hi Im a new member and i am having a problem with the favourites column in internet explorer
What happens is i have unwanted spyware or adware that when i try to delete it they keep adding to the favourites column every time i reboot or go on the internet if anyone could help i would be grateful thanx

Recommended Answers

All 4 Replies

We have a special forum section for Viruses and other 'Nasties' tony.

I'll move your topic to that section so that you can get the assistance you need.

Hi Tony, welcome to DaniWeb, :D

In order for us to see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Hi Tony, welcome to DaniWeb, :D

In order for us to see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

HolidayLogfile of HijackThis v1.99.1
Scan saved at 20:44:40, on 02/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\SlDB\SlDB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\SlDB\SlDBMT.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jcune.dll/sp.html#44980
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {E7ABE5A8-D4A3-4BFE-769F-486F9C2ECDC7} - C:\WINDOWS\system32\sysqn32.dll
O2 - BHO: Class - {F3F1C2D7-397D-C147-16CA-CD9CF235B4A9} - C:\WINDOWS\system32\atlho.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ujmxst] C:\WINDOWS\ujmxst.exe
O4 - HKLM\..\Run: [n] C:\documents and settings\tony.tony-zg4pqtayon\local settings\temp\n.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [tFnj3si] vb5ecab.exe
O4 - HKLM\..\Run: [apics.exe] C:\WINDOWS\system32\apics.exe
O4 - HKLM\..\Run: [windq32.exe] C:\WINDOWS\windq32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mfcrs.exe] C:\WINDOWS\mfcrs.exe
O4 - HKLM\..\Run: [ntku32.exe] C:\WINDOWS\ntku32.exe
O4 - HKLM\..\RunOnce: [ipsl32.exe] C:\WINDOWS\system32\ipsl32.exe
O4 - HKLM\..\RunOnce: [apprl32.exe] C:\WINDOWS\system32\apprl32.exe
O4 - HKLM\..\RunOnce: [javavb32.exe] C:\WINDOWS\javavb32.exe
O4 - HKLM\..\RunOnce: [winhc.exe] C:\WINDOWS\system32\winhc.exe
O4 - HKLM\..\RunOnce: [addcg32.exe] C:\WINDOWS\system32\addcg32.exe
O4 - HKLM\..\RunOnce: [crje32.exe] C:\WINDOWS\crje32.exe
O4 - HKLM\..\RunOnce: [sdkdw32.exe] C:\WINDOWS\system32\sdkdw32.exe
O4 - HKLM\..\RunOnce: [atlcy.exe] C:\WINDOWS\system32\atlcy.exe
O4 - HKLM\..\RunOnce: [ipsd.exe] C:\WINDOWS\ipsd.exe
O4 - HKLM\..\RunOnce: [ntkx.exe] C:\WINDOWS\ntkx.exe
O4 - HKLM\..\RunOnce: [winag.exe] C:\WINDOWS\system32\winag.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\atlic.exe
O4 - HKLM\..\RunOnce: [d3st32.exe] C:\WINDOWS\system32\d3st32.exe
O4 - HKLM\..\RunOnce: [ipxo.exe] C:\WINDOWS\ipxo.exe
O4 - HKLM\..\RunOnce: [sdkcp.exe] C:\WINDOWS\system32\sdkcp.exe
O4 - HKLM\..\RunOnce: [iehk.exe] C:\WINDOWS\iehk.exe
O4 - HKLM\..\RunOnce: [ipts.exe] C:\WINDOWS\ipts.exe
O4 - HKLM\..\RunOnce: [addpf32.exe] C:\WINDOWS\system32\addpf32.exe
O4 - HKLM\..\RunOnce: [javaoz32.exe] C:\WINDOWS\javaoz32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [co4tRiGEU] usbgres.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Streamload Downloader.lnk = C:\Program Files\SlDB\SlDB.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: "*.streamload.com"
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/057d4f6b068adcdb7e20/netzip/RdxIE601.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C507554-1AF2-43DE-A0F4-86CEBC1ABB17}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C507554-1AF2-43DE-A0F4-86CEBC1ABB17}: NameServer =
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipsl32.exe" /s (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanx i hope i have done this right tony

First of all, run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:


Download, install, update, and run these tools:

CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
about:Buster -- http://www.majorgeeks.com/download4289.html
HSRemove -- http://www.majorgeeks.com/download4286.html
PurityScan uninstaller -- http://www.purityscan.com/uninstall.html

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.