• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Snippy24

Help with my HJT log

2 posts in this topic

Computer running very, very slow. Please help...Thanks in advance

 

**I have ran adware, virus scan, and shredder before HJT scan.**

 

Logfile of HijackThis v1.97.7

Scan saved at 10:10:07 AM, on 7/27/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\WINDOWS\System32\Promon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\Sktempdm.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\haqgzt.exe

C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\AOL Companion\companion.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\jerry smith\Local Settings\Temporary Internet Files\Content.IE5\BWFOGY3Y\HijackThis[1].exe

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {0B41681E-A93E-5B24-90B9-EE0964891557} - C:\WINDOWS\System32\idpefiac.dll

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)

O2 - BHO: (no name) - {9789EE44-D366-5FC3-4238-6C89CD90A6D5} - C:\WINDOWS\System32\lurdhrwc.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

O2 - BHO: (no name) - {B34D9A31-53D3-8C98-E62F-DD2AACDC1B61} - C:\WINDOWS\System32\fxnagwkt.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {E2143D4D-6B0C-5C39-34CF-5BE6B3C7E836} - C:\WINDOWS\System32\otlucffd.dll (file missing)

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK

O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\system32\MSKernel32.vbs

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [njzfwifx] C:\WINDOWS\mdodjosd.exe

O4 - HKLM\..\Run: [bvhzxqgx] C:\WINDOWS\System32\bvhzxqgx.exe

O4 - HKLM\..\Run: [mnosjkzm] C:\WINDOWS\System32\mnosjkzm.exe

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [bitphklcimsqi] C:\WINDOWS\System32\haqgzt.exe

O4 - HKLM\..\Run: [KUJ] C:\documents and settings\jerry smith\local settings\temp\KUJ.exe

O4 - HKLM\..\Run: [8JdIC] C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [rsoi3EX] pjlinhin.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [digestw] C:\WINDOWS\System32\digestw.exe

O4 - HKLM\..\Run: [zcdlgw] C:\WINDOWS\System32\zcdlgw.exe

O4 - HKLM\..\RunServices: [Win32DLL] C:\WINDOWS\Win32DLL.vbs

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

O4 - HKCU\..\Run: [aB7sROb4R] pzjntf.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Encarta Encyclopedia (HKLM)

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)

O9 - Extra button: Define (HKLM)

O9 - Extra 'Tools' menuitem: Define (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDo

Share this post


Link to post
Share on other sites

Welcome to SWI.

Print out these instructions so you can read them while you clean your system.

 

Move Hijack This to its own folder.Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Move hijack this there. Hijack this makes backups of everything you fix, these backups are saved in the same folder the program is.

 

Now close all open windows AND browsers and check these items for HJT to fix:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {0B41681E-A93E-5B24-90B9-EE0964891557} - C:\WINDOWS\System32\idpefiac.dll

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)

O2 - BHO: (no name) - {9789EE44-D366-5FC3-4238-6C89CD90A6D5} - C:\WINDOWS\System32\lurdhrwc.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

O2 - BHO: (no name) - {B34D9A31-53D3-8C98-E62F-DD2AACDC1B61} - C:\WINDOWS\System32\fxnagwkt.dll (file missing)

O2 - BHO: (no name) - {E2143D4D-6B0C-5C39-34CF-5BE6B3C7E836} - C:\WINDOWS\System32\otlucffd.dll (file missing)

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\system32\MSKernel32.vbs

O4 - HKLM\..\Run: [njzfwifx] C:\WINDOWS\mdodjosd.exe

O4 - HKLM\..\Run: [bvhzxqgx] C:\WINDOWS\System32\bvhzxqgx.exe

O4 - HKLM\..\Run: [mnosjkzm] C:\WINDOWS\System32\mnosjkzm.exe

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [bitphklcimsqi] C:\WINDOWS\System32\haqgzt.exe

O4 - HKLM\..\Run: [KUJ] C:\documents and settings\jerry smith\local settings\temp\KUJ.exe

O4 - HKLM\..\Run: [8JdIC] C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [rsoi3EX] pjlinhin.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [digestw] C:\WINDOWS\System32\digestw.exe

O4 - HKLM\..\Run: [zcdlgw] C:\WINDOWS\System32\zcdlgw.exe

O4 - HKLM\..\RunServices: [Win32DLL] C:\WINDOWS\Win32DLL.vbs

O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

O4 - HKCU\..\Run: [aB7sROb4R] pzjntf.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

 

For TV-Media, you will need to run this Regedit:

 

Copy the entire contents inside of the QUOTE box into Notepad, hit enter to add a blank line. Then save as remove.reg (save as type: 'all files' ) to the desktop

REGEDIT4

 

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

 

 

Go to the Desktop and DoubleClick Remove.reg, hit yes on the prompt to add its contents to the Registry!

 

Please reboot into safe mode - How do I boot into "Safe" mode?

 

Go to Add/Remove Programs in the Control Panel and uninstall:

Web_Rebates

if listed.

 

 

Delete these files:

C:\WINDOWS\mdodjosd.exe

C:\WINDOWS\Win32DLL.vbs

C:\WINDOWS\System32\idpefiac.dll

C:\WINDOWS\System32\lurdhrwc.dll

C:\WINDOWS\System32\MSKernel32.vbs

C:\WINDOWS\System32\bvhzxqgx.exe

C:\WINDOWS\System32\mnosjkzm.exe

C:\WINDOWS\System32\haqgzt.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\dp-him.exe

C:\WINDOWS\System32\digestw.exe

C:\WINDOWS\System32\haqgzt.exe

C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe

C:\documents and settings\jerry smith\local settings\temp\KUJ.exe

 

Find (f3) and delete:

pzjntf.exe

pjlinhin.exe

 

Delete these folders

 

C:\Program Files\TV Media

C:\Program Files\Common Files\midaddle

c:\installer

C:\Program Files\Web_Rebates

 

 

You may need to show hidden files to delete them.How to show all hidden and system files

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.

* C:\Windows\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet

content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Then disable your system restore

 

1 Right-click My Computer, and then click Properties.

2 Click the System Restore tab.

3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.

4 Click Apply

5 this will delete all existing restore points. Click Yes to do this.

6 Click OK.

 

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0