• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
peepee

please help

2 posts in this topic

It seems my whole computer has been hijacked. please help. My desktop has a message that says " Warning - You are in Danger"

 

When i open my browser it has somekind of blue screen pulled from the c:

 

I also have a search at the bottom.

 

please find below my hijack log. thanks in advance for help

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:25:29 AM, on 7/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\HPConfig.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\winxc32.exe

C:\WINDOWS\System32\S3tray2.exe

C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\2Wire\Gateway\2PortalMon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Altnet\Points Manager\Points Manager.exe

C:\Program Files\DIGStream\digstream.exe

C:\WINDOWS\system32\d3mq32.exe

C:\documents and settings\owner\local settings\temp\itjPq.exe

C:\WINDOWS\System32\msrexe.exe

C:\documents and settings\owner\local settings\temp\uoD.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\dp-him.exe

C:\WINDOWS\System32\actwmi.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe

C:\WINDOWS\system32\pcs\pcsvc.exe

C:\WINDOWS\System32\Zou10Vj.exe

C:\WINDOWS\System32\UluBUa.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\adsotify.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 13 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc?u=1538 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bigbr.cc?u=1538 (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1538 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bigbr.cc?u=1538 (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1538 (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://bigbr.cc?u=1538 (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1538 (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1538 (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bigbr.cc?u=1538 (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1538 (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1538 (obfuscated)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {BF6CAF6E-44D6-FF55-6954-2A6A4605DE3B} - C:\WINDOWS\ntbn.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [d3mq32.exe] C:\WINDOWS\system32\d3mq32.exe

O4 - HKLM\..\Run: [itjPq] C:\documents and settings\owner\local settings\temp\itjPq.exe

O4 - HKLM\..\Run: [system Service] C:\WINDOWS\System32\msrexe.exe

O4 - HKLM\..\Run: [uoD] C:\documents and settings\owner\local settings\temp\uoD.exe

O4 - HKLM\..\Run: [2G#DS4D5T2FW2N] C:\WINDOWS\System32\KrwH5f.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe

O4 - HKLM\..\Run: [vsmU3tV] actwmi.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [eB58RjZpX] adsotify.exe

O4 - HKLM\..\RunOnce: [msdo.exe] C:\WINDOWS\msdo.exe

O4 - HKLM\..\RunOnce: [addfw.exe] C:\WINDOWS\system32\addfw.exe

O4 - HKLM\..\RunOnce: [winxc32.exe] C:\WINDOWS\winxc32.exe

O4 - HKLM\..\RunOnce: [addmk32.exe] C:\WINDOWS\system32\addmk32.exe

O4 - HKLM\..\RunOnce: [netsn32.exe] C:\WINDOWS\netsn32.exe

O4 - HKLM\..\RunOnce: [netkq.exe] C:\WINDOWS\netkq.exe

O4 - HKLM\..\RunOnce: [sysne32.exe] C:\WINDOWS\system32\sysne32.exe

O4 - HKLM\..\RunOnce: [winjz.exe] C:\WINDOWS\system32\winjz.exe

O4 - HKLM\..\RunOnce: [javaci32.exe] C:\WINDOWS\javaci32.exe

O4 - HKLM\..\RunOnce: [winyr.exe] C:\WINDOWS\winyr.exe

O4 - HKLM\..\RunOnce: [mfcqi.exe] C:\WINDOWS\system32\mfcqi.exe

O4 - HKLM\..\RunOnce: [sdkhv.exe] C:\WINDOWS\system32\sdkhv.exe

O4 - HKLM\..\RunOnce: [appjd32.exe] C:\WINDOWS\appjd32.exe

O4 - HKLM\..\RunOnce: [atlln.exe] C:\WINDOWS\system32\atlln.exe

O4 - HKLM\..\RunOnce: [mscu.exe] C:\WINDOWS\system32\mscu.exe

O4 - HKLM\..\RunOnce: [ieiv.exe] C:\WINDOWS\ieiv.exe

O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: PD (HKLM)

O9 - Extra button: PartyPoker.com (HKLM)

O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - DefaultPrefix: http://%62%69%67%62%72%2E%63%63?u=1525&error=

O13 - WWW Prefix: http://%62%69%67%62%72%2E%63%63?u=1525&error=

O13 - Home Prefix: http://%62%69%67%62%72%2E%63%63?u=1525&error=

O13 - Mosaic Prefix: http://%62%69%67%62%72%2E%63%63?u=1525&error=

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7870.7841666667

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hello,

 

Please print the following instructions:

 

You have a Peper infection......

 

Download Newuninst.exe. Run it and make sure you have an active internet connection while running it. Reboot and run the tool once again (again with an active internet connection).

 

Download PeperFix.exe, start it and click Find and Fix. Reboot if prompted. Boot into Safe Mode (see instructions directly below if needed) and run the tool again. Reboot into normal mode when finished.

 

Reboot into safe mode, this way:

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

You have a CWS infection. Please click here to download the newest version of CWShredder by Merijn Bellekom then run it in Safe Mode by tapping the F8 key as the computer restarts. Run the program, hitting 'fix' as opposed to 'scan only.' Reboot and then run the program a second time, again in Safe Mode. Reboot into normal mode when done.

 

If you are not running version 1.3 of Spybot S & D, click here to download Spybot Search & Destroy v1.3 - install, update, boot into Safe Mode, scan and fix all RED items it finds. Reboot into normal mode when done.

 

Perform a customized Ad-aware scan in Safe Mode........

 

If you do not have the latest version of Ad-aware, version 6, Build 6.181, click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then boot into Safe Mode, start the program, and click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot into normal mode when finished.

 

Next, perform online virus and Trojan scans, using the links in my signature below. Allow the programs to delete all that they may find. Reboot after each scan.

 

Your copy of HijackThis is outdated. Please create a new folder on the C: drive and name it C:\HJT or something similar. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select "New" then "Folder" and name it HJT. Next, click here to download the latest version of HijackThis, v1.98. Download it directly into the new folder. Delete your old copy of HijackThis.

 

Scan with HijackThis and post a fresh log into this same thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0