• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jmarketing

Random file executing on startup

5 posts in this topic

Every time I startup a random file loads up.

 

I Have tried Adaware and SpyBot. Even removing with HJT the process returns. If you try to terminte the procees, it terminates, but then a new random file loads.

 

Here is my HJT log...

 

Logfile of HijackThis v1.97.7

Scan saved at 3:39:35 PM, on 5/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\System32\Xhip4f.exe

C:\WINDOWS\System32\Xhip4f.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\DqcGH.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

 

None of the files in bold exist, but they show on this log. Whats up?

 

Jeremy

Share this post


Link to post
Share on other sites

Hi jmarketing

You have a peper infection.

Run this uninstaller, making sure you're on line while running it!:

http://www.zerosrealm.com/downloads/uninst.exe

 

Run it twice to be sure.

 

Then post a fresh HJT log and we`ll deal with whats left.

 

I really need to see the full log incl the 016 entries.

Edited by Phaedrus123

Share this post


Link to post
Share on other sites

oye! beaten!

 

Duplicate advice removed.

Edited by Kevin_b_er

Share this post


Link to post
Share on other sites

I ran the pepper removal tool but the file is still there...

 

Logfile of HijackThis v1.97.7

Scan saved at 4:33:47 PM, on 5/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\System32\Pcpbli06.exe

C:\WINDOWS\System32\Yfk8CM67.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\PcwakiJQ.exe

O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: AIM (HKLM)

O17 - HKLM\System\CCS\Services\Tcpip\..\{762E7DBE-864B-4BEB-A7CC-496477D360E6}: NameServer = 192.168.1.10,24.48.33.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{9863DC89-BEF4-4C5F-81D2-88A8AA5BA33C}: NameServer = 68.168.224.162,68.168.224.165

O17 - HKLM\System\CS1\Services\Tcpip\..\{762E7DBE-864B-4BEB-A7CC-496477D360E6}: NameServer = 192.168.1.10,24.48.33.3

Share this post


Link to post
Share on other sites

Run the uninstaller again, You have to be online while running it!:

 

Run it twice to be sure.

 

Then boot into safe mode, (see http://service1.symantec.com/SUPPORT/tsgen...001052409420406

and find and delete those two files:

C:\WINDOWS\System32\Pcpbli06.exe

C:\WINDOWS\System32\Yfk8CM67.exe

Its probably a good idea to clear out your temp files and your temporary internet files too.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0