• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
JizzDizzEm

Dialer removed, is it really gone? LOG

2 posts in this topic

Hi there,

 

first time in my life I caught myself a dialer. It deleted my (I'm from Germany, her it is "DFÜ") "Dial-Up thing" and had it replaced with its own one. Anyway, I have deleted that and found a "DelUS.Bat" in my Windows Folder. I looked at it and it was supposed to delete my "svchost.exe". After I restarted I got the message "C:\Windows\mWinxpd.txt not found". I don't know what that file is or does but it IS there. It says

 

;0;100028081201130818081500100;2;0;2;0s2v0c2;0116180;110.10021

 

My HiJack log (what is the 0 behind svchost.exe?):

 

Logfile of HijackThis v1.97.7

Scan saved at 14:55:12, on 31.05.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\Programme\Sygate\SPF\smc.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Norton AntiVirus\navapsvc.exe

C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe

C:\WINDOWS\System32\SxgTkBar.exe

E:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

E:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\ctfmon.exe

E:\Programme\Active Desktop Calendar\ADC.exe

E:\Programme\Pop-Up Stopper\dpps2.exe

C:\WINDOWS\System32\javaw.exe

E:\Programme\FlashGet\flashget.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

c:\hijackthis\hijackthis.exe

E:\Programme\HiJackThis\HiJackThis.exe

c:\hijackthis\hijackthis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.btx-dtag.de:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - E:\Programme\DAP7\DAPBHO.dll

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - E:\Programme\DAP\DAPIEBar.dll (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll

O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [smcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CTSysVol] e:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] e:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sVCHOST] C:\WINDOWS\svchost.exe 0

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Programme\Active Desktop Calendar\ADC.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: Pop-Up Stopper.lnk = E:\Programme\Pop-Up Stopper\dpps2.exe

O4 - Startup: Verknüpfung mit CTCMSGo.lnk = C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP7\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Alles mit FlashGet laden - E:\Programme\FlashGet\jc_all.htm

O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP7\dapextie2.htm

O8 - Extra context menu item: Mit FlashGet laden - E:\Programme\FlashGet\jc_link.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexDE627.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6A89A1-314F-407C-998A-34136B0FB838}: NameServer = 217.237.150.97 194.25.2.129

 

Thank you in advance!

Share this post


Link to post
Share on other sites

Close all programs, tick the following for removal in HJT, and click "Fix Checked:"

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

 

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - E:\Programme\DAP7\DAPBHO.dll

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - E:\Programme\DAP\DAPIEBar.dll (file missing)

 

O4 - HKLM\..\Run: [sVCHOST] C:\WINDOWS\svchost.exe 0

 

O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP7\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP7\dapextie2.htm

 

O9 - Extra button: Run DAP (HKLM)

 

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexDE627.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

 

Reboot.

 

Find and delete the following files/folders:

 

c:\info6_s.cab

C:\WINDOWS\svchost.exe

 

Scan again with HJT and post the new log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0