• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
meyer

Computer is acting up!

6 posts in this topic

Here is my log, I am not sure what is all on this computer. Thanks very much for your help!!!!!

 

Logfile of HijackThis v1.97.7

Scan saved at 12:39:14 AM, on 5/21/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\wuauclt.exe

C:\DOCUME~1\main\LOCALS~1\Temp\~f39a36.tmp

C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE

C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\main\Desktop\Virus Stuff\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://defaultsearching.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://defaultsearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O1 - Hosts: 5377608764 greg-search.com

O1 - Hosts: 5377608764 www.greg-search.com

O1 - Hosts: 5377608764 drxcounter.biz

O1 - Hosts: 5377608764 muxa.cc

O1 - Hosts: 5377608764 www.muxa.cc

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [sounddrv] C:\WINDOWS\system32\sndbdrv3104.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7885.9754166667

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Could someone tell me if I have posted this log in the correct forum. I am not sure where I am supposed to post it. If it is the correct place then I apologize and disregard this message. I know there are a lot of replies to get to. Otherwise, if you could tell me where to post it or move it for me and tell me where it is. Once again sorry if I am where I need to be. Thanks for your help!!!!

Share this post


Link to post
Share on other sites

You have a couple of difficult infections. We will start with CWShredder... Please download CWShredder from the links in the bottom of my post. Set it up and open it. Close your browsers and choose FIX.

 

Next please download and run AdAware and Spybot. Install them, update them and run them. Fix all items found by AdAware and the items Checked in RED with Spybot. AdAware may say it couldn't fix one file. Please right down the name and any other info about that file, then let AdAware try to fix it. Reboot between each scan.

 

Reboot again, run HJT and post a fresh log....

Share this post


Link to post
Share on other sites

Alright, I have ran both Sbybot and Adaware and fixed all found problems. There were not any that couldn't be fixed except for sbybot needed to reboot and ran again. Here is my new log and thank you very much for your help!!!!!!!!!!

 

Logfile of HijackThis v1.97.7

Scan saved at 12:34:30 AM, on 5/27/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\main\Desktop\Virus Stuff\HJT\HijackThis.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://defaultsearching.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://defaultsearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O1 - Hosts: 5377608764 greg-search.com

O1 - Hosts: 5377608764 www.greg-search.com

O1 - Hosts: 5377608764 drxcounter.biz

O1 - Hosts: 5377608764 muxa.cc

O1 - Hosts: 5377608764 www.muxa.cc

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7885.9754166667

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

You have some CWS items, but we can try fixing them manually if CWShredder didn't fix them... We may end up having to dig deeper, but we'll try these first.

 

Before using HJT, it would be a good idea to move it to a permanent folder like C:/HJT (you will have to create one). It will make backups and they will end up all over your Desktop if you keep it where it is....

 

Close all open windows and browsers, open HJT and mark/fix:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://defaultsearching.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://defaultsearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O1 - Hosts: 5377608764 greg-search.com

O1 - Hosts: 5377608764 www.greg-search.com

O1 - Hosts: 5377608764 drxcounter.biz

O1 - Hosts: 5377608764 muxa.cc

O1 - Hosts: 5377608764 www.muxa.cc

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

 

Then reboot into Safe Mode and find/remove this folder (in bold). It will actually say more than it says here, it is shortened by HJT, but it should be the only folder that begins this way:

 

C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe

 

Then reboot and update your WinXP to SP1 with critical updates to patch vulnerabilities to a whole bunch of worms and viruses... Reboot again, run HJT and post a fresh log here....

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0