• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gbcsoccer88

Where do you get the Hijackthis.log

17 posts in this topic

Please do this.

Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 12:03:47 PM, on 6/4/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe

C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Program Files\Apoint\Apntex.exe

c:\progra~1\Support.com\client\bin\tgcmd.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Greg\Desktop\Installation\HJT\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"

O4 - HKCU\..\Run: [15x4utmbbc] C:\WINDOWS\otrcisxayc.exe

O4 - HKCU\..\Run: [5rmyh9gfjl] C:\WINDOWS\sj6negrrpv.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Please be patient. We have many people needing help and not that many volunteers to provide it. Some people have been waiting much longer than you have.

A Helper will be along eventually. Sorry about the delay.

 

Please describe the problem you are having?

 

cmonster1978 is not a member of a helping group, see http://www.spywareinfoforum.com/index.php?showtopic=148

Share this post


Link to post
Share on other sites

O thats fine. I didnt know there was a waiting list or something like that, and all help i receive i will welcome with open arms. Thanx. I'm sry for being a lil pushy.

Share this post


Link to post
Share on other sites

This thing changes my home page to www.msn.com. I'm afraid it will harm my computer. I would also like to get stronger spyware protection or something like that, but I'm a rookie at this stuff. Thats why I am having a hard time. Thanx for helping me out cnm

Share this post


Link to post
Share on other sites

OK this looks like a fairly simple fix.

 

You have a CoolWebSearch infection (awebfind.biz).

Download and run http://www.spywareinfo.com/~merijn/files/CWShredder.exe

from its own folder.

Click Fix and then Next, let it fix everything it asks about.

Run it a second time just in case.

 

Scan again with HijackThis, tick the box next to this and click Fix checked.

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

 

Then reboot and post another log....

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 12:43:49 PM, on 6/4/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe

C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

C:\Documents and Settings\Greg\Desktop\Installation\HJT\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"

O4 - HKCU\..\Run: [15x4utmbbc] C:\WINDOWS\otrcisxayc.exe

O4 - HKCU\..\Run: [5rmyh9gfjl] C:\WINDOWS\sj6negrrpv.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Looks much better.

 

Tick and fix these:

O4 - HKCU\..\Run: [15x4utmbbc] C:\WINDOWS\otrcisxayc.exe

O4 - HKCU\..\Run: [5rmyh9gfjl] C:\WINDOWS\sj6negrrpv.exe

 

After fix and reboot,

find and delete those files if possible.

Make sure you are set to show hidden files and folders:

Show Hidden Files and Folders

 

Please let us know what the situation is now.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 1:16:15 PM, on 6/4/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe

C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\ScanSpyware v3.5\Scanner.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

C:\Documents and Settings\Greg\Desktop\Installation\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

 

 

Hey. Thanks a bunch. You dont know how much I appriciate it. Thanx for putting up with me and I'm sry I was pushy before. Before you go, do you know how i can prevent it from happening again? And also what happens if the problem persists?

 

thanks it seemed to have worked.

Share this post


Link to post
Share on other sites

You need to update your IE 6 to the latest version 6.0.2800.

 

You would do well to install a firewall - I don't think you have one?

Be sure to keep your antivirus updated.

 

Here are my standard additional recommendations.

 

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

http://www.wilderssecurity.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

IE-SPYAD

Share this post


Link to post
Share on other sites

Everything ok now? If so we will close this thread.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0