• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Milktart

Start Menu Broken, Firefox acting strange

4 posts in this topic

Hi

 

I booted my pc up this weekend and everything seems to be going wrong.

I can't run quite a few of my start menu links.

 

I first discovered it when I tried to run cmd from run. Nothing happens but afterwards nothing will work. I cant open my computer etc. or task manager or shutdown my pc.

 

At the same time my web browser has been doing funny stuff, like asking me if I want to send information accross unencrypted networks even though I have said "Don't ask me this again"

 

Edit: I now notice that theres a lot more stuff that just aren't working anymore. Many shortcuts. When I try access any of them nothing happens and I can't run anything else afterwards

 

Here is my log file:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 02:44:38 AM, on 2007/06/01

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\DU Meter\DUMeter.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\D-Tools\daemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\windows\hffext\hffsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Downloads\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.za/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DU Meter] C:\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0ABF4F95-F7F4-495A-8FEE-1F1B3F77B519}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0ABF4F95-F7F4-495A-8FEE-1F1B3F77B519}: NameServer = 192.168.0.1

O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 9173 bytes

 

 

Thanks

Edited by Milktart

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi Milktart,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

OK, let’s do this first.

 

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

 

O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)

 

 

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

 

Then please exit HijackThis.

 

 

NEXT:

 

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

 

Please download CCleaner (freeware) and save it to your desktop:

  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the "Windows" tab.
  4. Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

[*]Then, click the "Applications" tab:

  • CHECK everything there.

[*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

  • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".

[*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

[*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

 

 

NEXT:

 

Please download ComboFix by sUBs:

 

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.

 

 

NEXT:

 

Please download Dr.Web CureIt and save it to your desktop:

  • Double-click the cureit.exe file, select "Start", and allow it to run the "Express Scan".
  • This will scan the files currently running in memory and when something is found, click the "Yes" button when it asks you if you want to cure it. This is only a short scan.
  • It could be possible it displays a popup to buy it in between, to buy or 50% discount. Just close that popup again.
  • Once the short scan has finished, click Options -> Change settings.
  • Choose the "Scan" tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives; a red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Once the scan has finished, it will display a list of the files found and checked by default.
  • If the file "process.exe" was found - uncheck it. This is because this file is related with some of our cleaning tools and the tools need it. Most scanners do flag this file as a bad tool, but there's nothing wrong with it.
  • Then, click "Yes to all" if Dr.Web CureIt asks if you want to cure/move any infected files.
  • When the scan has finished, look if you can click the icon next to the files found: check.gif
  • If so, click it, and then click the next icon right below and select "Move incurable" as you'll see in next image:
     
    move.gif
     
     
  • This will move infected files to the %userprofile%\DoctorWeb\quarantine folder if they can't be cured (this is in case if we need samples).
  • After selecting, in the Dr.Web CureIt menu on top, click "File" and choose "Save report list".
  • Save the report to your desktop. The report will be called DrWeb.csv.
  • Close Dr.Web CureIt.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

 

NEXT:

 

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):

  1. Click on "Kaspersky Online Scanner".
  2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on "Next".
  5. Now click on "Scan Settings".
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases

[*]Click "OK".

[*]Now under select a target to scan:

  • Select "My Computer".

[*]This program will start and scan your system.

[*]The scan will take a while so be patient and let it run.

[*]Once the scan is complete it will display if your system has been infected.

  • Now click on the "Save Report As" button.
  • In the "File name:" field, type kavscan.
  • In the "Save as type:" field, select "Text file (*.txt)".

[*]Save the file to your desktop.

[*]Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

 

 

NEXT:

 

Please REBOOT your computer normally into Windows and post these logs in your next reply:

  1. The log from the ComboFix scan.
  2. The log from the Dr.Web CureIt scan.
  3. The log from the Kaspersky scan.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

 

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0