• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Louisa77

NEED MAJOR HELP ASAP PLEASE READ!

17 posts in this topic

hey guys im very computer illiterate and i need help. i think i have some virus or spyware problems or something bc anytime i try to log onto the internet it shuts me down immediately. so what i did was did a norton update which i was able to do before it shut me down but this virus RUNDLL message keeps coming up and i have this all about searching toolbar crap and i cant get it off. i dont know how long the comp will let me type before shutting off again.

 

can someone PLEASE HELP ME.

Share this post


Link to post
Share on other sites

hey guys im very computer illiterate and i need help. i think i have some virus or spyware problems or something bc anytime i try to log onto the internet it shuts me down immediately. so what i did was did a norton update which i was able to do before it shut me down but this virus RUNDLL message keeps coming up and i have this all about searching toolbar crap and i cant get it off. i dont know how long the comp will let me type before shutting off again.

 

can someone PLEASE HELP ME.

Share this post


Link to post
Share on other sites

can anyone help me on what to delete with this log?

 

Logfile of HijackThis v1.97.7

Scan saved at 8:42:26 PM, on 05/25/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\System32\svchost.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\SYSTEM32\qttask.exe

C:\windows\system32\pcs\pcsvc.exe

C:\HP Scanjet 3300c\hpupdate.exe

C:\CFGSAFE\AUTOCHK.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\AIM95\aim.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

C:\windows\system32\ntvdm.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\AXWFC068\hjtlog[1].exe

c:\hijackthis\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll

O1 - Hosts: 207.36.196.189 auto.search.msn.com

O1 - Hosts: 207.36.196.189 search.netscape.com

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx

O3 - Toolbar: Less Defy Fork - {6AD5FCD8-437C-2CAB-A9A7-FC0117D25F6D} - C:\PROGRA~1\GRAMAI~1\Dogcash.dll

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7813.9611921296

O16 - DPF: {A587DAFF-DE03-4721-90CD-44BA8F047A03} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136

Share this post


Link to post
Share on other sites

Try booting in safe mode (hold F8 when you start your computer untill you see a menu) if you are using XP choose safemode with networking. There you should not be bothered with the virus and can do what you want( or should be able to) if you are using XP go run housecall at housecall.trendmicro.com and remove all it finds. Get spybot at www.safer-networking.org and adaware www.lavasoftusa.com and update then, then run them and remove all they find. After also run CWShredder just to be safe from www.spywareinfo.com/~merijn and if you still have problems post a hijackthis log, get it at the same place as CWShredder.

Edited by ghost2003

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 8:42:26 PM, on 05/25/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\System32\svchost.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\SYSTEM32\qttask.exe

C:\windows\system32\pcs\pcsvc.exe

C:\HP Scanjet 3300c\hpupdate.exe

C:\CFGSAFE\AUTOCHK.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\AIM95\aim.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

C:\windows\system32\ntvdm.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\AXWFC068\hjtlog[1].exe

c:\hijackthis\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll

O1 - Hosts: 207.36.196.189 auto.search.msn.com

O1 - Hosts: 207.36.196.189 search.netscape.com

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx

O3 - Toolbar: Less Defy Fork - {6AD5FCD8-437C-2CAB-A9A7-FC0117D25F6D} - C:\PROGRA~1\GRAMAI~1\Dogcash.dll

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7813.9611921296

O16 - DPF: {A587DAFF-DE03-4721-90CD-44BA8F047A03} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136

Share this post


Link to post
Share on other sites

i can't get these toolbars off my PC and im not sure how to do it with that hijack this stuff. can anyone here please help me?

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 1:10:43 PM, on 07/26/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\qttask.exe

C:\windows\system32\pcs\pcsvc.exe

C:\HP Scanjet 3300c\hpupdate.exe

C:\CFGSAFE\AUTOCHK.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\AIM95\aim.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

C:\windows\System32\svchost.exe

C:\windows\system32\ntvdm.exe

C:\Program Files\Kazaa\kazaa.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

c:\progra~1\intern~1\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\8HMRCXIJ\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: (no name) - {84E1134F-517B-084B-9374-E37153BC7635} - C:\PROGRA~1\GRAMAI~1\LONG BLEH.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [uploadMagsBlueVga] C:\Documents and Settings\All Users\Application Data\Army idol upload mags\Store Bind.exe

O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat.soapoperadigest.com/Java/cfs31235.cab

O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136

O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)

O20 - AppInit_DLLs: APITRAP.DLL

Share this post


Link to post
Share on other sites

Hi Louisa77,

 

Welcome to the forums. I'm taking a look at your log. I'll post a reply ASAP.

 

picard.

Share this post


Link to post
Share on other sites

Hello Louisa77,

 

You might want to print this page, it will act as a checklist and as a reference for when you close browser windows.

 

First I'd like you to download all critical patches for your operating system and Internet Explorer. An unpatched system will always be vulnerable to attack.

http://v4.windowsupdate.microsoft.com/en/default.asp.

 

Next, I'd recommend getting at least a couple of online scans. Let them fix whatever they find.

 

http://housecall.trendmicro.com/housecall/start_corp.asp

http://www.pandasoftware.com/activescan/co...n_principal.htm

http://www.bitdefender.com/scan/licence.php

 

Now, I'd like you to download a couple of free programs that will help to clean your system up.

 

Download and Install Spybot S&D, accepting the Default Settings

(Please ensure you have version 1.3 final.)

Home - The home of Spybot-S&D!: http://www.safer-networking.org/

Here is a nice Tutorial http://www.safer-networking.org/index.php?page=tutorial

 

Go to Start > Programs >Spybot - Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D

Click the button to ‘Search for Updates’ and download and install the Updates.

Next click the button ‘Check for Problems’

 

When Spybot is complete, it will be showing 'RED' entries ‘BLACK’ entries and ‘GREEN’ entries in the window

Ensure there is a check mark beside the RED entries ONLY.

Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

 

REBOOT.

 

 

Ad-Aware:(standard version is free)

(please ensure you have version 6 build 6. 181)

Downloads - Support - Lavasoft#free:http://www.lavasoftusa.com/support/download/

Ad-Aware tutorial http://www.lavahelp.com/howto/fullscan/index.html

 

The following explains how to set Ad-aware settings to perform a "Full Scan."

And some settings that should be made prior to using the first time.

Click on the World icon, select Connect and let Ad-Aware get the latest reference file.

 

Click the Gear to go to the Settings area.

The following items should be on a green check, not on a red X.

Under the Scanning button:

Scan within archives

 

Under Memory & Registry, Check EVERYTHING

 

In Check Drives & Folders, make sure all of your hard drives are selected

 

Under the Tweak button...

Some of these may not be an available option, depending on your version of Ad-aware and your version of Windows. Do not be concerned if you cannot select a certain item.

 

In Scanning Engine:

Unload recognized processes during scanning

 

In Cleaning Engine:

Allow unloading explorer to unload shell extensions prior to deletion

Let Windows remove files in use at next reboot

 

UNCHECK Automatically try to unregister objects prior to deletion

 

Click Proceed to save these settings.

Now press "check for updates Now" Always check before scanning.

Click start [x] choose use default scanning options

click next and let it fix anything it finds

 

Reboot.

 

Lastly, please move HiJackThis to a permanent folder. I use C:\HiJackThis, but feel free to use any folder name you choose. Run HiJackThis and post a fresh log file.

 

picard.

Share this post


Link to post
Share on other sites

i tried to do what u asked and this is my log. i hope you can help me.

 

Logfile of HijackThis v1.98.0

Scan saved at 1:56:20 PM, on 07/29/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\SYSTEM32\qttask.exe

C:\windows\system32\pcs\pcsvc.exe

C:\HP Scanjet 3300c\hpupdate.exe

C:\CFGSAFE\AUTOCHK.EXE

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE

C:\Program Files\AIM95\aim.exe

c:\progra~1\intern~1\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

C:\windows\System32\svchost.exe

C:\windows\system32\ntvdm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThisNEW..exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm.../www.google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dilzmwlbgzvseazgcraypfjt.com/wQ26Lg...ylCGjkxbj/1.jpg

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Program Files\Sqwire\s.dll (file missing)

O2 - BHO: (no name) - {84E1134F-517B-084B-9374-E37153BC7635} - C:\PROGRA~1\GRAMAI~1\MANAGERDUPE.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pcsv] C:\windows\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [hp Update 3300C] C:\HP Scanjet 3300c\hpupdate.exe 3300C+

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE

O4 - HKLM\..\Run: [grim this] C:\PROGRA~1\MP3OOZ~1\Dart idle load.exe

O4 - HKLM\..\Run: [uploadMagsBlueVga] C:\Documents and Settings\All Users\Application Data\Army idol upload mags\Programford.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSMNT.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat.soapoperadigest.com/Java/cfs31235.cab

O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6DD73F-8A35-4291-9326-253E69ECBA2B}: NameServer = 206.47.244.111 206.47.244.136

O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)

O20 - AppInit_DLLs: APITRAP.DLL

Share this post


Link to post
Share on other sites

Hi Louisa77,

 

Just to let you know, I'm not ignoring you. But as you can see, the forums are really busy.

As a trainee, I have to wait for approval from a moderator before I post and they are even busier than the rest of the forum.

 

picard.

 

*Edit for content

Edited by picard_uk

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0