• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
geneva

HijackThis-Log file analysis

2 posts in this topic

PGPPhantom,

 

Thank you so much for directions how to get my log file. I hope you can help me with it.

 

Here is what I have got:

 

ogfile of HijackThis v1.97.7

Scan saved at 2:45:23 PM, on 7/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\Dit.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\iFinger\iFinger.exe

C:\WINDOWS\DitExp.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\slrundll.exe

C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE

C:\Documents and Settings\Janos\Local Settings\Temporary Internet Files\Content.IE5\WW8HSVET\HijackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: iFinger - {1624F640-49AC-11D3-8ABD-00C04FA95EE0} - C:\PROGRA~1\iFinger\IFINGE~1.DLL

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Begone] C:\freescan\freescan.exe -FastScan

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: iFinger.lnk = C:\Program Files\iFinger\iFinger.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: AOL Toolbar (HKLM)

O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: iFinger (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{414F83F0-2ACC-47C5-ABC6-55E19F8CD4BE}: NameServer = 198.81.17.134

 

Thank you again.

Geneva

Share this post


Link to post
Share on other sites

Hi geneva

 

Save HijackThis in a convenient permanent folder such as C:\HJT - the program will make backups and you don't want them scattered around.

 

Go to add\remove - find & remove:

WinTools

 

 

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present:

WToolsA.exe

WSup.exe

WToolsS.exe

 

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked.

Make sure all browser and all Windows Explorer windows are closed before fixing

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=40

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=40

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <-----optional

 

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE <-----resource hog

 

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE <-----resource hog

 

NOTE.........even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

 

Make sure you can view hidden and system files: Instructions here

 

Then Boot to safe mode: Instructions here

 

Delete the following files\folder IF still present:

 

C:\Program Files\Common Files\WinTools <------folder

 

Then reboot and use AdAware as described :

HERE

 

Spybot S&D

The download for Spybot S&D is available here: http://www.computercops.biz/downloads-file-108.html

 

Install by double-clicking on the downloaded file.

Run Spybot S&D from desktop icon or Start menu.

Press "Search for updates" button to get list of updates available.

Press "Download updates" button.

Close all IE windows and close & restart Spybot S&D.

Press "Check for problems" button.

Have SpyBot remove all it marks in red by pressing "Fix selected problems".

 

Close Spybot S&D, reboot your system .

 

Then browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it.

Then browse to the C:\Windows\Temp folder and delete all files in it.

Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

 

Then Disable system restore: Instructions here

Reboot

 

Enable System Restore.

 

Pls. post another log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0