• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
joejoe1978

Popup AD, can't find the probelm

4 posts in this topic

The AD pop up even I don't open any program.

The O4 in the log of "wintools.exe" and "CASTDRAW.exe"

directories don't exist.

suspect it's the problem from

O4 - Startup: plugin131_04.trace

please help and thanks

Logfile of HijackThis v1.97.7

Scan saved at 12:00:26, on 2004-6-9

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\Hummbird\inetd32.exe

E:\software\KAV2003\KAVSvc.EXE

C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARUpld32.exe

C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARMon32a.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

E:\Program Files\Network Associates\VirusScan\Mcshield.exe

E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

C:\WINNT\explorer.exe

C:\WINNT\system32\conime.exe

E:\Program Files\Web2Pop\Web2pop.exe

C:\WINNT\system32\ctfmon.exe

C:\tools\HijackThis.exe

 

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\jb6ovpqe.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\jb6ovpqe.slt\prefs.js)

O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Win Soap] C:\PROGRA~1\ONCEKI~1\CASTDRAW.exe

O4 - Startup: NTUSER.DAT

O4 - Startup: ntuser.dat.LOG

O4 - Startup: ntuser.ini

O4 - Startup: plugin131_04.trace

O4 - Startup: gsview32.ini

O4 - Global Startup: ntuser.pol

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: Deskshop (HKLM)

O9 - Extra button: Support (HKCU)

O9 - Extra button: ComcastHSI (HKCU)

O9 - Extra button: Help (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7601.3108449074

O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} (BridgeChannel) - http://channel.bridge.com/bc/java/bc_bridge_i.cab

O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stam...file=stamps.cab

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll

Share this post


Link to post
Share on other sites

anyone knows what's plugin131_04.trace

It's running and I can't stop it

Just find it's java plugin

can anyone help to read the log?

thanks a lot. It's really anoy and it pops up every minute

Edited by joejoe1978

Share this post


Link to post
Share on other sites

Hello ,

 

Download Spybot S & D

 

Ad-Aware

 

press ctrl, alt and del and end task

 

C:\WINNT\system32\conime.exe

 

Now fix the following entries in HijackThis,

 

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Win Soap] C:\PROGRA~1\ONCEKI~1\CASTDRAW.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} (BridgeChannel) - http://channel.bridge.com/bc/java/bc_bridge_i.cab

O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stam...file=stamps.cab

 

Reboot in SAFE MODE and Show Hidden Files/Folders and delete if found,

 

C:\PROGRA~1\ONCEKI~1

 

Reboot and check for updates for Spybot and run full scan. Reboot and do same for Ad-aware.

 

Reboot in normal mode and post a fresh log

 

Regards

Share this post


Link to post
Share on other sites

hi,Sup,I always use spybot and ad-aware. I already update to the latest version

and follow your instruction. But I cant stop them. I hate ADs.

here it's the new log.

the wintools and C:\PROGRA~1\ONCEKI~1 directories don't exist on my computer.

please help. :weep:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:20:40, on 2004-6-10

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\Program Files\STOPzilla!\szntsvc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\Hummbird\inetd32.exe

E:\software\KAV2003\KAVSvc.EXE

C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARUpld32.exe

C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARMon32a.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

E:\Program Files\Network Associates\VirusScan\Mcshield.exe

E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

C:\tools\HijackThis.exe

 

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\jb6ovpqe.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Joe\Application Data\Mozilla\Profiles\default\jb6ovpqe.slt\prefs.js)

O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c

O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Win Soap] C:\PROGRA~1\ONCEKI~1\CASTDRAW.exe

O4 - Startup: NTUSER.DAT

O4 - Startup: ntuser.dat.LOG

O4 - Startup: ntuser.ini

O4 - Startup: plugin131_04.trace

O4 - Startup: gsview32.ini

O4 - Global Startup: ntuser.pol

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: Deskshop (HKLM)

O9 - Extra button: Support (HKCU)

O9 - Extra button: ComcastHSI (HKCU)

O9 - Extra button: Help (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7601.3108449074

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0