• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mikebaum

hijacked browser, HT log

2 posts in this topic

I ran SpyBot, ran CWShredder. Something is still in there reinstalling itself. Can you see anything in this HT log?

 

Thanks, Mike

 

 

Logfile of HijackThis v1.97.7

Scan saved at 7:36:18 AM, on 6/25/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Apple\Library\System\machd.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINNT\System32\invoker.exe

C:\WINNT\system32\regsvc.exe

C:\Apple\OpenBase\bin\openexec.exe

C:\WINNT\system32\MSTask.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\openinfo.exe

C:\Apple\Library\WebObjects\JavaApplications\wotaskd.woa\WOTaskDService.exe

C:\Apple\Library\System\nmserver.exe

C:\WINNT\system32\java.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\Apple\Library\Frameworks\Foundation.framework\Resources\pgroup.exe

C:\Apple\OpenBase\bin\OpenBase.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\WINNT\loadqm.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\System32\ctfmon.exe

C:\Apple\Library\Frameworks\AppKit.framework\Resources\pbs.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Apple\Library\System\WindowServer.exe

C:\WINNT\System32\ippisupd.exe

C:\WINNT\System32\sdbicdll.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\Documents and Settings\Pat\Desktop\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 216.168.57.8 snowdog.pragmatyxs.com

O1 - Hosts: 216.168.57.8 snowdog

O1 - Hosts: 216.168.57.9 superconductor.pragmatyxs.com

O1 - Hosts: 216.168.57.7 staging.pragmatyxs.com

O1 - Hosts: 216.168.60.44 bytor.pragmatyxs.com

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [rsEQ3Fe] ippisupd.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [aBx4RPKqQ] sdbicdll.exe

O4 - HKLM\..\RunOnce: [spyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Pasteboard Server.lnk = C:\Apple\Library\Frameworks\AppKit.framework\Resources\pbs.exe

O4 - Global Startup: Pasteboard Server.lnk.disabled

O4 - Global Startup: Service Manager.lnk.disabled

O4 - Global Startup: stamp.dat

O4 - Global Startup: Window Server.lnk = C:\Apple\Library\System\WindowServer.exe

O4 - Global Startup: Window Server.lnk.disabled

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &IE Toolbar search - res://C:\Program Files\Internet Explorer\Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Edit with &XML Spy - C:\Program Files\Altova\xmlspy\spy.htm

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: IE Addon (HKLM)

O9 - Extra 'Tools' menuitem: IE Addon (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Edit with XML Spy (HKCU)

O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7959.6030902778

O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456/v50245...layer5AxWin.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Not having heard anything from anyone here for seven days I reposted a new topic with an updated HT log in a new thread. After rereading pinned instructions I decided I needed to run ad-aware on the machine. I was surprised to pick up so many new items. I quarantined them and rebooted with Ad-Aware running at startup. It picked up more. I quarantined. Then things started heading south.

 

The machine was running desperately slow. At times hanging. After multiple reboots I decided I needed to restore the quarantined items. First restored group didn't change things. Second caused a critical failure and all further attempts to load W2K OS failed. I tried to do a repair and again failed. I ended up reinstalling W2K. With the prospect of reinstalling a lot of software, my wife's work stuff alone would require half a day if things go well, we opted to buy a new computer.

 

So obviously you can continue to disregard my requests for help. I still applaud what you are doing here. Perhaps an increased awareness of the risks and consequences might prove worthwhile. I don't know.

 

I do know that it is the writers of the crapware that I was trying to remove who are ultimately to blame. If I were king I would go after them with a vengeance.

 

Good day, Mike

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0