• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
wonton

hijack this log

2 posts in this topic

Hi, please help me! I have no idea what's wrong. Everytime I use explorer, I will eventually lose control of the cursor and it goes to the start tab and randomly clicks. It will open up folders, but I'm not sure exactly what it's trying to do. Here's my hjt log and my active ports log.

 

Logfile of HijackThis v1.97.7

Scan saved at 5:00:25 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Works\WksSb.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\FBM Software\ZeroAds\Zeroads.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\FirstClass\Fcc32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Won Kim\My Documents\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ZeroAdsLAS] C:\Program Files\FBM Software\ZeroAds\LAS0Ads.exe

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [burnQuick Queue] C:\WINDOWS\BQTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ZeroAds] C:\Program Files\FBM Software\ZeroAds\Zeroads.exe

O4 - HKCU\..\Run: [sSPFRWL] "C:\Program Files\SurfSecret\Personal Firewall\sspfwtry2.exe" /minimize

O4 - Startup: ModemBoost.lnk = C:\Program Files\ModemBoost\mbdemo.htm

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Inbox To Go Wireless.lnk = C:\Program Files\Common Files\DataViz\Inbox To Go\inboxtogo-watch.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: Convert for CLIE - C:\Program Files\Sony\Image Converter\menu.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'fbm.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://filebox.empal.empas.com/EmpasFilebox.cab

O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab

O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe

O16 - DPF: {68C56780-1573-4836-A3F9-3D5219E49BE1} (PopdramaQLauncher Class) - http://appupdate.popdrama.com/download/DramaQAx.cab

O16 - DPF: {957F8EA8-8F82-4220-AC1D-00B2DC19A98A} (Ibcd_kbsCtrl Class) - http://img.kbs.co.kr/ib/ibcd_kbs.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.scona.com/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx

 

Here's my active ports list:

 

System 4 192.168.1.1 138 LISTEN UDP

System 4 192.168.1.1 137 LISTEN UDP

System 4 0.0.0.0 445 LISTEN UDP

System 4 192.168.1.1 139 LISTEN TCP

System 4 0.0.0.0 1026 LISTEN TCP

System 4 0.0.0.0 445 LISTEN TCP

lsass.exe 604 0.0.0.0 500 LISTEN UDP C:\WINDOWS\system32\lsass.exe

msmsgs.exe 608 192.168.1.1 15488 LISTEN UDP C:\Program Files\Messenger\msmsgs.exe

msmsgs.exe 608 192.168.1.1 8381 LISTEN UDP C:\Program Files\Messenger\msmsgs.exe

msmsgs.exe 608 0.0.0.0 3287 LISTEN UDP C:\Program Files\Messenger\msmsgs.exe

msmsgs.exe 608 192.168.1.1 7584 LISTEN TCP C:\Program Files\Messenger\msmsgs.exe

svchost.exe 852 0.0.0.0 135 LISTEN TCP C:\WINDOWS\system32\svchost.exe

svchost.exe 912 192.168.1.1 123 LISTEN UDP C:\WINDOWS\System32\svchost.exe

svchost.exe 912 127.0.0.1 3003 LISTEN TCP C:\WINDOWS\System32\svchost.exe

svchost.exe 912 127.0.0.1 3002 LISTEN TCP C:\WINDOWS\System32\svchost.exe

svchost.exe 912 0.0.0.0 1025 LISTEN TCP C:\WINDOWS\System32\svchost.exe

Explorer.EXE 948 127.0.0.1 3026 LISTEN UDP C:\WINDOWS\Explorer.EXE

svchost.exe 984 0.0.0.0 3004 LISTEN UDP C:\WINDOWS\System32\svchost.exe

svchost.exe 1012 192.168.1.1 1900 LISTEN UDP C:\WINDOWS\System32\svchost.exe

svchost.exe 1012 0.0.0.0 5000 LISTEN TCP C:\WINDOWS\System32\svchost.exe

alg.exe 1440 127.0.0.1 3001 LISTEN TCP C:\WINDOWS\System32\alg.exe

ccApp.exe 1852 127.0.0.1 3013 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe

ccApp.exe 1852 0.0.0.0 3012 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe

ccApp.exe 1852 0.0.0.0 3011 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe

ccApp.exe 1852 0.0.0.0 3010 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe

iexplore.exe 4088 127.0.0.1 3143 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe

thank you!

Share this post


Link to post
Share on other sites

  1. HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:

[*]Install/Unzip it into C:\HJT.

[*]Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.

[*]Run HijackThis, click on scan and wait for the scan to finish.

[*]The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.

[*]Notepad will open with a copy of the log.

  • Click on "Edit" => "Select All".
  • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.

[*]Please post your entire log here for analysis.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0