• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
*Spyware_Sucks

Ack! I keep getting taken over.

7 posts in this topic

Help please! I have been using this infected machine for a little over 2 moths now and I need help removing alot of Trojans or Spyware and a case of CWS.

 

If you could help me in anyway that would be great!

 

Heres my log

 

Logfile of HijackThis v1.97.7

Scan saved at 12:56:59 PM, on 6/8/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\dllcache\Identd.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\HPHipm11.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\hkcmd.exe

C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINNT\System32\hphmon04.exe

C:\PROGRA~1\PANICW~1\POP-UP~3\dpps2.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\PROGRA~1\Option deaf.exe

C:\Program Files\Messenger Plus! 2\MsgPlus.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

C:\Games\Steam\Steam.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijack This\hijackthis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5FE65E08-AFB2-9145-7A84-81EB76AA03CE} - C:\PROGRA~1\THUNKT~1\way media.dll (disabled by BHODemon)

O3 - Toolbar: TwoBendLocks - {135A8CDD-046C-8AC8-0870-00A6A4092E76} - C:\PROGRA~1\THUNKT~1\way media.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~3\dpps2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

O4 - HKLM\..\Run: [bIRDSTOP] C:\PROGRA~1\PROGRA~1\Option deaf.exe

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [steam] C:\Games\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: PeerGuardian_1.99b_pr7.lnk = C:\Program Files\PeerGuardian_1.99pr7\PeerGuardian_1.99b_pr7.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O9 - Extra button: AIM (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28177.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/247966bc6aaf7801d502/...ip/RdxIE601.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8128.9459027778

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28177.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab28177.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx

 

 

 

 

Thanks in advance

Share this post


Link to post
Share on other sites

You have the Peper trojan, which requires special treatment to put it out of your misery!

Please download and run this uninstaller.

 

Click on the peperfix link, and download the program. Then go off line, and run the program. It will remove the files, leaving one orphaned entry to be cleaned up with Hijack this.

 

From Add/Remove Programs, uninstall Twaintec.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {5FE65E08-AFB2-9145-7A84-81EB76AA03CE} - C:\PROGRA~1\THUNKT~1\way media.dll (disabled by BHODemon)

O3 - Toolbar: TwoBendLocks - {135A8CDD-046C-8AC8-0870-00A6A4092E76} - C:\PROGRA~1\THUNKT~1\way media.dll

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [bIRDSTOP] C:\PROGRA~1\PROGRA~1\Option deaf.exe

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/247966bc6aaf7801d502/...ip/RdxIE601.cab

Reboot and delete

 

folders

C:\Program Files\Viewpoint

C:\Program Files\THUNKT~1

C:\Program Files\PROGRA~1

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

Hi, thanks for the response! I was out of town so sorry about that but,

 

I ran PepperFix in both Safe Mode and Normal and it turned up nothing.

 

Should I still do the rest of the steps?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0