• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mvrmvr

Need help

4 posts in this topic

Log file from Hijack this:

 

Logfile of HijackThis v1.98.0

Scan saved at 8:29:54 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\hpb2ksrv.exe

C:\WINDOWS\System32\hpbhksrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\d3zl32.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\ntza.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe

C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE

C:\Documents and Settings\mvr\Desktop\HJT\HijackThis.exe

 

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {3FEBB1DF-ABB0-A520-78A4-80EFFCE85078} - C:\WINDOWS\system32\javaqw32.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [ntza.exe] C:\WINDOWS\ntza.exe

O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"

O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\d3zl32.exe

O4 - HKLM\..\RunOnce: [sdkiw.exe] C:\WINDOWS\sdkiw.exe

O4 - HKLM\..\RunOnce: [wingf32.exe] C:\WINDOWS\wingf32.exe

O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\appby32.exe

O4 - HKLM\..\RunOnce: [addpf.exe] C:\WINDOWS\system32\addpf.exe

O4 - HKLM\..\RunOnce: [syssa.exe] C:\WINDOWS\syssa.exe

O4 - HKLM\..\RunOnce: [ntps32.exe] C:\WINDOWS\system32\ntps32.exe

O4 - HKLM\..\RunOnce: [mfcfm32.exe] C:\WINDOWS\mfcfm32.exe

O4 - HKLM\..\RunOnce: [d3yh32.exe] C:\WINDOWS\d3yh32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - Global Startup: VPN Client.lnk = ?

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aperturesi.com

O17 - HKLM\Software\..\Telephony: DomainName = aperturesi.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8635DAC4-D7BE-4EB2-8135-97923381927A}: NameServer = 63.240.76.19,204.127.198.19

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aperturesi.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aperturesi.com

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

Share this post


Link to post
Share on other sites

Hi please download About:Buster from one of the following locations:

 

http://www.atribune.org/downloads/AboutBuster.zip

 

or

http://tools.zerosrealm.com/AboutBuster.zip

 

Please close all windows

 

Now please run HijackThis and put a check beside the following items. Once done close all other windows and click fix checked.

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {3FEBB1DF-ABB0-A520-78A4-80EFFCE85078} - C:\WINDOWS\system32\javaqw32.dll

 

O4 - HKLM\..\Run: [ntza.exe] C:\WINDOWS\ntza.exe

O4 - HKLM\..\RunOnce: [d3zl32.exe] C:\WINDOWS\d3zl32.exe

O4 - HKLM\..\RunOnce: [sdkiw.exe] C:\WINDOWS\sdkiw.exe

O4 - HKLM\..\RunOnce: [wingf32.exe] C:\WINDOWS\wingf32.exe

O4 - HKLM\..\RunOnce: [appby32.exe] C:\WINDOWS\appby32.exe

O4 - HKLM\..\RunOnce: [addpf.exe] C:\WINDOWS\system32\addpf.exe

O4 - HKLM\..\RunOnce: [syssa.exe] C:\WINDOWS\syssa.exe

O4 - HKLM\..\RunOnce: [ntps32.exe] C:\WINDOWS\system32\ntps32.exe

O4 - HKLM\..\RunOnce: [mfcfm32.exe] C:\WINDOWS\mfcfm32.exe

O4 - HKLM\..\RunOnce: [d3yh32.exe] C:\WINDOWS\d3yh32.exe

 

 

Unzip AboutBuster.zip and doubleclick the exe.

 

Next click ok and allow the program to run. (it may take a few minutes)

 

Make a copy of the log it creates for posting later.

 

Then run the About:Buster a second time just to be sure it got everything.

 

Make a copy of the log it creates again.

 

Reboot and post the 2 about buster logs and a fresh HijackThis log.

Share this post


Link to post
Share on other sites

1st About logfile:

 

About:Buster Version 1.23

Removed! : C:\WINDOWS\System32\syslv.dll

Removed! : C:\WINDOWS\System32\tkxqc.dll

Removed! : C:\WINDOWS\System32\trsky.dll

Removed! : C:\WINDOWS\System32\tudmk.dll

Removed! : C:\WINDOWS\System32\vpitu.dll

Removed! : C:\WINDOWS\System32\yqrgz.dll

Removed! : C:\WINDOWS\System32\cqgmp.dat

Removed! : C:\WINDOWS\System32\crlgs.dat

Removed! : C:\WINDOWS\System32\ebrjc.dat

Removed! : C:\WINDOWS\System32\ehwzl.dat

Removed! : C:\WINDOWS\System32\hsgab.dat

Removed! : C:\WINDOWS\System32\jborb.dat

Removed! : C:\WINDOWS\System32\jippx.dat

Removed! : C:\WINDOWS\System32\jyxjw.dat

Removed! : C:\WINDOWS\System32\kofdw.dat

Removed! : C:\WINDOWS\System32\lplqf.dat

Removed! : C:\WINDOWS\System32\ltqor.dat

Removed! : C:\WINDOWS\System32\lyyxy.dat

Removed! : C:\WINDOWS\System32\mgbuc.dat

Removed! : C:\WINDOWS\System32\nfnke.dat

Removed! : C:\WINDOWS\System32\nzdcy.dat

Removed! : C:\WINDOWS\System32\qbfxl.dat

Removed! : C:\WINDOWS\System32\qznji.dat

Removed! : C:\WINDOWS\System32\rvuta.dat

Removed! : C:\WINDOWS\System32\seauk.dat

Removed! : C:\WINDOWS\System32\sssws.dat

Removed! : C:\WINDOWS\System32\tllsd.dat

Removed! : C:\WINDOWS\System32\tudmk.dat

Removed! : C:\WINDOWS\System32\udymn.dat

Removed! : C:\WINDOWS\System32\ugtvm.dat

Removed! : C:\WINDOWS\System32\vslud.dat

Removed! : C:\WINDOWS\System32\vtvct.dat

Removed! : C:\WINDOWS\System32\xdouv.dat

Removed! : C:\WINDOWS\System32\xnykn.dat

Removed! : C:\WINDOWS\System32\xouia.dat

Removed! : C:\WINDOWS\System32\xvdus.dat

Removed! : C:\WINDOWS\System32\yhzqi.dat

Removed! : C:\WINDOWS\System32\yzckk.dat

Removed! : C:\WINDOWS\System32\zcmzu.dat

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

2nd About logfile:

 

About:Buster Version 1.23

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Pages Reset... Done!

 

Hijack logfile post about:

 

Logfile of HijackThis v1.98.0

Scan saved at 9:57:02 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\hpb2ksrv.exe

C:\WINDOWS\System32\hpbhksrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM95\aim.exe

C:\Documents and Settings\mvr\Local Settings\Temp\Temporary Directory 1 for AboutBuster.zip\AboutBuster.exe

C:\Documents and Settings\mvr\Desktop\HJT\HijackThis.exe

 

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - Global Startup: VPN Client.lnk = ?

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll

O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aperturesi.com

O17 - HKLM\Software\..\Telephony: DomainName = aperturesi.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8635DAC4-D7BE-4EB2-8135-97923381927A}: NameServer = 63.240.76.19,204.127.198.19

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aperturesi.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aperturesi.com

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

 

Thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0