• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
navadude_2000

help i think i been hijacked

2 posts in this topic

When I run spybot the following message appears, I get rid of it and when i run spybot again, it keeps coming back. I also ran webroot spysweeper and it does not find anything. The log is also attached.

 

Possible extension hijack extension

 

hkey_classes_root\regfile\shellopen\command\!=regedit.exe"%1"

hkey_classes_root\scrfile\shell\open\command\!="%1"/s

 

Log file

 

Logfile of HijackThis v1.97.7

Scan saved at 11:29:03 PM, on 7/18/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE

C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\SYSTEM\CTFMON.EXE

C:\PROGRAM FILES\ONTRACK\FIX-IT\MXTASK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\SYSTEM\svohost.exe

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {5C328C41-D267-11D7-995C-0040F45778A9} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [spybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\ONTRACK\FIX-IT\MEMCHECK.EXE

O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask

O4 - HKLM\..\Run: [QGKJWZG85] C:\WINDOWS\TEMP\QGKJWZG85.EXE

O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\Run: [o8mQ36P] DCOTRL16.EXE

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"

O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE

O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe

O4 - HKLM\..\RunServices: [VidSvr]

O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /1

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

O4 - HKCU\..\Run: [Morpheus] "C:\Program Files\StreamCast\Morpheus\Morpheus.exe" -min

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [Zz54RWj9R] DEVOSUSR.EXE

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\RunServices: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /1

O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

O4 - HKCU\..\RunServices: [Morpheus] "C:\Program Files\StreamCast\Morpheus\Morpheus.exe" -min

O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\RunServices: [Zz54RWj9R] DEVOSUSR.EXE

O4 - HKCU\..\RunServices: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - Startup: Fix-It.lnk = C:\PROGRAM FILES\ONTRACK\FIX-IT\MXTASK.EXE

O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe

O4 - Startup: HPAiODevice(hp officejet v series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe

O4 - Startup: WinPopup.lnk = C:\WINDOWS\WINPOPUP.EXE

O4 - Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...371/mcfscan.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

 

 

 

 

THX @ my wits end

Share this post


Link to post
Share on other sites

Hello,

 

You need to get the newest version of HijackThis. Open HijackThis, click on -- > Config -- > Misc Tools -- > click on the "check for update online" button and update to v1.98.

 

P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. It is strongly recommended that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ Go to your control panel, then to add/remove programs...uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say 'Yes.' Then, remove the associated RED entries in HijackThis as well.

 

NOTE: Please print a copy of these instructions because you will be working in Safe Mode and/or with all windows closed except HijackThis.

 

Please run HijackThis in Safe Mode

 

Also, enable the ”Show Hidden Files and Folders” option:

 

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Apply to confirm.

Click OK.

 

Place a check mark next to the following items then, WITH ALL OTHER WINDOWS CLOSED, select “fix checked.”

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

 

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\SYSTEM\svohost.exe

 

O2 - BHO: (no name) - {5C328C41-D267-11D7-995C-0040F45778A9} - (no file)

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

 

04 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

 

O4 - HKLM\..\Run: [QGKJWZG85] C:\WINDOWS\TEMP\QGKJWZG85.EXE

 

O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

 

O4 - HKLM\..\Run: [o8mQ36P] DCOTRL16.EXE

 

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

 

O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE

 

O4 - HKCU\..\Run: [Zz54RWj9R] DEVOSUSR.EXE

 

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

 

O4 - HKCU\..\RunServices: [Zz54RWj9R] DEVOSUSR.EXE

 

O4 - HKCU\..\RunServices: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

 

Now, search for, and delete if found, (some files may not be present after previous steps) the following:

 

C:\WINDOWS\SYSTEM\svohost.exe < file

 

C:\WINDOWS\SYSTEM\P2P NETWORKING\ < folder

 

C:\WINDOWS\TEMP\QGKJWZG85.EXE < file

 

C:\Program Files\ClearSearch\ < folder

 

DCOTRL16.EXE < file

 

c:\Program Files\AutoUpdate\ < file

 

C:\PROGRAM FILES\COMMON~1\SYSTEM\MOSEARCH\ < folder

 

DEVOSUSR.EXE < file

 

C:\PROGRAM FILES\ezula\ < folder

 

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example:

 

C:\WINDOWS\Temp\

 

C:\Temp\

 

C:\Documents and Settings\username\Local Settings\Temp\

 

Also delete your Temporary Internet Files, be sure to also select "delete all offline content."

 

Empty your Recycle Bin.

 

Reboot into normal mode.

 

Proceed to the Windows Update site (see link below) download and install ALL critical updates.

 

Reboot when finished.

 

If you are not running version 1.3 of Spybot S & D, click here to download Spybot Search & Destroy v1.3 - install, update, reboot into Safe Mode, scan and fix all RED items it finds. Reboot into normal mode when done.

 

Perform a customized Ad-aware scan in Safe Mode........

 

If you do not have the latest version of Ad-aware, version 6, Build 6.181, click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then boot into Safe Mode, start the program, and click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot into normal mode when finished.

 

Next, perform online virus and Trojan scans, using the links in my signature below. Allow the programs to delete all that they may find. Reboot after each scan.

 

Scan with HijackThis and post a fresh log into this same thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0