• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Kelvin_Celcius

Broswer opening at about:blank

5 posts in this topic

My broswer is continually malfunctioning, and as I shut down my computer I get error messages. My hijackthis log is as follows:

 

Logfile of HijackThis v1.97.3

Scan saved at 12:18:35 AM, on 6/26/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\uptodate.exe

C:\WINDOWS\System32\Dlnici32.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\fsunetbs.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\gapbjs.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\SIERRA\Planner\PLNRnote.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\Vuc0.exe

C:\WINDOWS\System32\HrbiNP18.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll

O2 - BHO: (no name) - {D4947744-7AFF-4E85-A833-572DAE28E1AA} - C:\WINDOWS\System32\kbkp.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [4QXDZGY4BET4P8] C:\WINDOWS\System32\RsaQs5.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AutoLoadero1tu1IdTUIOJ] "C:\WINDOWS\System32\prfhnd.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [o62S36g] fsunetbs.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Zxt2RWM7P] gapbjs.exe

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: RealGuide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8151.9656134259

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

 

 

Thank you, everyone.

Share this post


Link to post
Share on other sites

You are running an old version of HJT and this means that the log produced may not be accurate... Please download a new version from my links and replace the copy you have now, then run it and post a fresh log with the new version...

 

Someone is working on a fix for your problems, but will need the new log to get it finished...

Share this post


Link to post
Share on other sites

Thanks. Here is the new log:

 

Logfile of HijackThis v1.97.7

Scan saved at 7:36:27 PM, on 6/27/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\uptodate.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\Dlnici32.exe

C:\WINDOWS\System32\fsunetbs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\gapbjs.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\SIERRA\Planner\PLNRnote.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\HrbiNP18.exe

C:\WINDOWS\System32\Gnju.exe

C:\WINDOWS\System32\taskngr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Documents and Settings\Sean II_2\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll

O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msmk.dll

O2 - BHO: (no name) - {D4947744-7AFF-4E85-A833-572DAE28E1AA} - C:\WINDOWS\System32\kbkp.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [4QXDZGY4BET4P8] C:\WINDOWS\System32\JwqVfC1.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AutoLoadero1tu1IdTUIOJ] "C:\WINDOWS\System32\prfhnd.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [o62S36g] fsunetbs.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Zxt2RWM7P] gapbjs.exe

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: RealGuide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8151.9656134259

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

Share this post


Link to post
Share on other sites

Hello Kelvin_Celcius,

 

Sorry for the wait :( You have the new strain of the CWS infection, as well as many other infections as well. I suggest you proceed as follows:

 

First: Please download the Peper removal tool from here, and save it to your desktop. Next, run the program and hit "Find & Fix", and let it fix the infection. Reboot, and run the program again for good measure.

 

Second: Download LSPfix from here. Open LSPfix and check the "I know what I'm doing" box. Move all copies of inetadpt.dll, AND NOTHING ELSE to the "Remove" column. Then click "Finish" and exit LSPfix.

 

Third: With all other browsers closed, please fix the following items in HijackThis:

 

O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll

O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msmk.dll

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [AutoLoadero1tu1IdTUIOJ] "C:\WINDOWS\System32\prfhnd.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [o62S36g] fsunetbs.exe

O4 - HKCU\..\Run: [Zxt2RWM7P] gapbjs.exe

O4 - HKLM\..\Run: [4QXDZGY4BET4P8] C:\WINDOWS\System32\JwqVfC1.exe

 

Reboot into Safe Mode, and delete the following files/folders:

 

C:\WINDOWS\uptodate.exe<---file

C:\Program Files\AutoUpdate<---folder

C:\WINDOWS\System32\prfhnd.exe<---file

fsunetbs.exe<---file

gapbjs.exe<---file

C:\WINDOWS\System32\JwqVfC1.exe<---file

 

Finally, reboot and post a fresh HijackThis logfile in this thread :)

Edited by splintercell990

Share this post


Link to post
Share on other sites

Thank you very much. When I was in safe mode though, I could not find either

C:\WINDOWS\System32\prfhnd.exe or C:\WINDOWS\System32\JwqVfC1.exe and hijackthis did not show O4 - HKLM\..\Run: [4QXDZGY4BET4P8] C:\WINDOWS\System32\JwqVfC1.exe.

My new Hijackthis log is:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:40:44 AM, on 7/1/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\Dlnici32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\SIERRA\Planner\PLNRnote.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sean II_2\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SEANII~2\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll

O2 - BHO: (no name) - {9F1D8CAA-A0D6-48B6-8E79-0B998D9F0221} - C:\WINDOWS\System32\kbkp.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm

O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm

O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm

O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm

O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: RealGuide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8151.9656134259

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0