• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
twiggs

How bad is it??? pleae help w/ log

3 posts in this topic

I am having a lot of trouble getting rid of the spyware on my pc. I have run spybot and adaware many many times but they still keep coming back!! can someone take a look at my hijackthis log and help me identify the problems and fix them. Any help is greatly appreciated.

 

Thank You

Logfile of HijackThis v1.98.0

Scan saved at 10:46:53 AM, on 7/14/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\scagent.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\SYSTEM32\services\msxmidi.exe

C:\Documents and Settings\Scott\Application Data\ttuh.exe

C:\WINDOWS\System32\oqlufvgp.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\SYSTEM32\services\12345.exe

C:\WINDOWS\SYSTEM32\services\dale.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft Works\MSWorks.exe

C:\WINDOWS\System32\d3dim700.exe

C:\WINDOWS\System32\npnsdad.exe

C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ls0.net/home.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ls0.net/srchasst.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ls0.net/srchasst.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ls0.net/home.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {34DA6370-E56C-009D-8055-63550DA0273F} - C:\WINDOWS\System32\iod.dll

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set

O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\msxmidi.exe

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"

O4 - HKCU\..\Run: [d3dim700] C:\WINDOWS\System32\d3dim700.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott\Application Data\ttuh.exe

O4 - HKCU\..\Run: [ixweu] C:\WINDOWS\System32\oqlufvgp.exe

O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\msxmidi.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm

O15 - Trusted Zone: www.mt-download.com

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...0e1e2729109a237

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll

O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - (no file)

Share this post


Link to post
Share on other sites

Ok tick and fix the following in Hijackthis with all windows closed except Hijackthis.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ls0.net/home.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ls0.net/srchasst.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ls0.net/srchasst.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ls0.net/srchasst.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ls0.net/home.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {34DA6370-E56C-009D-8055-63550DA0273F} - C:\WINDOWS\System32\iod.dll

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set

O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\msxmidi.exe

O4 - HKCU\..\Run: [d3dim700] C:\WINDOWS\System32\d3dim700.exe

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott\Application Data\ttuh.exe

O4 - HKCU\..\Run: [ixweu] C:\WINDOWS\System32\oqlufvgp.exe

O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\msxmidi.exe

O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm

O15 - Trusted Zone: www.mt-download.com

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll

O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - (no file)

 

Reboot then find the following files and delete them.

 

C:\WINDOWS\SYSTEM32\services\msxmidi.exe

C:\WINDOWS\System32\d3dim700.exe

C:\Documents and Settings\Scott\Application Data\ttuh.exe

C:\WINDOWS\System32\oqlufvgp.exe

C:\WINDOWS\SYSTEM32\services\msxmidi.exe

 

Then post a new log here in a reply.

Edited by therock247uk

Share this post


Link to post
Share on other sites

Thanks for your help. I tried to delete the items you listed however there were some that I could not delete. here is the new log...

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:06:48 PM, on 7/15/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\services\msxmidi.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Documents and Settings\Scott\Application Data\ttuh.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\SYSTEM32\services\dale.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\scagent.exe

C:\WINDOWS\fierm.exe

C:\WINDOWS\System32\d3dim700.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Scott\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Scott\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Scott\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Scott\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Scott\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Scott\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM32\services\msxmidi.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott\Application Data\ttuh.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...0e1e2729109a237

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\System32\msxword.dll

O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - (no file)

O18 - Filter: text/plain - {958714E4-62E4-419A-9347-244B1FC870CF} - C:\WINDOWS\System32\boa.dll

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0