• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
lpulsifer

i-explore hijack?

7 posts in this topic

I have done the steps listed and read some of the other posts, but I am confused about which items within my log are ok to delete, and which running processes are ok to delete or "fix" (not computer illiterate, just programming illiterate :) Any help would be greatly appreciated.

 

CORRECTION: that's and i-lookup hijack

 

 

Logfile of HijackThis v1.97.7

Scan saved at 5:09:40 PM, on 6/9/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\WINDOWS\DELAYRUN.EXE

C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\HPZTSB09.EXE

C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE

C:\PROGRAM FILES\CREATIVE\SHARED FILES\CAMTRAY.EXE

C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE

C:\WINDOWS\MWSVM.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\SYSTEM\CDSM32.DLL

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\PNEL.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINDOWS\SYSTEM\WINDEC32.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

O4 - HKLM\..\Run: [pmr] C:\Program Files\Common Files\Presentia\pmr.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [srjkdllrh] C:\WINDOWS\SYSTEM\bpgdjnrx.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe

O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

O4 - HKCU\..\RunServices: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

O4 - Startup: America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

O15 - Trusted Zone: *.smartforce.com

O15 - Trusted Zone: http://*.windowsupdate.com

O15 - Trusted Zone: http://owa.se.usar.army.mil

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsnet.org/dcmsvc/redist/sun/jinstall-win.cab

Edited by lpulsifer

Share this post


Link to post
Share on other sites

Hi lpulsifer,

 

Close all Internet Explorer and Windows Explorer windows

 

Please check and fix these entries:

  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  • R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\SYSTEM\CDSM32.DLL
  • O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINDOWS\SYSTEM\WINDEC32.DLL
  • O4 - HKLM\..\Run: [pmr] C:\Program Files\Common Files\Presentia\pmr.exe
  • O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
  • O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
  • O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
  • O4 - HKCU\..\RunServices: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

Then fallow these steps:

  • Reboot into safe mode
  • Find and delete:
    • C:\WINDOWS\SYSTEM\CDSM32.DLL
    • C:\WINDOWS\SYSTEM\WINDEC32.DLL
    • C:\Program Files\Common Files\Presentia\pmr.exe
    • C:\Program Files\Common Files\Presentia\ (folder)
    • C:\Program Files\Common Files\slmss\slmss.exe
    • C:\Program Files\Common Files\slmss\ (folder)
    • C:\WINDOWS\fash.exe
    • C:\WINDOWS\SYSTEM\msmc.exe

    [*]Reboot into normal mode

    [*]Run Hijackthis and post a new log in a new post

Edited by [Red]

Share this post


Link to post
Share on other sites

i removed the files as you stated and this is the new log, what's next?? :)

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:10:33 PM, on 6/9/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\WINDOWS\DELAYRUN.EXE

C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE

C:\WINDOWS\SYSTEM\HPZTSB09.EXE

C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.1\MOUSE32A.EXE

C:\WINDOWS\MWSVM.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE

C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL

O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK TOTALACCESS\PNEL.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe

O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

O4 - HKLM\..\Run: [srjkdllrh] C:\WINDOWS\SYSTEM\bpgdjnrx.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe

O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

O4 - Startup: America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

O15 - Trusted Zone: *.smartforce.com

O15 - Trusted Zone: http://*.windowsupdate.com

O15 - Trusted Zone: http://owa.se.usar.army.mil

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_03) - https://port1.dcmsnet.org/dcmsvc/redist/sun/jinstall-win.cab

Share this post


Link to post
Share on other sites

Hi again lpulsifer,

 

Well your log looks clean. So the "next" thing to do is enjoy your spyware free days while they are there.

 

Please think about using one or all of these programs to help fight spyware:

  • Bazooka Spyware Scanner
  • Ad-aware
  • Spybot S&D
  • SpywareGaurd

Share this post


Link to post
Share on other sites

There still seem to be some issues though, like why do I still have 37 running processes at startup that were never there before, I usually avg'd about 12-15, maybe this was just a coincedence but my machine, though running better than yesterday, is still far from where it was at on Sun :unsure: *sighs* I appreciate your help, it was farther than i was getting before that, thank you

Share this post


Link to post
Share on other sites

Hi yet again lpulsifer,

 

I think I found some of the problems you are having.

 

Please check and fix these entries:

  • O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
  • O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

An optional but recommended disabling:

  • O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Once you have fixed those entries, optional one or not, please fallow these steps:

  • Reboot into safe mode
  • Find and delete:
    • C:\WINDOWS\mwsvm.exe
    • C:\WINDOWS\SYSTEM\msmc.exe

    [*]Reboot into normal mode

    [*]Post a new log in a new post

    • Please post how your system is runing since this change with the new log

Share this post


Link to post
Share on other sites

The main original infection was CWS and it would be a good idea to run CWShredder to make sure it is actually gone.... Download it from my links and run it with your browser closed... Choose to fix and see if it finds anything to fix...

 

Then reboot and run only HJT, leave all other windows and browsers closed. You may want to print this first so you have it to refer to.... Mark/fix:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O4 - HKLM\..\Run: [srjkdllrh] C:\WINDOWS\SYSTEM\bpgdjnrx.exe

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe

 

And unless you are certain that these sites can be trusted, they need to be fixed... Items in this section have complete access to mess with your computer:

 

O15 - Trusted Zone: *.smartforce.com

O15 - Trusted Zone: http://*.windowsupdate.com

O15 - Trusted Zone: http://owa.se.usar.army.mil

 

Then you will also need to find and remove this in addtition to the ones already noted:

 

C:\WINDOWS\SYSTEM\bpgdjnrx.exe

 

Then reboot and run only HJT, open your browser after you save the log and then post it here...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0