• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
cormann

An Absolute Mess!

2 posts in this topic

Hello everyone! I am trying to fix my mom's laptop. It's a mess. There is a ton of spyware/malware on it including ad rotator, some horoscope program and a pop-up that has a number on the window (cant remember the exact name) All of the window updates need to be installed but everytime I download and install them then reboot, it says that the system still needs all of the updates I just installed. Also, a message comes up that says "Files that are required for windows to run properly have been replaced by unrecognized versions...etc" It wants me to replace the files but I have no means to do so. Also, the computer shuts down randomly. I have run adaware, spybot, read the FAQ and the Hijack this file is below. Thanks so much in advance for any help.

 

Cory

 

Logfile of HijackThis v1.98.0

Scan saved at 11:12:57 PM, on 7/16/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\WINDOWS\System32\automove.exe

C:\WINDOWS\bokja.exe

C:\WINDOWS\wovax.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\VVSN\VVSN.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\NETGEAR\MA401_MA301_Adapter\Config.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\STC\CSV5P070.exe

C:\Program Files\Common Files\Slmss\slmss.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Program Files\My Daily Horoscope\MyDailyHoroscope.exe

C:\Program Files\ClearSearch\csAOLldr.exe

C:\Documents and Settings\Barbara\Desktop\HijackThis.exe

C:\Program Files\Bargain Buddy\bin2\bargains.exe

C:\PROGRA~1\eZula\mmod.exe

C:\Program Files\DownloadWare\dw.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirect...&c=3c01&lc=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)

O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [nwwhmq] C:\WINDOWS\System32\ugiygi.exe

O4 - HKLM\..\Run: [wovax] C:\WINDOWS\wovax.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe

O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: Configuration Utility.lnk = ?

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409

O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.yahoo.com/java/y/mlbst8298_x.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...porter.cab?RND=

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

Share this post


Link to post
Share on other sites

Hello,

 

Right now, you have HijackThis on the Desktop. It needs to be in its own folder so that any backup copies it makes will be kept together and not scattered about your Desktop. Please right click on a blank space on your Desktop, select “New” then “Folder.” Name the new folder something like HJT or HijackThis. Now, you can just drag HijackThis into its new folder, using the left mouse button.

 

Please print out the following instructions....

 

If you are not running version 1.3 of Spybot S & D, click here to download Spybot Search & Destroy v1.3 - install, update, scan in Safe Mode......

 

Reboot into safe mode, this way:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Fix all RED items it finds. Reboot to normal mode when done.

 

Perform a customized Ad-aware scan in Safe Mode........

 

If you do not have the latest version of Ad-aware, version 6, Build 6.181, click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then boot into Safe Mode, start the program, and click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal."

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned sites" and "Scan my Hosts file."

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start," make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot into normal mode when finished.

 

Next, perform online virus scans at both Trend Micro and Panda Software. Also, perform an online Trojan scan. (Use the links in my signature below). Allow the programs to delete all that they may find. Reboot after each scan.

 

Scan with HijackThis and post a fresh log into this same thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0