• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
david_35

Rubber Duckys About Buster

2 posts in this topic

Sorry for posting this into Ducky's post earlier. Im new to this website :unsure:

 

Hi there

 

Im trying to get rid of about blank using Ducky's about buster, but before doing so i wanted to know which of the following 04's and other random stuff i can delete from my ststem. Here my latest Hijack This log...

 

Can someone advise me please as im pulling my hair out at the moment

 

Thanks

 

Dave

 

Logfile of HijackThis v1.97.7

Scan saved at 16:45:55, on 03/07/2004

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 (5.00.2920.0000)

 

Running processes:

D:\WINNT\System32\smss.exe

D:\WINNT\system32\winlogon.exe

D:\WINNT\system32\services.exe

D:\WINNT\system32\lsass.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\System32\svchost.exe

D:\WINNT\system32\LEXBCES.EXE

D:\WINNT\system32\spoolsv.exe

D:\WINNT\system32\LEXPPS.EXE

D:\WINNT\System32\nvsvc32.exe

D:\WINNT\system32\pctspk.exe

D:\WINNT\system32\regsvc.exe

D:\WINNT\system32\MSTask.exe

D:\WINNT\system32\stisvc.exe

D:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

D:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

D:\WINNT\System32\WBEM\WinMgmt.exe

D:\WINNT\explorer.exe

D:\WINNT\System32\RUNDLL32.EXE

D:\Program Files\Winamp\Winampa.exe

D:\WINNT\loadqm.exe

D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

D:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

D:\WINNT\system32\wintime.exe

D:\Program Files\Internet Optimizer\optimize.exe

D:\WINNT\System32\dkvznl.exe

D:\docume~1\davidm~1\locals~1\temp\msbb.exe

D:\WINNT\mstasks2.exe

D:\Program Files\Sophos SWEEP for NT\ICMON.EXE

D:\Program Files\Internet Optimizer\actalert.exe

D:\PROGRA~1\SONYER~1\MMSHOM~1\MOBILE~1\EPMWOR~1.EXE

D:\Documents and Settings\David Mayhew\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F0 - system.ini: Shell=explorer.exe D:\WINNT\System\user32.exe

F2 - REG:system.ini: Shell=explorer.exe D:\WINNT\System\user32.exe

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINNT\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - D:\WINNT\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINNT\wsem218.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - D:\WINNT\Downloaded Program Files\bridge.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINNT\nem218.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\Smc.exe -startgui

O4 - HKLM\..\Run: [Lexmark X1100 Series] "D:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] D:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

O4 - HKLM\..\Run: [WinTime] D:\WINNT\system32\wintime.exe

O4 - HKLM\..\Run: [system Service] D:\WINNT\System32\msrexe.exe

O4 - HKLM\..\Run: [internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "D:\WINNT\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [dbsjbvh] D:\WINNT\System32\dkvznl.exe

O4 - HKLM\..\Run: [msbb] d:\docume~1\davidm~1\locals~1\temp\msbb.exe

O4 - HKLM\..\Run: [ist service uninstall] D:\WINNT\mstasks2.exe /u

O4 - Global Startup: Reboot.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterCheck Monitor.LNK = D:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

Share this post


Link to post
Share on other sites

  1. HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:

[*]Install/Unzip it into C:\HJT.

[*]Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.

[*]Run HijackThis, click on scan and wait for the scan to finish.

[*]The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.

[*]Notepad will open with a copy of the log.

  • Click on "Edit" => "Select All".
  • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.

[*]Please post your entire log here for analysis.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0