• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Jennifer

W32.Klez.H@mm

6 posts in this topic

Can you please look @ my log and let me know if you find anything? My computer is not working properly.

 

Logfile of HijackThis v1.98.0

Scan saved at 12:21:56 PM, on 7/15/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\HIJACKTHIS[1].EXE

 

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O13 - WWW. Prefix: http://

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2001122...all/xscan53.cab

O16 - DPF: {16A6152E-9737-11D5-A6DC-00D0B721CA48} (PlugXCtl Class) - https://lht.lancer-ins.com/PlugX.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Share this post


Link to post
Share on other sites

Your log is being analyzed. You should receive a reply within a few hours to a few days.

Share this post


Link to post
Share on other sites

If you have not yet removed W32.Klez.H@mm with an antivirus software, please download and run McAfee Stinger.

 

Run HijackThis and check all of the following – BUT DO NOT FIX YET:

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe

 

There are restrictions in place for your control panel. Many malware programs as well as legitimate programs such as Spybot S&D can set these restrictions. If you or your administrator have not placed restrictions on your control panel, then check the following to be fixed.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

After you have checked everything that needs to be fixed (items in red) and any optional fixes (items in blue), close all open windows including Internet Explorer and Windows Explorer and click the “Fix Checked” button.

 

Reboot

 

Delete the following files. You might have to set your computer to show hidden files and you may have to use the search function on the start menu.:

C:\Program Files\Common Files\updater\wupdater.exe

C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL <- This file might be located at: C:\Program files\incredifind\bho\incfindbho.dll

 

Delete the following folders. Caution: Only delete the ‘updater’ and ‘incred~2’ folders, not the ‘C:\Program Files\Common Files’ and ‘C:\PROGRA~1’ folders.

C:\Program Files\Common Files\updater

C:\PROGRA~1\INCRED~2\ <- This folder might be the same as: C:\Program files\incredifind

 

Post a new log to see if we missed anything.

 

Regular scans with Ad-Aware and Spybot are a good start to removing malware from your computer. However these tools will not prevent malware from being installed on your computer. For information on preventing or reducing your risk of future malware infections, click here.

Share this post


Link to post
Share on other sites

Thank you so much for your help. Here is my new log. :wave:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:31:34 PM, on 7/16/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE

C:\PROGRAM FILES\HIJACKTHIS[1].EXE

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O13 - WWW. Prefix: http://

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2001122...all/xscan53.cab

O16 - DPF: {16A6152E-9737-11D5-A6DC-00D0B721CA48} (PlugXCtl Class) - https://lht.lancer-ins.com/PlugX.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0