• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Spoonbeater

Plz Plz Please help me! (hjt log inside)

8 posts in this topic

I would be so greatfull if anyone here would help me! :gasp::gasp::gasp:

 

So far i have wasted a week trying to clean up my computer. Have run almost every program multiple times, Adaware, CWS shredder, antivirus scans.

 

I have 2 issues

 

1. my browser keeps getting hijacked, with the home page changed to "about:blank"

 

2. When i start my computer unconnected to the internet, I then plug in my DSL connection, then it starts randomly e-mailing like crazy

 

 

 

here is my most recent HJT log

 

Logfile of HijackThis v1.97.7

Scan saved at 16:34:18, on 10/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE

C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\d92gatkn.slt\prefs.js)

N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5CNetscapeSearch.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\d92gatkn.slt\prefs.js)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -   C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_3_0.DLL (file missing)

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} -   C:\PROGRA~1\DAP\DAPBHO.DLL (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -   C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -   C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} -   C:\PROGRA~1\FREEDO~1\FDAHLP99.DLL (file missing)

O2 - BHO: (no name) - {13E79400-7AC8-11D6-B205-00055DD1BAC0} - C:\WINDOWS\1023527481.dll

O2 - BHO: (no name) - {399354CA-BAEA-11D8-B205-000504AED438} - C:\WINDOWS\SYSTEM\CBFNL.DLL

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: BONZI.COM Web Compass - {71B8AB7E-CB3F-4471-878E-8E1DFDF49B8B} - C:\PROGRAM FILES\BONZI.COM WEB COMPASS\WEBCOMPASSBAR.DLL (file missing)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_3_0.DLL

O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR99.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\RunServices: [Mainviewex] c:\windows\system\mainviewex.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg Scheduler V3.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

 

 

 

N.B.!

 

i keep trying to remove the following enteries, but upon re-booting they re-apprear

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\CBFNL.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N2 - Netscape 6: user_pref

 

 

if you help me i will :love: you!

Share this post


Link to post
Share on other sites

You've got a relatively new strain of CWS.

 

Please download this file and unzip it to the desktop.

 

http://downloads.subratam.org/dllfix.exe

 

Open the file named "start.bat" that you extracted.

 

Press 1.

 

Please attach the file that it generates (windows.txt) to a reply in this thread.

Share this post


Link to post
Share on other sites

Download: "StartDreck" from here:

http://members.blackbox.net/hp_links/21/ni.../startdreck.htm

 

Unzip to its own folder and start the program,

 

Press 'Config'

Press 'Unmark All'

 

Check the following boxes only:

Registry -> Run Keys

System/drivers> Running processes

Press 'Ok'

 

Press 'Save' and select the location to save the log file (the default location is the same folder as the application).

 

Post the log in this thread.

Share this post


Link to post
Share on other sites

here is the log

:mellow:

StartDreck (build 2.1.5 public BETA) - 2004-06-10 @ 21:28:39

Platform: Windows 98 SE (Win 4.10.2222 A)

 

»Registry

»Run Keys

»Current User

»Run

*MessengerPlus2="C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

»RunOnce

»Default User

»Run

*MessengerPlus2="C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

»RunOnce

»Local Machine

»Run

*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun

*TaskMonitor=C:\WINDOWS\taskmon.exe

*SystemTray=SysTray.Exe

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

*nwiz=nwiz.exe /install

*Adaptec DirectCD=C:\Program Files\DirectCD\DIRECTCD.EXE

*DownloadAccelerator=C:\PROGRA~1\DAP\DAP.EXE /STARTUP

*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

*Mirabilis ICQ=C:\Program Files\ICQ\NDetect.exe

*DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033

*iamapp=C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

*Creative Launcher=C:\Program Files\Creative\Launcher\CTLauncher.exe

*AudioHQ=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

*seticlient=C:\Program Files\SETI@home\SETI@home.exe -min

*Disc Detector=C:\Program Files\Creative\ShareDLL\CtNotify.exe

*LoadQM=loadqm.exe

*HP Component Manager="C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

*HP Software Update="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

*DeviceDiscovery=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

*Symantec NetDriver Monitor=C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE

*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

*Zone Labs Client="C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"

*Installed=1

*NoChange=1

*Installed=1

*Installed=1

»RunOnce

»RunServices

*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

*nisserv=C:\Program Files\Norton Personal Firewall\NISSERV.EXE

*MessengerPlus2="C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

*Mainviewex=c:\windows\system\mainviewex.exe

*SchedulingAgent=mstask.exe

*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

»RunServicesOnce

**oym=rundll32 C:\WINDOWS\SYSTEM\RESK.DLL,StreamingDeviceSetup

»RunOnceEx

»RunServicesOnceEx

»Files

»System/Drivers

»Running Processes

*FFEF4A7D=C:\WINDOWS\SYSTEM\KERNEL32.DLL

*FFFF9D0D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE

*FFFF95F5=C:\WINDOWS\SYSTEM\SPOOL32.EXE

*FFFFFD8D=C:\WINDOWS\SYSTEM\MPREXE.EXE

*FFE06229=C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE

*FFE0B9F1=C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

*FFE0B5C5=C:\WINDOWS\SYSTEM\MSTASK.EXE

*FFE08EF9=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

*FFE0CFC1=C:\WINDOWS\RUNDLL32.EXE

*FFE07741=C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE

*FFE23959=C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE

*FFE30575=C:\WINDOWS\SYSTEM\mmtask.tsk

*FFE3CC61=C:\WINDOWS\EXPLORER.EXE

*FFE4E479=C:\WINDOWS\TASKMON.EXE

*FFE4CE39=C:\WINDOWS\SYSTEM\SYSTRAY.EXE

*FFE56F29=C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE

*FFE49A25=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

*FFE62971=C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE

*FFE546DD=C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

*FFE77E99=C:\WINDOWS\LOADQM.EXE

*FFE7543D=C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

*FFE45461=C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE

*FFE7CB25=C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

*FFEF445D=C:\WINDOWS\SYSTEM\DDHELP.EXE

*FFE88125=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

*FFE96C51=C:\WINDOWS\SYSTEM\WMIEXE.EXE

*FFEB82A1=C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

*FFEADFC5=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

*FFE4E27D=C:\MY DOCUMENTS\STARTDECK\STARTDRECK.EXE

»Application specific

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0