• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
nightm4re

Need help....

12 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 2:23:19 PM, on 7/9/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

F:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

F:\NORTON~1\SPEEDD~1\nopdb.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\ASUS\Probe\AsusProb.exe

F:\Program Files\Common Files\Real\Update_OB\realsched.exe

F:\WINDOWS\Mixer.exe

F:\PCI Audio Applications\Bin\EchoCtrl.exe

F:\WINDOWS\System32\ctfmon.exe

F:\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\WINDOWS\System32\wuauclt.exe

F:\Documents and Settings\Chris\Desktop\HijackThis.exe

F:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://F:\PROGRA~1\Toolbar\toolbar.dll/sa

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://F:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

F2 - REG:system.ini: Shell=

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - F:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O3 - Toolbar: thunk dale dead - {B53C3F1B-85EE-7369-24D1-FD9081E58007} - F:\PROGRA~1\SECTFI~1\oncekeep.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ASUS Probe] F:\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [C-Media Echo Control] F:\PCI Audio Applications\Bin\EchoCtrl.exe

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.4787152778

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.homer-j-simpson.com/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://imbum.com/Imbum_bw.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

Share this post


Link to post
Share on other sites

may i add that when i run adaware and spybot this one file keeps poping up in my system32 folder (under different names) and it cannot get rid of it.... it keeps multiplying and adding more spyware onto my PC and i have no idea how to get rid of it. Everytiem i run adaware/spybot i have more spyware... i just cant get my system clean. Im just hoping it will be somewhere in that log.

Share this post


Link to post
Share on other sites

I want you to fix some of those entries. Please do the following:

 

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

 

How to see hidden files in Windows

 

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://F:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://F:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - F:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O3 - Toolbar: thunk dale dead - {B53C3F1B-85EE-7369-24D1-FD9081E58007} - F:\PROGRA~1\SECTFI~1\oncekeep.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://imbum.com/Imbum_bw.cab

 

 

Reboot your computer into Safe Mode and delete the following files:

 

Then delete these files or directories (Do not be concerned if they do not exist)

F:\PROGRA~1\Toolbar\

F:\Program Files\QuickSearch\

F:\PROGRAM FILES\SECTFI~1\oncekeep.dll

 

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

 

Managing Windows Millenium System Restore

or

 

Windows XP System Restore Guide

 

Renable system restore with instructions from tutorial above

 

Reboot your computer to go back to normal mode and post a new log.

Share this post


Link to post
Share on other sites

Ok ill try that when i have some time.

 

Do you think that doing that will fix this one problem.... my toolbar for windows doesnt have the quickbar and it wont let me add it..... think doing what you said will fix that so i can get my quickbar back?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 6:39:11 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\WINDOWS\system32\spoolsv.exe

F:\NORTON~1\NORTON~4\GHOSTS~2.EXE

F:\Norton SystemWorks\Norton Antivirus\navapsvc.exe

F:\NORTON~1\NORTON~2\NPROTECT.EXE

F:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

F:\Norton SystemWorks\Norton Antivirus\SAVScan.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\ASUS\Probe\AsusProb.exe

F:\Program Files\Common Files\Real\Update_OB\realsched.exe

F:\WINDOWS\Mixer.exe

F:\PCI Audio Applications\Bin\EchoCtrl.exe

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

F:\Norton SystemWorks\Password Manager\AcctMgr.exe

F:\WINDOWS\System32\ctfmon.exe

F:\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\InterVideo\DVD\WinDVD.exe

F:\Registry Mechanic\RegMech.exe

F:\NVDVD\NvDvd.exe

F:\Program Files\Messenger\msmsgs.exe

F:\Documents and Settings\Chris\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ASUS Probe] F:\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [C-Media Echo Control] F:\PCI Audio Applications\Bin\EchoCtrl.exe

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WinTools] F:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [AcctMgr] F:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.4787152778

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.homer-j-simpson.com/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

 

 

 

thats a log as of today, after i repaired the problems you identified. Anything else look suspicious?

Share this post


Link to post
Share on other sites

Yup, there is some more stuff there.

 

Please do the following:

 

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

 

Window Search

Win Tools

IEtools

IESearch

Windows Assistant

WindowsSA

Search Assistant

Windows Search Assistant

 

When uninstalling you wil prompted to insert a security code. Please do so and reboot when done.

 

If you do not see thsee two programs in your Add/Remove programs then download and run both of these uninstallers:

 

http://lop.com/new_uninstall.exe

http://lop.com/toolbar_uninstall.exe

 

Then,

 

I want you to fix some of those entries. Please do the following:

 

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

 

How to see hidden files in Windows

 

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

O4 - HKLM\..\Run: [WinTools] F:\Program Files\Common files\WinTools\WToolsA.exe

 

Reboot your computer into Safe Mode and delete the following files:

 

Then delete these files or directories (Do not be concerned if they do not exist)

F:\Program Files\Common files\WinTools\

 

Disable System Restore. You can find instructions on how to enable and reenable system restore here:

 

Managing Windows Millenium System Restore

or

 

Windows XP System Restore Guide

 

Renable system restore with instructions from tutorial above

 

Reboot your computer to go back to normal mode and post a new log.

Share this post


Link to post
Share on other sites

I was unable to download thoes files due to security settings. It told me that my security settings do not allow me to download thoes files.

 

Here is a most recent log as of today...

 

 

Logfile of HijackThis v1.97.7

Scan saved at 6:50:43 PM, on 7/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\ASUS\Probe\AsusProb.exe

F:\Program Files\Common Files\Real\Update_OB\realsched.exe

F:\WINDOWS\Mixer.exe

F:\PCI Audio Applications\Bin\EchoCtrl.exe

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

F:\Norton SystemWorks\Password Manager\AcctMgr.exe

F:\WINDOWS\System32\ctfmon.exe

F:\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Program Files\Messenger\msmsgs.exe

F:\NORTON~1\NORTON~4\GHOSTS~2.EXE

F:\Norton SystemWorks\Norton Antivirus\navapsvc.exe

F:\NORTON~1\NORTON~2\NPROTECT.EXE

F:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

F:\Norton SystemWorks\Norton Antivirus\SAVScan.exe

F:\Program Files\Symantec\LiveUpdate\LUALL.EXE

F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

F:\Norton SystemWorks\Norton Utilities\Speed Disk\sdntc.exe

F:\Program Files\Internet Explorer\iexplore.exe

F:\Documents and Settings\Chris\Desktop\Programs\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thematrixonline.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ASUS Probe] F:\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [C-Media Echo Control] F:\PCI Audio Applications\Bin\EchoCtrl.exe

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [AcctMgr] F:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.4787152778

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.homer-j-simpson.com/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

 

 

 

 

What software do you reccomend that i use to keep my PC clean?

Share this post


Link to post
Share on other sites

Do the following:

 

Open up IE.

 

Click on tools, then internet options.

 

Click on Security. Click on once on Restricted Sites.

Click on the sites button.

A window will open with a list of various domains. Scroll through the list till you see entries like lop.com or *.lop.com and remove them. Write down the entries because you will need to come back here later and install them again.

 

Once you remove them press ok, then ok. Then restart IE and try again.

Share this post


Link to post
Share on other sites

ok i dloaded and used thoes files, heres a log as of today.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 5:41:09 PM, on 7/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\ASUS\Probe\AsusProb.exe

F:\Program Files\Common Files\Real\Update_OB\realsched.exe

F:\WINDOWS\Mixer.exe

F:\PCI Audio Applications\Bin\EchoCtrl.exe

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

F:\Norton SystemWorks\Password Manager\AcctMgr.exe

F:\WINDOWS\System32\ctfmon.exe

F:\InterVideo\Common\Bin\WinCinemaMgr.exe

F:\Program Files\Messenger\msmsgs.exe

F:\NORTON~1\NORTON~4\GHOSTS~2.EXE

F:\Norton SystemWorks\Norton Antivirus\navapsvc.exe

F:\NORTON~1\NORTON~2\NPROTECT.EXE

F:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

F:\Norton SystemWorks\Norton Antivirus\SAVScan.exe

F:\AIM\aim.exe

F:\Program Files\Internet Explorer\iexplore.exe

F:\Documents and Settings\Chris\Desktop\Programs\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thematrixonline.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ASUS Probe] F:\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [C-Media Speaker Configuration] \Setup.exe /SPEAKER

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [C-Media Echo Control] F:\PCI Audio Applications\Bin\EchoCtrl.exe

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [AcctMgr] F:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8122.4787152778

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.homer-j-simpson.com/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

Share this post


Link to post
Share on other sites

Log for VX2.BetterInternet File Finder (msg126)

 

Files Found---

 

Additional Files---

F:\WINDOWS\System32\spOrder.dll

 

Keys Under Notify---AtiExtEvent

Keys Under Notify---crypt32chain

Keys Under Notify---cryptnet

Keys Under Notify---cscdll

Keys Under Notify---ScCertProp

Keys Under Notify---Schedule

Keys Under Notify---sclgntfy

Keys Under Notify---SensLogn

Keys Under Notify---termsrv

Keys Under Notify---wlballoon

 

 

Guardian Key--- is called:

 

User Agent String---

Share this post


Link to post
Share on other sites

Sign off and stay off the internet until the entire procedure is complete.

 

Open VX2Finder and click on the *click to find VX2.BetterInternet* button.

 

Put a checkmark next to each item

Then select the *Delete these files* button.

You will be left with notice about one to be deleted on reboot.

It will ask to reboot on deletion of the last file (Reboot)

 

Once back in Windows

 

Open VX2Finder again and click on these buttons in the right pane:

 

user agent, Guardian.reg, restore policy

 

Exit and reboot.

 

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Post it here with a fresh HijackThis log please.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0