• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jkzml

Norton's still identifying issues

4 posts in this topic

I have a machine that has become over-populated with spyware. A few days ago, the machine would shut itself down after working to open a web page. Pop up ads would clutter the screen and the machine would freeze.

 

Adaware and Spybot have both been run on this machine. All entries found on those scans have been removed. A Norton's scan is still finding several files that are considered threats. The machine is running much better, but there is a real lag on start-up. I counted 80 items in the startup list.

 

Here is the hijack this log file.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:29:34 PM, on 6/4/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\webshots.scr

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

C:\Documents and Settings\JY\Desktop\spybot\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [yzirip] C:\WINDOWS\yzirip.exe

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\Run: [judyd] C:\WINDOWS\judyd.exe

O4 - HKLM\..\Run: [uzmlkzqf] C:\WINDOWS\uzmlkzqf.exe

O4 - HKLM\..\Run: [wlqfof] C:\WINDOWS\wlqfof.exe

O4 - HKLM\..\Run: [mpgnyr] C:\WINDOWS\mpgnyr.exe

O4 - HKLM\..\Run: [tizwnix] C:\WINDOWS\tizwnix.exe

O4 - HKLM\..\Run: [sfknov] C:\WINDOWS\sfknov.exe

O4 - HKLM\..\Run: [vqxuf] C:\WINDOWS\vqxuf.exe

O4 - HKLM\..\Run: [wrsjqdwn] C:\WINDOWS\wrsjqdwn.exe

O4 - HKLM\..\Run: [qryxef] C:\WINDOWS\qryxef.exe

O4 - HKLM\..\Run: [bib] C:\WINDOWS\bib.exe

O4 - HKLM\..\Run: [zyn] C:\WINDOWS\zyn.exe

O4 - HKLM\..\Run: [pyfkv] C:\WINDOWS\pyfkv.exe

O4 - HKLM\..\Run: [gbozyx] C:\WINDOWS\gbozyx.exe

O4 - HKLM\..\Run: [rsdodgh] C:\WINDOWS\rsdodgh.exe

O4 - HKLM\..\Run: [ydibwfer] C:\WINDOWS\ydibwfer.exe

O4 - HKLM\..\Run: [lebit] C:\WINDOWS\lebit.exe

O4 - HKLM\..\Run: [cpkdkx] C:\WINDOWS\cpkdkx.exe

O4 - HKLM\..\Run: [spudcp] C:\WINDOWS\spudcp.exe

O4 - HKLM\..\Run: [qxcnwf] C:\WINDOWS\qxcnwf.exe

O4 - HKLM\..\Run: [tkfafad] C:\WINDOWS\tkfafad.exe

O4 - HKLM\..\Run: [faxapcl] C:\WINDOWS\faxapcl.exe

O4 - HKLM\..\Run: [jmtuxgp] C:\WINDOWS\jmtuxgp.exe

O4 - HKLM\..\Run: [uzkfyfun] C:\WINDOWS\uzkfyfun.exe

O4 - HKLM\..\Run: [stktwjyr] C:\WINDOWS\stktwjyr.exe

O4 - HKLM\..\Run: [lwh] C:\WINDOWS\lwh.exe

O4 - HKLM\..\Run: [rqrkp] C:\WINDOWS\rqrkp.exe

O4 - HKLM\..\Run: [knct] C:\WINDOWS\knct.exe

O4 - HKLM\..\Run: [qvyt] C:\WINDOWS\qvyt.exe

O4 - HKLM\..\Run: [adwtibun] C:\WINDOWS\adwtibun.exe

O4 - HKLM\..\Run: [mdqd] C:\WINDOWS\mdqd.exe

O4 - HKLM\..\Run: [qxadehgh] C:\WINDOWS\qxadehgh.exe

O4 - HKLM\..\Run: [arexwrah] C:\WINDOWS\arexwrah.exe

O4 - HKLM\..\Run: [lqd] C:\WINDOWS\lqd.exe

O4 - HKLM\..\Run: [wbmj] C:\WINDOWS\wbmj.exe

O4 - HKLM\..\Run: [tehob] C:\WINDOWS\tehob.exe

O4 - HKLM\..\Run: [fir] C:\WINDOWS\fir.exe

O4 - HKLM\..\Run: [iryn] C:\WINDOWS\iryn.exe

O4 - HKLM\..\Run: [lepgvet] C:\WINDOWS\lepgvet.exe

O4 - HKLM\..\Run: [ivcnclid] C:\WINDOWS\ivcnclid.exe

O4 - HKLM\..\Run: [jmlsn] C:\WINDOWS\jmlsn.exe

O4 - HKLM\..\Run: [yxovwxgv] C:\WINDOWS\yxovwxgv.exe

O4 - HKLM\..\Run: [evwfsdqp] C:\WINDOWS\evwfsdqp.exe

O4 - HKLM\..\Run: [befcn] C:\WINDOWS\befcn.exe

O4 - HKLM\..\Run: [upazyv] C:\WINDOWS\upazyv.exe

O4 - HKLM\..\Run: [rmxkt] C:\WINDOWS\rmxkt.exe

O4 - HKLM\..\Run: [dov] C:\WINDOWS\dov.exe

O4 - HKLM\..\Run: [vatqpqx] C:\WINDOWS\vatqpqx.exe

O4 - HKLM\..\Run: [sdijknoh] C:\WINDOWS\sdijknoh.exe

O4 - HKLM\..\Run: [utmhixal] C:\WINDOWS\utmhixal.exe

O4 - HKLM\..\Run: [hmvojuf] C:\WINDOWS\hmvojuf.exe

O4 - HKLM\..\Run: [qbmzgrwv] C:\WINDOWS\qbmzgrwv.exe

O4 - HKLM\..\Run: [japql] C:\WINDOWS\japql.exe

O4 - HKLM\..\Run: [ubon] C:\WINDOWS\ubon.exe

O4 - HKLM\..\Run: [dgvgfsn] C:\WINDOWS\dgvgfsn.exe

O4 - HKLM\..\Run: [erinsjkn] C:\WINDOWS\erinsjkn.exe

O4 - HKLM\..\Run: [ctetot] C:\WINDOWS\ctetot.exe

O4 - HKLM\..\Run: [qtwdon] C:\WINDOWS\qtwdon.exe

O4 - HKLM\..\Run: [ixgrez] C:\WINDOWS\ixgrez.exe

O4 - HKLM\..\Run: [hsx] C:\WINDOWS\hsx.exe

O4 - HKLM\..\Run: [mrahcpoh] C:\WINDOWS\mrahcpoh.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

 

Thanks in advance..

Share this post


Link to post
Share on other sites

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [yzirip] C:\WINDOWS\yzirip.exe

O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\Run: [judyd] C:\WINDOWS\judyd.exe

O4 - HKLM\..\Run: [uzmlkzqf] C:\WINDOWS\uzmlkzqf.exe

O4 - HKLM\..\Run: [wlqfof] C:\WINDOWS\wlqfof.exe

O4 - HKLM\..\Run: [mpgnyr] C:\WINDOWS\mpgnyr.exe

O4 - HKLM\..\Run: [tizwnix] C:\WINDOWS\tizwnix.exe

O4 - HKLM\..\Run: [sfknov] C:\WINDOWS\sfknov.exe

O4 - HKLM\..\Run: [vqxuf] C:\WINDOWS\vqxuf.exe

O4 - HKLM\..\Run: [wrsjqdwn] C:\WINDOWS\wrsjqdwn.exe

O4 - HKLM\..\Run: [qryxef] C:\WINDOWS\qryxef.exe

O4 - HKLM\..\Run: [bib] C:\WINDOWS\bib.exe

O4 - HKLM\..\Run: [zyn] C:\WINDOWS\zyn.exe

O4 - HKLM\..\Run: [pyfkv] C:\WINDOWS\pyfkv.exe

O4 - HKLM\..\Run: [gbozyx] C:\WINDOWS\gbozyx.exe

O4 - HKLM\..\Run: [rsdodgh] C:\WINDOWS\rsdodgh.exe

O4 - HKLM\..\Run: [ydibwfer] C:\WINDOWS\ydibwfer.exe

O4 - HKLM\..\Run: [lebit] C:\WINDOWS\lebit.exe

O4 - HKLM\..\Run: [cpkdkx] C:\WINDOWS\cpkdkx.exe

O4 - HKLM\..\Run: [spudcp] C:\WINDOWS\spudcp.exe

O4 - HKLM\..\Run: [qxcnwf] C:\WINDOWS\qxcnwf.exe

O4 - HKLM\..\Run: [tkfafad] C:\WINDOWS\tkfafad.exe

O4 - HKLM\..\Run: [faxapcl] C:\WINDOWS\faxapcl.exe

O4 - HKLM\..\Run: [jmtuxgp] C:\WINDOWS\jmtuxgp.exe

O4 - HKLM\..\Run: [uzkfyfun] C:\WINDOWS\uzkfyfun.exe

O4 - HKLM\..\Run: [stktwjyr] C:\WINDOWS\stktwjyr.exe

O4 - HKLM\..\Run: [lwh] C:\WINDOWS\lwh.exe

O4 - HKLM\..\Run: [rqrkp] C:\WINDOWS\rqrkp.exe

O4 - HKLM\..\Run: [knct] C:\WINDOWS\knct.exe

O4 - HKLM\..\Run: [qvyt] C:\WINDOWS\qvyt.exe

O4 - HKLM\..\Run: [adwtibun] C:\WINDOWS\adwtibun.exe

O4 - HKLM\..\Run: [mdqd] C:\WINDOWS\mdqd.exe

O4 - HKLM\..\Run: [qxadehgh] C:\WINDOWS\qxadehgh.exe

O4 - HKLM\..\Run: [arexwrah] C:\WINDOWS\arexwrah.exe

O4 - HKLM\..\Run: [lqd] C:\WINDOWS\lqd.exe

O4 - HKLM\..\Run: [wbmj] C:\WINDOWS\wbmj.exe

O4 - HKLM\..\Run: [tehob] C:\WINDOWS\tehob.exe

O4 - HKLM\..\Run: [fir] C:\WINDOWS\fir.exe

O4 - HKLM\..\Run: [iryn] C:\WINDOWS\iryn.exe

O4 - HKLM\..\Run: [lepgvet] C:\WINDOWS\lepgvet.exe

O4 - HKLM\..\Run: [ivcnclid] C:\WINDOWS\ivcnclid.exe

O4 - HKLM\..\Run: [jmlsn] C:\WINDOWS\jmlsn.exe

O4 - HKLM\..\Run: [yxovwxgv] C:\WINDOWS\yxovwxgv.exe

O4 - HKLM\..\Run: [evwfsdqp] C:\WINDOWS\evwfsdqp.exe

O4 - HKLM\..\Run: [befcn] C:\WINDOWS\befcn.exe

O4 - HKLM\..\Run: [upazyv] C:\WINDOWS\upazyv.exe

O4 - HKLM\..\Run: [rmxkt] C:\WINDOWS\rmxkt.exe

O4 - HKLM\..\Run: [dov] C:\WINDOWS\dov.exe

O4 - HKLM\..\Run: [vatqpqx] C:\WINDOWS\vatqpqx.exe

O4 - HKLM\..\Run: [sdijknoh] C:\WINDOWS\sdijknoh.exe

O4 - HKLM\..\Run: [utmhixal] C:\WINDOWS\utmhixal.exe

O4 - HKLM\..\Run: [hmvojuf] C:\WINDOWS\hmvojuf.exe

O4 - HKLM\..\Run: [qbmzgrwv] C:\WINDOWS\qbmzgrwv.exe

O4 - HKLM\..\Run: [japql] C:\WINDOWS\japql.exe

O4 - HKLM\..\Run: [ubon] C:\WINDOWS\ubon.exe

O4 - HKLM\..\Run: [dgvgfsn] C:\WINDOWS\dgvgfsn.exe

O4 - HKLM\..\Run: [erinsjkn] C:\WINDOWS\erinsjkn.exe

O4 - HKLM\..\Run: [ctetot] C:\WINDOWS\ctetot.exe

O4 - HKLM\..\Run: [qtwdon] C:\WINDOWS\qtwdon.exe

O4 - HKLM\..\Run: [ixgrez] C:\WINDOWS\ixgrez.exe

O4 - HKLM\..\Run: [hsx] C:\WINDOWS\hsx.exe

O4 - HKLM\..\Run: [mrahcpoh] C:\WINDOWS\mrahcpoh.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

 

Reboot when done, rescan with HJT and post a new log here for a final check over.

Share this post


Link to post
Share on other sites

Daemon,

Thank you for the direction. I had only one item that was still present after running the fix. I rebooted to safe mode and ran the utility one more time. The log is clear of all of the items.

 

Once again, thanks for the help.

 

Until we meet again...

Share this post


Link to post
Share on other sites

You're welcome - glad to help :D

 

As this problem has been resolved the topic will be closed. If you need this topic reopened, please click here to email the moderating team - be sure to include the address of the thread and the name you posted under.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0