• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Mark EG

Newbie Hijack user needs help.

8 posts in this topic

Can anyone have a look at my log and tell me if anything needs removing?

 

Many thanks in advance.

 

Logfile of HijackThis v1.98.0

Scan saved at 17:56:19, on 12/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\NILaunch.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Cerience\RepliGo\RepliGoMon.exe

C:\WINDOWS\DvzCommon\DvzMsgr.exe

C:\WINDOWS\webshots.scr

C:\Program Files\Palm\HOTSYNC.EXE

C:\WINDOWS\DvzCommon\DvzMsgr.exe

C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe

c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe

C:\WINDOWS\System32\wisptis.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wholeworldmarket.com/search/top/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wholeworldmarket.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wholeworldmarket.com/search/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wholeworldmarket.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wholeworldmarket.com/search/top/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wholeworldmarket.com/search/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wholeworldmarket.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wholeworldmarket.com/search/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wholeworldmarket.com/search/

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll

O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\sysdll32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O4 - Startup: Phone Connection Monitor.lnk = ?

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/124d55f8152e7e...ip/RdxIE601.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O19 - User stylesheet: C:\WINDOWS\sstyle.css

O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)

Share this post


Link to post
Share on other sites

Sorry no one has replied. Being all volunteer, you don't always get the service you need...

I've looked at quite a few of these and yours looks fairly normal. DataViz doesn't need to be sending info onto the internet so I block it with my firewall. All the O4s are the programs that run on startup. You'll notice your antivirus, etc. Here is a place viruses usually plant themselves. The following are questions I have:

 

O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\sysdll32.exe

O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"

O4 - Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: Phone Connection Monitor.lnk = ?

I'm not sure what these are. You might want to make sure you know that they are

safe. Don't disable them just because I don't know what they are. Find out.

 

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

These are main stream, but I've heard that Webshots has a spyware componant. I don't know...

 

O19 - User stylesheet: C:\WINDOWS\sstyle.css

O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)

Why are these here? I don't know.

 

I hope this helps. I probably won't be back for a while however.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0