• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Flybert

Windows two thousand

6 posts in this topic

Getting a popup and a shiftlock on my keyboard

 

Logfile of HijackThis v1.97.7

Scan saved at 5:09:57 PM, on 6/25/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\system32\HPConfig.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\system32\RadioSvr.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\atiptaxx.exe

C:\WINNT\system32\carpserv.exe

C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINNT\system32\dla\tfswctrl.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\program files\support.com\bin\tgcmd.exe

C:\Program Files\Softex\WebLink\Weblink.exe

C:\Program Files\Winamp3\winampa.exe

C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe

C:\WINNT\System32\FhoeGdW1.exe

C:\WINNT\System32\CswyngMw.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [HP Mobile Printing Driver] C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE

O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray

O4 - HKLM\..\Run: [WebLink] C:\Program Files\Softex\WebLink\Weblink.exe /boot

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [5XTHX7W3PSS@6Y] C:\WINNT\System32\TafqX5mo.exe

O4 - HKLM\..\Run: [Tat] C:\WINNT\system32\pgtools\tatss.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: IEEE802.11b WLAN Card Utility.lnk = C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {100DD46D-E7D0-11D0-8D16-0000C0E9A68A} (Project1.UserControl1) - http://www.medicine.mcgill.ca/physio/vlabo...lab/goldman.CAB

O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://www.advancetransformer.com/insidead...ign/xenroll.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7902.9550578704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?314

O16 - DPF: {EB8CD3ED-E8A4-11D0-8D16-0000C0E9A68A} (Project1.UserControl1) - http://www.medicine.mcgill.ca/physio/vlabo...plab/nernst.CAB

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_0_2_7.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{587D3513-9880-40EA-8D46-A194386E0766}: NameServer = 192.168.2.1

Share this post


Link to post
Share on other sites

Hi,

First thing to do is ...

 

Reconfigure Windows Explorer to show Hidden Files:

Open the Windows Explorer Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Next:

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [5XTHX7W3PSS@6Y] C:\WINNT\System32\TafqX5mo.exe

O4 - HKLM\..\Run: [Tat] C:\WINNT\system32\pgtools\tatss.exe

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab

 

Then reboot, on restart, restart in Safe Mode (see "How To" below)

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINNT\System32\FhoeGdW1.exe <--this file

C:\WINNT\System32\CswyngMw.exe <--this file

C:\WINNT\System32\TafqX5mo.exe <--this file

C:\WINNT\system32\pgtools <--this folder

 

Restart normally and then ...

 

Download the latest version of Ad-Aware:

http://www.lavasoft.de/software/adaware/

 

After installing AAW, and before running the program.

 

Reconfigure Ad-Aware for Full Scan:

Please update the reference file following the instructions here:

http://www.lavahelp.com/howto/updref/index.html

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button. Under "Log-file detail", select all options.

 

Click the "Tweaks" button. Under "Scanning Engine", select the following:

1) "Include additional Ad-aware settings in logfile"

2) "Unload recognized processes during scanning."

 

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on Proceed to save these Preferences.

Note: make sure that you activate IN-DEPTH scanning before you proceed.

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Still getting popups

 

When you said to delete the whole temp folder thing, do you want me to delete the history folder, temporary internet files folder, etc. or do you want me to delete the contents inside. Here is my new log.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:07:26 AM, on 6/26/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\system32\HPConfig.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\system32\RadioSvr.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\atiptaxx.exe

C:\WINNT\system32\carpserv.exe

C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINNT\system32\dla\tfswctrl.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\program files\support.com\bin\tgcmd.exe

C:\Program Files\Winamp3\winampa.exe

C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe

C:\WINNT\System32\IguWdnsu.exe

C:\WINNT\System32\YslJoqfy.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [HP Mobile Printing Driver] C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE

O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [5XTHX7W3PSS@6Y] C:\WINNT\system32\Oqds0WMP.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: IEEE802.11b WLAN Card Utility.lnk = C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {100DD46D-E7D0-11D0-8D16-0000C0E9A68A} (Project1.UserControl1) - http://www.medicine.mcgill.ca/physio/vlabo...lab/goldman.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7902.9550578704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EB8CD3ED-E8A4-11D0-8D16-0000C0E9A68A} (Project1.UserControl1) - http://www.medicine.mcgill.ca/physio/vlabo...plab/nernst.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{587D3513-9880-40EA-8D46-A194386E0766}: NameServer = 192.168.2.1

Share this post


Link to post
Share on other sites

Hi,

When you said to delete the whole temp folder thing, do you want me to delete the history folder, temporary internet files folder, etc. or do you want me to delete the contents inside.

None of the above ... when you restart in Safe Mode and ...

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

The above should take you directly to:

 

C:\Documents and Settings\Administrator\Local Settings\Temp

Delete the entire contents, including any other folders. The other files you are mentioning are the cache files and you can clean them out later.

 

Anyway ...

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

O4 - HKLM\..\Run: [5XTHX7W3PSS@6Y] C:\WINNT\system32\Oqds0WMP.exe

 

Then reboot, on restart, restart in Safe Mode (see "How To" below)

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINNT\System32\IguWdnsu.exe <--this file

C:\WINNT\System32\YslJoqfy.exe <--this file

C:\WINNT\system32\Oqds0WMP.exe <--this file

 

Restart normally and then ...

 

Download > VX2Finder

Run Vx2Finder click on the Click to find VX2.BetterInternet button.

Then click Make log. Generates: "vx2.log"

 

Copy and paste the contents of the log, and a fresh HijackThis log into your next reply.

Share this post


Link to post
Share on other sites

For the hijackfiles stuff you told me to check and fix, it seems as though the files named changed or something. As for the files you told me to delete, I found them and deleted them.

 

 

Log for VX2.BetterInternet File Finder

 

Files Found---

 

 

Guardian Key--- is called:

 

User Agent String---

sbcydsl 3.12 sbcydsl 3.12

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:34:18 PM, on 6/30/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\system32\HPConfig.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\system32\RadioSvr.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\atiptaxx.exe

C:\WINNT\system32\carpserv.exe

C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINNT\system32\dla\tfswctrl.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\program files\support.com\bin\tgcmd.exe

C:\Program Files\Winamp3\winampa.exe

C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [HP Mobile Printing Driver] C:\Program Files\Hewlett-Packard\HP Mobile Printing Driver\HPBMOBIL.EXE

O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: IEEE802.11b WLAN Card Utility.lnk = C:\Program Files\Wireless\IEEE802.11b WLAN Card Utility\WLPCCfg.exe

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

O16 - DPF: {100DD46D-E7D0-11D0-8D16-0000C0E9A68A} (Project1.UserControl1) - http://www.medicine.mcgill.ca/physio/vlabo...lab/goldman.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7902.9550578704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EB8CD3ED-E8A4-11D0-8D16-0000C0E9A68A} (Project1.UserControl1) - http://www.medicine.mcgill.ca/physio/vlabo...plab/nernst.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{587D3513-9880-40EA-8D46-A194386E0766}: NameServer = 192.168.2.1

Share this post


Link to post
Share on other sites

Hi,

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab

 

Then reboot and then ... (last step)

 

Start | Run (type) cleanmgr

Select the following:

1) Temporary Internet Files

2) Recycle Bin

3) Temporary Files

 

When completed ... "Flush System Restore" (see "How To" below)

Basically turn off System Restore, reboot, run a full (updated) NAV scan, reboot and turn System Restore back on and create a new Restore Point.

 

How To: Configure Norton AntiVirus to scan all files

 

I would suggest adding some "Defense" to your system ...

How To: Prevent this from happening again? :wave:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0