• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
dmbfan

new to hijackthis-how bad is this log?

3 posts in this topic

this is my work computer, and it constintly gives me problems with printing. Sometimes it just wont print and I have to shut it down and restart it to make it work every day. I also had a trojanhorse and believe its still there. Thank you in advance.

 

Logfile of HijackThis v1.98.0

Scan saved at 9:23:53 AM, on 7/12/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE

C:\WINDOWS\MWSVM.EXE

C:\WINDOWS\UPTODATE.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\COMMON FILES\KEENVALUE\KEENVALUE.EXE

C:\PROGRAM FILES\A2\A2GUARD.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\COMMON FILES\KEENVALUE\KWM.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\5FK5PMEU\HIJACKTHIS[1].EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?se...B&version_id=18

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by United Parcel Service

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

O2 - BHO: FeaturedResultsBHO Class - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\SYSTEM\MSIEFR40.DLL

O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\SYSTEM\INETP60.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - (no file)

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINDOWS\SYSTEM\STLBUPDT.DLL

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe

O4 - HKLM\..\Run: [TB_setup] C:\WINDOWS\TEMP\TB_SETUP.EXE /dcheck

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE

O4 - HKLM\..\Run: [566ZS2K2N9LAT#] C:\WINDOWS\SYSTEM\WmvDwc.exe

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe

O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\SYSTEM\INETP60.DLL,DllRunServer

O4 - HKLM\..\Run: [ANQHXOB] C:\WINDOWS\ANQHXOB.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINDOWS\SYSTEM\STLBUPDT.DLL,DllRunMain

O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\SYSTEM\MSIEFR40.DLL,DllRunServer

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscan.exe

O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"

O4 - Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PLDReminder.exe

O4 - Startup: Small Business Workstation Setup.lnk = SETUP\WIN95\startcli.exe

O4 - Global Startup: updater.lnk = C:\Program Files\Common files\Updater\wupdater.exe

O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common files\KeenValue\KeenValue.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE

O14 - IERESET.INF: START_PAGE_URL=

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/...308/mcfscan.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/095da2d389d8887b2a16/...ip/RdxIE601.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.116.241.10,216.99.225.31

O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)

Share this post


Link to post
Share on other sites

Hello, you have some bits of spyware that is best removed by special tools.

 

Can you please download the latest version 1.59.1 of the CWShredder. Close ALL browsers and all other open windows, then run the CWShredder. Select 'FIX' . When it has finished, please restart your unit,

 

Next,

You have picked up the Peper trojan. To remove it, can you please download the PeperFix tool,

  • save it to your desktop,
  • close all browsers and doubleclick on it,
  • click 'Find and Fix' and reboot if prompted

Then, can you please download the Ad-aware 6 Free program from here Ad-aware 6 Free and install it.

Before scanning with Ad-aware 6 Free:

Run a FULL adaware scan using the following configuration below

  • Update
    • Select Check for updates.
    • Then Connect and download 01R332 12.07.2004 or latest.

    [*] Select the gear wheel at the top and tick the following to get a green circle.

    [*] Select General

    • Automatically save log-file.
    • Automatically quarantine objects prior to removal.
    • Safe mode.

    [*] Select Scanning

    • In Drives & Folders,
      • Scan within Archives.
      • Select- Click here to select Drives + folders, select all hard drives.

      [*] In Memory & Registry, select all available options.

    [*] Select Tweaks > Scanning Engine

    • Unload recognized processes during scanning.
    • Include basic ad-aware settings.
    • Include additional ad-aware settings.

    [*]Select Tweaks > Cleaning Engine:

    • Let Windows remove files in use at next reboot.

    [*]Click Proceed, then Start and make sure Activate in-depth scan is green.

    [*]Select ‘Use custom scan’ and hit ‘Next’ to let Ad-Aware scan your drives.

It will list "bad" files and registry keys. Click ‘Next’.

Rightclick in the list and choose Select All and click next.

 

It will ask for verification of checked items. Choose OK.

 

Finally , can you please create a folder such as C:\hijack\ and then move your 'hijack this.exe ' program and the backup folder, if present, from the old location into the new hijack folder, and then post a fresh hijack log to see what s left.

thanks.

Edited by pfofit

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team

an email with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0