• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Dookz

Need help hijackthis

6 posts in this topic

I've used adware and spybot removals but Pop-ups and bad homepages keep coming back along with slightly slow performance.

 

Logfile of HijackThis v1.97.7

Scan saved at 3:03:26 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\SSBRLA\InSight\ARUpld32.exe

C:\SSBRLA\InSight\ARMon32a.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\vnxserv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\atlmy.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\apiss.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\AIM+\AIM+.exe

C:\Program Files\AIM\aim.exe

C:\Documents and Settings\Alexander Duque.DUQUE\Desktop\Games\Adwares remover\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twffo.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://twffo.dll/index.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://twffo.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twffo.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://twffo.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\twffo.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3961A393-4FBC-54F8-3D1B-12335B7881AF} - C:\WINDOWS\addjq32.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [apiss.exe] C:\WINDOWS\system32\apiss.exe

O4 - HKLM\..\RunServices: [AccessRampLAN 01] C:\SSBRLA\Insight\ArUpld32.exe

O4 - HKLM\..\RunServices: [AccessRampMonitor 01] C:\SSBRLA\Insight\ArMon32a.exe

O4 - HKCU\..\Run: [superRam] "C:\Program Files\SuperRam\SuperRam.exe"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [mfcta32.exe] C:\WINDOWS\mfcta32.exe

O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\system32\atlmy.exe

O4 - HKLM\..\RunOnce: [apibt.exe] C:\WINDOWS\apibt.exe

O4 - HKLM\..\RunOnce: [netif.exe] C:\WINDOWS\system32\netif.exe

O4 - HKLM\..\RunOnce: [netvk32.exe] C:\WINDOWS\netvk32.exe

O4 - Global Startup: America Online 7.0 Tray Icon.lnk.disabled

O4 - Global Startup: Digital Line Detect.lnk.disabled

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: MoneySide (HKLM)

Share this post


Link to post
Share on other sites

Download About:Buster from Here (but don't run it yet)

 

http://www.downloads.subratam.org/AboutBuster.zip

 

Unzip it to your desktop.

 

Run another hijackthis scan. Place a check next to the following entrie, then close all open windows and click the fix button.

O2 - BHO: (no name) - {3961A393-4FBC-54F8-3D1B-12335B7881AF} - C:\WINDOWS\addjq32.dll

O4 - HKLM\..\Run: [apiss.exe] C:\WINDOWS\system32\apiss.exe

O4 - HKLM\..\RunOnce: [mfcta32.exe] C:\WINDOWS\mfcta32.exe

O4 - HKLM\..\RunOnce: [atlmy.exe] C:\WINDOWS\system32\atlmy.exe

O4 - HKLM\..\RunOnce: [apibt.exe] C:\WINDOWS\apibt.exe

O4 - HKLM\..\RunOnce: [netif.exe] C:\WINDOWS\system32\netif.exe

O4 - HKLM\..\RunOnce: [netvk32.exe] C:\WINDOWS\netvk32.exe

Close hijackthis.

Open About:buster and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Post the report and a new Hijack this log here.

Share this post


Link to post
Share on other sites

-- Scan 1 --------

About:Buster Version 1.30

Removed! : C:\WINDOWS\ronyn.dat

Removed! : C:\WINDOWS\ronyn.dll

Error Removing! : C:\WINDOWS\System32\atlmy.exe

Removed! : C:\WINDOWS\System32\qeiwc.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 2:33:04 PM, on 7/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\SSBRLA\InSight\ARUpld32.exe

C:\SSBRLA\InSight\ARMon32a.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\vnxserv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\atlmy.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\apiss.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Alexander Duque.DUQUE\Desktop\Games\Adwares remover\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EE68202E-7278-D318-0378-FD11A3F795EB} - C:\WINDOWS\system32\d3yk32.dll

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [apiss.exe] C:\WINDOWS\system32\apiss.exe

O4 - HKLM\..\RunServices: [AccessRampLAN 01] C:\SSBRLA\Insight\ArUpld32.exe

O4 - HKLM\..\RunServices: [AccessRampMonitor 01] C:\SSBRLA\Insight\ArMon32a.exe

O4 - HKCU\..\Run: [superRam] "C:\Program Files\SuperRam\SuperRam.exe"

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM\..\RunOnce: [ipti32.exe] C:\WINDOWS\ipti32.exe

O4 - HKLM\..\RunOnce: [addwy32.exe] C:\WINDOWS\addwy32.exe

O4 - HKLM\..\RunOnce: [mfcte.exe] C:\WINDOWS\mfcte.exe

O4 - Global Startup: America Online 7.0 Tray Icon.lnk.disabled

O4 - Global Startup: Digital Line Detect.lnk.disabled

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: MoneySide (HKLM)

Share this post


Link to post
Share on other sites

In my previous post the word safe mode is a link. Just click on it and it will take you to a page that gives instructions on booting to safe mode.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0