• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Maggie3788

Please Help!

4 posts in this topic

I ran Hijack This and these are my results, I know that I probably shouldn't just erase all of these things, or "fix them", but I don't know which ones to get rid of, please help! These are my results...

 

 

Logfile of HijackThis v1.97.7

Scan saved at 12:35:09 AM, on 5/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Kazaa Lite K++\KazaaLite.kpp

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Owner\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4AC22FF0-B6B7-2688-1011-1FEA6A45E7E5} - C:\WINDOWS\System32\ekwaopdi.dll

O2 - BHO: (no name) - {50DCBDD0-6905-B3CD-C42A-884D8129B7D0} - C:\WINDOWS\System32\hszsiqkp.dll

O2 - BHO: (no name) - {54F88AB9-9F7B-45F6-F2D9-B3E32501F2A0} - C:\WINDOWS\System32\hsozffwi.dll

O2 - BHO: (no name) - {9D986DAE-3BC1-208B-5D64-67AEE7DBF297} - C:\WINDOWS\System32\nyhjubdt.dll

O2 - BHO: (no name) - {AE2BCE0C-C358-849B-2EBF-0114ECAF3F0B} - C:\WINDOWS\System32\vmfodxjz.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Owner\Application Data\DownloadPlus.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/co...ng/Coloring.ocx

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d...all/xscan53.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_01) - http://www.hayboonet.com/CFIDE/classes/cf-j2re-win.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7922.5755439815

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.8.11/ttinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2C66E67-2ED7-49D1-9143-21F01D5E3E35}: NameServer = 205.188.146.146

 

 

 

***This is all really confusing to me and hope someone can help, you can e-mail me back with any help! Thanks

Edited by Maggie3788

Share this post


Link to post
Share on other sites

Hello,

 

First, let me say it would be helpful to know what sort of problems you're having. However, a look at your HJT log did show several items that should be fixed.

Many will recommend placing HJT on the root drive (Usually C:\). When you run HijackThis from this folder and have it "Fix checked" it will create a backup file of modifications to use if restore is necessary. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New -> Folder and name it HJT. For illustrated instructions, click How to create a new folder on C: Drive.

 

With HJT in it's new location, run a new scan and check-mark the following items:

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: (no name) - {4AC22FF0-B6B7-2688-1011-1FEA6A45E7E5} - C:\WINDOWS\System32\ekwaopdi.dll

 

O2 - BHO: (no name) - {50DCBDD0-6905-B3CD-C42A-884D8129B7D0} - C:\WINDOWS\System32\hszsiqkp.dll

 

O2 - BHO: (no name) - {54F88AB9-9F7B-45F6-F2D9-B3E32501F2A0} - C:\WINDOWS\System32\hsozffwi.dll

 

O2 - BHO: (no name) - {9D986DAE-3BC1-208B-5D64-67AEE7DBF297} - C:\WINDOWS\System32\nyhjubdt.dll

 

O2 - BHO: (no name) - {AE2BCE0C-C358-849B-2EBF-0114ECAF3F0B} - C:\WINDOWS\System32\vmfodxjz.dll

 

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Owner\Application Data\DownloadPlus.exe

 

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

 

The following entries are OPTIONAL, or known resource hogs, and can contribute to overall computer slowdown. Please read the description following each and check mark for "fixing" (or follow instructions for disabling) according to your needs.

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<---Available via Start->Programs

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background<---Available via Start->Programs

 

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl<---Available via Start->Programs

 

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

 

Please double check your list and WITH ALL OTHER WINDOWS CLOSED, fix checked, then reboot.

 

Restart in Safe Mode.

To start your computer in Safe Mode: please follow these instructions. (WinXP)

 

Wile in Safe Mode, please delete the following files/folders, if present:

 

C:\Documents and Settings\Owner\Application Data\DownloadPlus.exe<---Delete DownloadPlus.exe only, not the "Application Data" folder.

 

You may need to have the "Show hidden files and folders" feature enabled.

To enable this feature:

1. On the Tools menu in Windows Explorer, click Folder Options.

2. Click the View tab.

3.. Under Hidden files and folders, click Show hidden files and folders.

 

Note: To access Windows Explorer, click Start, point to All Programs, and then click Windows Explorer

 

Reboot and run a new HJT scan. Please post results back here for me to check.

 

Note: P2P filesharing programs such as Kazaa Lite, while very popular, are also very dangerous. Some experts report that almost half of the files available contain malware of one kind or another.

Downloading copywrited material (music, video, software etc.) is also illegal.You may want to consider one of the pay-per-download sites instead.

 

Once your computer is free of malware I suggest you download

Ad-Aware and Spybot - Search & Destroy.

 

It is very important to UPDATE the reference files for BOTH of these programs before you run them the first time, then frequently thereafter to ensure the very latest in detection and removal.

Click here for instructions on updating and how to use these programs.

 

Running Ad-Aware and SpyBot S&D on a regular basis (I do it twice a week) will go a long way in keeping your computer malware free.

 

To help prevent further infections, I recommend, and use, SpywareBlaster, and IE-SPYAD. SpywareBlaster blocks bad ActiveX

and malevolent cookies. IE-SPYAD puts over 4000 sites in

your restricted zone so you'll be protected when you visit

innocent-looking sites that aren't actually innocent at all.

 

Both are very small free programs that you run once, then just

update frequently.

 

Many recommend (as I do) that a firewall should be installed

and used. Here are two popular free firewalls.

ZoneAlarm and

Sygate Personal Firewall.

 

Also, please see

So how did I get infected in the first place?

 

George

Edited by SpotCheckBilly

Share this post


Link to post
Share on other sites

George,

Thank you so much! I did the scan after "fixing" the things you told me to and doing everything else you asked. These are my results...

Logfile of HijackThis v1.97.7

Scan saved at 5:32:04 PM, on 5/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\My Documents\HijackThis.exe

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/co...ng/Coloring.ocx

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d...all/xscan53.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.0_01) - http://www.hayboonet.com/CFIDE/classes/cf-j2re-win.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7922.5755439815

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.8.11/ttinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2C66E67-2ED7-49D1-9143-21F01D5E3E35}: NameServer = 205.188.146.146

 

***Another problem, I have this computer networked with another one that is downstairs, I'm having the same problems downstairs and was wondering if by fixing them on this computer everything will be fixed down there, or what do I need to do. Thanks again for you help!

Share this post


Link to post
Share on other sites

Hello,

 

The new log looks good to me.

 

Another problem, I have this computer networked with another one that is downstairs, I'm having the same problems downstairs and was wondering if by fixing them on this computer everything will be fixed down there, or what do I need to do. Thanks again for you help!

 

You should run HJT on that computer, too, and post the results. Both machines should be clean, or the possibility of each reinfectibg the other could occur.

 

Good luck,=)

 

George

Edited by SpotCheckBilly

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0