• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
msiler

HiJack This Log and some questions

3 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 8:46:02 PM, on 7/5/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINNT\System32\smss.exe

D:\WINNT\system32\winlogon.exe

D:\WINNT\system32\services.exe

D:\WINNT\system32\lsass.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\system32\spoolsv.exe

D:\WINNT\system32\cisvc.exe

D:\Program Files\Executive Software\DiskeeperLite\DKService.exe

D:\WINNT\System32\svchost.exe

D:\WINNT\system32\gearsec.exe

D:\PROGRA~1\Iomega\System32\AppServices.exe

d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

D:\PROGRA~1\NORTON~1\NORTON~3\navapsvc.exe

D:\PROGRA~1\NORTON~1\NORTON~3\npssvc.exe

D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

D:\WINNT\system32\regsvc.exe

D:\WINNT\system32\MSTask.exe

D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe

D:\WINNT\system32\stisvc.exe

D:\WINNT\System32\TSIRCSRV.EXE

D:\WINNT\System32\WBEM\WinMgmt.exe

D:\WINNT\System32\mspmspsv.exe

D:\WINNT\system32\svchost.exe

D:\Program Files\Iomega\AutoDisk\ADService.exe

D:\WINNT\system32\inetsrv\inetinfo.exe

D:\WINNT\system32\rundll32.exe

D:\WINNT\Explorer.EXE

D:\PROGRA~1\NORTON~1\NORTON~3\alertsvc.exe

D:\PROGRA~1\mcafee.com\agent\mcagent.exe

D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

d:\progra~1\mcafee.com\vso\mcvsescn.exe

D:\Program Files\MSGTAG\MSGTAG.exe

D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

D:\Program Files\Sony Handheld\HOTSYNC.EXE

D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

D:\Program Files\SpywareGuard\sgbhp.exe

D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

D:\WINNT\system32\hpoipm07.exe

D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

D:\WINNT\system32\wuauclt.exe

D:\WINNT\System32\svchost.exe

D:\PROGRA~1\MICROS~2\Office\backappl.exe

D:\Download\Spy and Malware\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.ask.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSGTAG] "D:\Program Files\MSGTAG\MSGTAG.exe" /startup

O4 - Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

O4 - Startup: AboutTime.lnk = D:\Program Files\AboutTime\AboutTime.exe

O4 - User Startup: HotSync Manager.lnk = D:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - User Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe

O4 - User Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

O4 - User Startup: AboutTime.lnk = D:\Program Files\AboutTime\AboutTime.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Help (HKCU)

O9 - Extra button: Support (HKCU)

O9 - Extra button: ComcastHSI (HKCU)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501...r2501031120.EXE

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

Here are my three recurring problems: (A,B & C)

 

(A)

These three files show up in HJT but no where else:

 

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

 

HJT fixes them but they always seem to show up again within a day or so and ALWAYS after I re-boot. If I cannot remove them permanently then is at least possible to change their HOSTS Addresses so they at least do not bring up a website or run anything malicious on my ‘puter?

 

How do I change a Hosts address?

 

(B)

These files show up in Adaware but no where else and never get full y cleaned out.

1) VX2 File Data Miner d:\winnt\system32\apaamon.dll

2) VX2 File Data Miner d:\winnt\system32\azsetupc.dll

3) VX2 File Data Miner d:\winnt\system32\axaamon.dll

4) VX2 File Data Miner d:\winnt\system32\dtmv2clt.dll

5) Virtual Bouncer

6) Also, a bunch of different .dll files of various names come and go…I know they are creating problems but can never seem to totally remove them. They refuse to be removed and always come back upon re-boot even after removing them in Safe Mode.

 

How do I delete .dll files that Spybot S&D or Adaware find?

 

©

These files show up in Spybot S&D but no where else and never get fully cleaned out.

1) IGETNET

Share this post


Link to post
Share on other sites

Re hosts file

Check this location for a hosts file-no extension:

Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC

Edit the file to remove the entries in question.

Additional info on hosts file:

http://www.pestpatrol.com/Support/HowTo/How_To_Block_Ads.asp

 

Here are some manual removal comments from doxdesk and pestpatrol for igetnet:

http://www.doxdesk.com/parasite/FavoriteMan.html

http://www.doxdesk.com/parasite/IGetNet.html

http://www.pestpatrol.com/PestInfo/i/igetnet_clearsearch.asp

 

Maybe something there will be of some help to you.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0