• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
SloBurn

Log File

4 posts in this topic

heya, I just found this site. Today I have been getting these windows popping up from 88dvd.com and gmz88.com etc when I go to pretty much anything. Doesn't happen every time, usually only on new sites. Anyhow, I have run adaware and it seems to pick up one or two things every time, I have spybot but it gets 90% through and stops due to an error when it reaches Xabot.

 

Have downloaded HJT and log file is as follows:

 

Logfile of HijackThis v1.98.0

Scan saved at 0:30:24 a.m., on 6/07/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

D:\Utilities\nortonAV\navapsvc.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\sdpasvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\GSICON.EXE

C:\WINNT\system32\DSLAGENT.EXE

D:\UTILIT~1\nortonAV\navapw32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\WINNT\system32\msstart.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Utilities\Ventrilo\Ventrilo.exe

C:\WINNT\system32\mmc.exe

D:\Saves and Installs\hijackthis1980.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qu123.com

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

R3 - URLSearchHook: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Utilities\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utilities\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Utilities\nortonAV\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Utilities\nortonAV\NavShExt.dll

O3 - Toolbar: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE PCI

O4 - HKLM\..\Run: [NAV Agent] D:\UTILIT~1\nortonAV\navapw32.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [msstart] C:\WINNT\system32\msstart.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Utilities\MSOffice\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\UTILIT~1\MSOffice\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Internet\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Internet\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{998E4914-32ED-4B33-AE66-D00A692BFCEA}: NameServer = 203.109.252.42 203.109.252.43

 

 

 

Any ideas?

Share this post


Link to post
Share on other sites

Have tried a couple of things, found some P2P networking and have deleted it and all references to it from my registry but to no avail....

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

R3 - URLSearchHook: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

 

 

O3 - Toolbar: (no name) - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file)

 

:alarm: O4 - HKLM\..\Run: [msstart] C:\WINNT\system32\msstart.exe :alarm:

 

 

Reboot and delete the file C:\WINNT\system32\msstart.exe (This is the BKDR_LIVUP.C virus!)

See Trend for details.

 

These may be hidden files. See HERE for how to show hidden files.

 

An on line scan from either Housecall or Panda A/V would be a good idea to ensure that there are no other nasties lurking in corners.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 21:27:59 p.m., on 6/07/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

D:\Utilities\nortonAV\navapsvc.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\sdpasvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\MsPMSPSv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\GSICON.EXE

C:\WINNT\system32\DSLAGENT.EXE

D:\UTILIT~1\nortonAV\navapw32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

D:\Internet\ICQ\Icq.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\APPZ\hijackthis1980.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Utilities\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utilities\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Utilities\nortonAV\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Utilities\nortonAV\NavShExt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE PCI

O4 - HKLM\..\Run: [NAV Agent] D:\UTILIT~1\nortonAV\navapw32.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Utilities\MSOffice\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\UTILIT~1\MSOffice\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Internet\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Internet\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{998E4914-32ED-4B33-AE66-D00A692BFCEA}: NameServer = 203.109.252.42 203.109.252.43

 

 

 

Seems to be all good now, haven't seen the stupid popup. Any idea what might cause an error in spybot?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0