• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tweekster

HiJack this log - PLease help

4 posts in this topic

Hey guys.....I got a log that is driving me mad...please someone tell me what to do. I haev tried CWS and Ad-serve and even Spybot, what am I missing?

 

Logfile of HijackThis v1.97.7

Scan saved at 8:04:07 PM, on 7/8/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ScsiAccess.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\documents and settings\david daniel\local settings\temp\Z.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\WINNT\system32\ctfmon.exe

C:\WINNT\system32\icccfgx.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINNT\system32\Mwfn.exe

C:\WINNT\system32\RfheEl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\David Daniel\My Documents\Downloads\HijackThis.exe

C:\Documents and Settings\David Daniel\My Documents\Downloads\nsradioplus1.exe

C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\pftF.tmp\Wrapper.exe

C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\pftF.tmp\Setup.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

O4 - HKLM\..\Run: [Z] C:\documents and settings\david daniel\local settings\temp\Z.exe

O4 - HKLM\..\Run: [2HJ29YL362GLG8] C:\WINNT\system32\Cjo9g.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [H0t9RUH4i] icccfgx.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"

O4 - HKLM\..\RunOnce: [spyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra button: PartyPoker.com (HKLM)

O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7951.5964699074

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GINBILLARD8 Class) - http://66.98.132.156/g_bin/billard8_2_0_0_17.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

You have the Peper trojan, which requires special treatment to put it out of your misery!

Please download and run this uninstaller.

 

Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

 

Next, open the folder C:\Program Files\Common Files\midaddle, and see if there is an uninstaller in there. If so, run it.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

 

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)

 

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing)

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

 

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

 

O4 - HKLM\..\Run: [Z] C:\documents and settings\david daniel\local settings\temp\Z.exe

O4 - HKLM\..\Run: [2HJ29YL362GLG8] C:\WINNT\system32\Cjo9g.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [H0t9RUH4i] icccfgx.exe

 

O9 - Extra button: PartyPoker.com (HKLM)

O9 - Extra button: WeatherBug (HKCU)

 

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab

Reboot and delete

 

files

All files in the C:\documents and settings\david daniel\local settings\temp folder

C:\WINNT\system32\Cjo9g.exe

 

folders

C:\Program Files\AutoUpdate

C:\Program Files\Common files\updmgr

C:\WINNT\system32\pcs\

C:\Program Files\Common Files\Dpi

C:\Program Files\AWS

C:\Program Files\Common Files\midaddle

C:\Program Files\IncrediFind

C:\Program Files\SEP

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

dave38

 

your a genius. I have never heard of Peper, thansk for the heads up. I will watch for that one now on.

 

I am posting the updated HiJack THis log...the only difference is the AWS file, I didnt delete it because i use the weather bug quite a bit.

 

ANything else needed bashed???

 

Logfile of HijackThis v1.97.7

Scan saved at 6:16:24 PM, on 7/9/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ScsiAccess.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe

C:\WINNT\Explorer.EXE

C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe

C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\WINNT\system32\ctfmon.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE

C:\Documents and Settings\David Daniel\My Documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7951.5964699074

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GINBILLARD8 Class) - http://66.98.132.156/g_bin/billard8_2_0_0_17.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

Weatherbug is you choice. It does provide an open door to Adware, so keep AdAware/Spybot updated!

 

Nice clean log. Well done Any problems now?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0