• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
NetRock

Start Point---Log file

2 posts in this topic

:wave: Hi....following is my log file,

just wondering anything Susp., :wtf:

 

Please Advise... :deal:

 

thanks in advance ;)

 

Logfile of HijackThis v1.97.7

Scan saved at 12:09:50 AM, on 02/06/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\PROGRA~1\NORTON~1\NORTON~2\navapw32.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\inKline Global\PC Booster\pcbooster.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

C:\Program Files\QWDLLS.EXE

E:\AcrobatReader\Distillr\AcroTray.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

E:\HiJ--this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\AcrobatReader\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: UCmore - The Search Accelerator Toolbar - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~2\navapw32.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

O4 - Startup: UCmore XP - The Search Accelerator.lnk = ?

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = E:\Quicken2003deluxe\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QWDLLS.EXE

O4 - Global Startup: Billminder.lnk = C:\Program Files\BILLMIND.EXE

O4 - Global Startup: Acrobat Assistant.lnk = E:\AcrobatReader\Distillr\AcroTray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Win32 Classes -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7919.5084837963

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ials/ymmapi.dll

O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/viz...N-US/msorun.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.norton.com/SSC/SharedConte...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4DF39498-2F9B-4C68-BD11-2318B66DC7AE}: NameServer = 207.107.254.9 204.50.251.17

 

bye now.

Share this post


Link to post
Share on other sites

Hi NetRock, Welcome to SWI :) Apollogies for the delay, hopefully you are still with us. It's always a wise option to get a check up, since you have a few issues. Thus, please proceed...

 

Firstly, [show all hidden files].

 

It is always advisable to scan your system with NAV & Spybot S&D. You may also wish to download [Ad-Aware] if you don't already have it. Ensure that all anti-malware applications are fully upto date.

 

Re-open HijackThis, and place a tick next to the following entries and press "Fix Selected"...

 

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: UCmore - The Search Accelerator Toolbar - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll

 

This entry may be user orientated, for a web page you may have created, eg. If you are unaware of this file, it may be a virus and requires fixing...

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

 

Once these have been removed, reboot the computer into [safe Mode].

 

Now go to your Control Panel > Add/Remove Programs and check for a listing of "TheSearchAccelerator", and remove if it exists. Then locate and delete the file and directory highlighted in bold...

 

C:\WINDOWS\SYSTEM\blank.htm (if applicable)

C:\Program Files\TheSearchAccelerator

 

The following items are reported to cause problems, as stated by the text & links, so can be fixed and removed if you feel you are better off without them...

 

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

 

If you decide to do so...check Add/Remove Programs for these installations, whose directories will also need removing if the above are fixed, which should also be done whilst in Safe Mode, as above...

 

C:\Program Files\MYWAY

C:\Program Files\SpyKiller

C:\Program Files\DAP

 

Further information...(reboot to normal mode before connecting to the net)

[spykiller] - Is listed as a "bogus spyware remover" and reported to install malware as opposed to remove it.

[user opinions of Spykiller at Download.Com]

 

[MyWay Speedbar] - Is known to install or support the installation of malware. Note that this particular variant is not so problematic as others, and you may have intentionally installed it.

[symantec Removal Instructions for MyWay]

 

[Download Accellerator Plus] - Is reported to distribute Personally Identifiable Information to a remote server.

[user opinions of DAP at Download.Com]

 

 

TIP: Use [Google] to search for the exact log entry, such as "O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup" for example, and see what responders say about the presence of suspected malware in the logs shown in the Google results. This may help you decide whether to keep the above optional fixes.

 

When finished, please reboot & post back a fresh log.

Edited by Mere_Mortal

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0