• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
beats303

Hijack This Log

2 posts in this topic

I have got my suspicions of a couple of things on this log. Any help would be much appreciated.

 

Logfile of HijackThis v1.98.0

Scan saved at 00:26:59, on 09/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\EXSHOW95.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software

Updater\7288971\Program\backWeb-7288971.exe

C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup

Program\viamixer.exe

C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE

C:\PROGRA~1\AOL7~1.0\aoltray.exe

C:\Program Files\AOL 7.0\waol.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tiscali.co.uk/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} -

C:\WINDOWS\System32\SWin32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime

O4 - HKLM\..\Run: [PrinTray]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\RunServices: [RegisterDropHandler]

C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor]

C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: Event Reminder.lnk = C:\Program

Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program

Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE

O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL

7.0\aoltray.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak

EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK

Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE

O4 - Global Startup: ViaMixer.lnk = C:\Program Files\VIA Technologies, Inc\VIA

Audio Driver Setup Program\viamixer.exe

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{FAE94320-3601-4117-BBCB-60B89415D7E2}:

NameServer = 195.93.33.134

Share this post


Link to post
Share on other sites

Hello beats303

 

Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked'.

 

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} -

C:\WINDOWS\System32\SWin32.dll

 

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

 

Now reboot your computer and start in safe mode. To do this, press the F8 key repeatedly as the computer starts up until you see a menu screen (if Windows starts normally, restart it again). Use the arrow keys to highlight "Safe Mode" and press Enter. For further information on safe mode click here

 

Make sure you have all hidden files shown

 

Search for all files containing automove.exe It will probably find the following files - if so delete any that appear.

 

C:\WINDOWS\System32\automove.exe

c:\windows\system\SWin32.dll

c:\windows\system\trans.exe

 

Reboot normally

 

These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

This is a registration reminder that is used by a number of different companies. It is not needed and some people think that it reports back to the company about your computer and is not vital to the running of the software, so I suggest fixing it...

 

Press ctrl+alt+delete to bring up the task manager and under the process tab end this process KODAK Software Updater

 

Then fix this line with HijackThis

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

 

Then delete this file

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

 

Reboot and post a fresh log so we can check that everything has been cleaned.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0