• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
presleygirl

Another Newbie w/ Same Old Probs

2 posts in this topic

:gasp:

Hello! I'm a somewhat newbie to this. I have pop-ups, programs not running right, IE shutting down constantly, homepage changes, etc...

I have most current versions of Spybot, Adaware & Trojan Hunter, as well as Norton Antivirus. I've been researching this for awhile and my computer tech @ work says it's definetly a hijack. I can't seem to get it though. I have all my logs to share if someone will help me.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 5:29:03 PM, on 7/22/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\xl.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\uptodate.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\documents and settings\rhonda\local settings\temp\9Vt.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\pcs\pcsvc.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\Program Files\Netropa\OSD.exe

C:\PROGRA~1\INTERN~3\inetmgr.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe

C:\WINDOWS\System32\dbmrap.exe

C:\PROGRA~1\INTERN~3\inetsvc.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\WINDOWS\System32\ERFOSP.exe

C:\WINDOWS\System32\mcomposd.exe

C:\WINDOWS\System32\CLGNTFYS.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\dcordm.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\Program Files\MSAC-FD1\MSstat.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchcentrix.com/sidecat.jsp?p=985...722171518127001

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://rd.yahoo.com/mail_us/mailto/ymsgr/D...?.redir=ymmapi9

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} - (no file)

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)

O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~3\inetkw.dll

O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif

O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A} - C:\WINDOWS\System32\wzhelper.dll

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~2.DLL

O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll

O2 - BHO: (no name) - {62FEB166-F4BD-49CC-892C-7D37DA720380} - C:\WINDOWS\System32\xdispex.dll

O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\SYSTEM32\spoolsvv.exe -invisible

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vhttayw] C:\WINDOWS\System32\dnmiqxj.exe

O4 - HKLM\..\Run: [9Vt] C:\documents and settings\rhonda\local settings\temp\9Vt.exe

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Ahm8.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [tgrinqb] C:\WINDOWS\tgrinqb.exe

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe

O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINDOWS\System32\msiefr40.dll,DllRunServer

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"

O4 - HKLM\..\Run: [pFFf38h] dbmrap.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [ERFOSP] C:\WINDOWS\System32\ERFOSP.exe

O4 - HKLM\..\Run: [mcomposd] C:\WINDOWS\System32\mcomposd.exe

O4 - HKLM\..\Run: [CLGNTFYS] C:\WINDOWS\System32\CLGNTFYS.exe

O4 - HKLM\..\Run: [AutoLoaderpsw51KcQcJXU] "C:\WINDOWS\System32\dbmrap.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [YowpRUN8j] dcordm.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\RunOnce: [RealPlayer_update] C:\Program Files\America Online 9.0\Jiti\Real9_codec_upd.exe restart

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebws400_script0.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grs0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.yahoo.com/games/clients/y/ws1_x.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wo...be/wordcube.cab

O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab

O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949} (SomaticCAB.Setup) - http://downloads.searchcentrix.com/install/weblz.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{33E378D9-5643-41DC-BB37-273349A218DE}: NameServer = 63.245.131.21 151.164.1.8

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0