> >> >> Any help or sugestions would be most appreciated, >> >> Many thanks, >> >> Joe >. > |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
