• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
milliondead

hijack this log :D

6 posts in this topic

Hey guys, i wud appreciate it if sum1 wud help with this log file. ;)

 

Logfile of HijackThis v1.97.7

Scan saved at 18:03:59, on 20/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\3 Mega Digital Camera\ICON.EXE

C:\WINDOWS\System32\svcp50m.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Real\RealOne Player\RealPlay.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Documents and Settings\Sian Earl\My Documents\My Received Files\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [V3Tweaks] C:\Program Files\V3Tweaks\V3Tweaks.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [svcp50m] C:\WINDOWS\System32\svcp50m.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - Global Startup: 3 Mega Digital Camera Monitor.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: MP3Collection (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O9 - Extra button: Messenger Addon (HKLM)

O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03c31e3d2cef81...ip/RdxIE601.cab

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/smarterchild/websetup.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

 

Cheers every1

Share this post


Link to post
Share on other sites

Tap Ctrl+Alt+Delete, click the Processes tab, and end the following process:

 

svcp50m.exe

 

Next, close all programs, tick the following for removal in HJT, and click "Fix Checked:"

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/

 

O4 - HKLM\..\Run: [svcp50m] C:\WINDOWS\System32\svcp50m.exe

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03c31e3d2cef81...ip/RdxIE601.cab

O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/smarterchild/websetup.cab

 

Reboot.

 

Find and delete this file:

 

C:\WINDOWS\System32\svcp50m.exe

 

Scan with HJT again and post the new log into a reply to this thead.

Share this post


Link to post
Share on other sites

Hey dude, thanks for the quick friendly reply

 

Logfile of HijackThis v1.97.7

Scan saved at 18:31:50, on 20/05/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\3 Mega Digital Camera\ICON.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Sian Earl\My Documents\My Received Files\HijackThis.exe

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [V3Tweaks] C:\Program Files\V3Tweaks\V3Tweaks.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - Global Startup: 3 Mega Digital Camera Monitor.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: MP3Collection (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O9 - Extra button: Messenger Addon (HKLM)

O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab27571.cab

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

Cheers

Share this post


Link to post
Share on other sites

You're clean, but it's vital that you go to Windows Update immediately and get _everything_ in the Critical Updates list. Reboot, then go back there and repeat the process.

 

http://windowsupdate.microsoft.com

 

After that, you're clean.

 

Clear your Temporary Internet Files immediately. To do this, go to the Internet Controls control panel, then click "Delete Files." Tick the checkbox there, then click "OK.'

 

You may wish to look at Mozilla Firefox instead of IE. It has no security holes, doesn't integrate into the Windows shell (which is a bad thing due to the shell's control over the system), doesn't download anything without your approval, and doesn't get hijacked.

 

It also takes up less resources and uses tabs or new windows (tabs save desktop and taskbar space and make closing windows easier). It also comes with a built-in popup blocker as well as the ability to block images from servers (i.e. advertisements) with a right-click.

 

Firefox is immune to CWS in all its forms. You will _never_ get hijacked by CWS or any of its affiliates ever again if you use Firefox.

 

There's a link to it in my signature.

 

IE-SPYAD places over 4,000 known evil sites into the Restricted Sites zone in Internet Explorer so they can't execute ActiveX, Java, or place cookies on your machine. It's a rather nice thing to have. There's a link to it in my signature.

 

SpywareBlaster can prevent spyware from installing itself on your computer. It does require updating every now and again, but it's rather easy to operate. Just install, run, update, click "Protect," and you're done. Update once every month or so. There's a link in my signature.

 

Happy computing, and don't forget to use Windows Update once a week!

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0