• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
miltm

System trying to access internet

2 posts in this topic

My system keeps trying to access the internet without me telling it to. I'm getting Zone Alarm access warnings for things like wowex.exe, isinstall_si.exe, gE.exe and others. I've run the latest versions of Spybot S&D, Adaware, and removed four Trojan Horses with Norton. However, everytime I boot up, I get a message that I've made major hardware changes since installing Windows XP (not true), and must reactivate within 3 days. Also, my system seems bogged down. When I try to open Windows Explorer, it takes about 3-5 seconds to come up. I think there's still some problems, so if you could check my HijackThis log file, I'd greatly appreciate the help.

 

Logfile of HijackThis v1.97.7

Scan saved at 6:31:17 AM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ZoneLabs\vsmon.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\kmw_run.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\program files\quicktime\qttask.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\PestPatrol\PPControl.exe

C:\PROGRA~1\PESTPA~2\PPMemCheck.exe

C:\PROGRA~1\PESTPA~2\CookiePatrol.exe

C:\WINDOWS\System32\KMW_SHOW.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\documents and settings\milt michailidis\local settings\temp\gE.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

C:\WINDOWS\System32\shx32r.exe

C:\WINDOWS\System32\INSOCKW.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\Shoxu5.exe

C:\WINDOWS\System32\Vedl2U.exe

C:\WINDOWS\System32\wpabaln.exe

D:\WINZIP\winzip32.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.accesstimewarner.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.accesstimewarner.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\Program Files\ANONYMIZER\CORE\Anonymizer.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - C:\Program Files\ANONYMIZER\TOOLBAR\AnonymizerBar.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~2\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~2\CookiePatrol.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [gE.exe] C:\documents and settings\milt michailidis\local settings\temp\gE.exe

O4 - HKLM\..\Run: [2NZN#R42CN#3S8] C:\WINDOWS\System32\AmxKR.exe

O4 - HKLM\..\Run: [shx32r] C:\WINDOWS\System32\shx32r.exe

O4 - HKLM\..\Run: [iNSOCKW] C:\WINDOWS\System32\INSOCKW.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat2.playboy.com:4080/chat/data/ht...sie/msichat.ocx

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/15407a89ba2320141317/...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7874.7668865741

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

You have the Peper trojan, which requires special treatment to put it out of your misery!

Please download and run this uninstaller.

 

Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

 

O4 - HKLM\..\Run: [gE.exe] C:\documents and settings\milt michailidis\local settings\temp\gE.exe

O4 - HKLM\..\Run: [2NZN#R42CN#3S8] C:\WINDOWS\System32\AmxKR.exe

O4 - HKLM\..\Run: [shx32r] C:\WINDOWS\System32\shx32r.exe

O4 - HKLM\..\Run: [iNSOCKW] C:\WINDOWS\System32\INSOCKW.exe

O4 - Startup: PowerReg Scheduler V3.exe

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/15407a89ba2320141317/...ip/RdxIE601.cab

Reboot and delete

 

files

C:\WINDOWS\system32\searchbar.html

C:\WINDOWS\system32\search.html

ALL FILES in the C:\documents and settings\milt michailidis\local settings\temp folder

C:\WINDOWS\System32\shx32r.exe

C:\WINDOWS\System32\INSOCKW.exe

 

These may be hidden files. See HERE for how to show hidden files.

 

You do not seem to be running any anti virus program on your machine. Please get an on line scan at either Housecall or Panda A/V. Let it fix anything it find. Then install a resident anti virus program. AVG free edition from Grisoft.com is efficient, and well thought of by many of the regulars here.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0