• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Random numbers

hi jacked, and pop ups...

4 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 7:19:42 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\kdx\KHost.exe

C:\WINDOWS\System32\InExplorer.exe

C:\WINDOWS\system32\atlld32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\netzx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Operator\Local Settings\Temp\Temporary Directory 29 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tjvay.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://tjvay.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://tjvay.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tjvay.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://tjvay.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tjvay.dll/sp.html#96676

N3 - Netscape 7: # Mozilla User Preferences

 

 

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("intl.charsetmenu.browser.cache", "windows-1252, ISO-8859-1");

user_pref("prefs.converted-to-utf8", true);

user_pref("privacy.popups.first_popup", false);

user_pref("timebomb.first_launch_time", "1075596022062500");

user_pref("update_notifications.provider.0.last_checked", 1077023189);

user_pref("intl.accept_languages", "rs1_c8d3dea83e0, rs2_64329b063d0, rs3_0b995089ea");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Operator\Application Data\Mozilla\Profiles\default\6ir64j8s.slt\prefs.js)

N3 - Netscape 7: # Mozilla User Preferences

 

 

user_pref("browser.activation.checkedNNFlag", true);

user_pref("browser.bookmarks.added_static_root", true);

user_pref("browser.search.defaultengine", "http://www.google.com/");

user_pref("browser.startup.homepage", "http://home.netscape.com/");

user_pref("browser.startup.homepage_override.mstone", "rv:1.4");

user_pref("browser.turbo.showDialog", true);

user_pref("intl.charsetmenu.browser.cache", "windows-1252, ISO-8859-1");

user_pref("prefs.converted-to-utf8", true);

user_pref("privacy.popups.first_popup", false);

user_pref("timebomb.first_launch_time", "1075596022062500");

user_pref("update_notifications.provider.0.last_checked", 1077023189);

user_pref("intl.accept_languages", "rs1_c8d3dea83e0, rs2_64329b063d0, rs3_0b995089ea");

user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");

(C:\Documents and Settings\Operator\Application Data\Mozilla\Profiles\default\6ir64j8s.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {0AF6C5D1-D961-2A67-5933-1C5E86CAC4DF} - C:\WINDOWS\sdkek.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ConfigatLoader] InExplorer.exe

O4 - HKLM\..\Run: [atlld32.exe] C:\WINDOWS\system32\atlld32.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\RunServices: [ConfigatLoader] InExplorer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [GCS] "C:\Program Files\GrabClipSave\GrabClipSave.exe"

O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min

O4 - HKLM\..\RunOnce: [ievs.exe] C:\WINDOWS\ievs.exe

O4 - HKLM\..\RunOnce: [apieq32.exe] C:\WINDOWS\apieq32.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37977.322962963

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EEA66484-4228-4FA0-9327-3A06990602B5} (DownloadManagerInstall Control) - http://byteswarm.com/agent/1.2/DMInstall.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab

 

its sorta annoying the way it hates google, uses pop ups, changes my homepage and whatever else its indirectly done to mess with me.

 

adaware spybot, and some sort of shredder script from merlin dont work. adaware finds it, and then its back again, spybot cant find anything, and the shredder script doesn't notice anything so I dont know if its working properly - or if i'm using it properly.

 

Thanks for any help.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0