• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Chris Kelly

Hijack this log, need help

7 posts in this topic

Hi all excuse the short message this is my 2nd time of typing a dialer keeps cutting off my connection :techsupport:

 

 

heres my log

 

Logfile of HijackThis v1.97.7

Scan saved at 02:31:11, on 13/06/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Logfile of HijackThis v1.97.7

Scan saved at 03:16:11, on 13/06/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\mqsvc.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINNT\System32\CTHELPER.EXE

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\System32\zipudl.exe

C:\WINNT\System32\RUNDLL32.EXE

C:\WINNT\system32\wintime.exe

C:\WINNT\System32\internat.exe

C:\docume~1\chris\applic~1\explore.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINNT\webshots.scr

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\Program Files\Internet Optimizer\actalert.exe

C:\Program Files\ClockSync\Sync.exe

C:\WINNT\System32\ShellExt\d.EXE

C:\Documents and Settings\Chris\Application Data\imsc.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotbot.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINNT\System32\services\2.01.00.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\CONFLICT.1\bridge.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem218.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [uswwuqfw] C:\WINNT\wnqmco.exe

O4 - HKLM\..\Run: [10746401.exe] C:\WINNT\System32\10746401.exe

O4 - HKLM\..\Run: [11300295.exe] C:\WINNT\System32\11300295.exe

O4 - HKLM\..\Run: [199526.exe] C:\WINNT\System32\199526.exe

O4 - HKLM\..\Run: [31982058.exe] C:\WINNT\System32\31982058.exe

O4 - HKLM\..\Run: [40993899.exe] C:\WINNT\System32\40993899.exe

O4 - HKLM\..\Run: [1090639.exe] C:\WINNT\System32\1090639.exe

O4 - HKLM\..\Run: [13229006.exe] C:\WINNT\System32\13229006.exe

O4 - HKLM\..\Run: [21865481.exe] C:\WINNT\System32\21865481.exe

O4 - HKLM\..\Run: [34721010.exe] C:\WINNT\System32\34721010.exe

O4 - HKLM\..\Run: [34896486.exe] C:\WINNT\System32\34896486.exe

O4 - HKLM\..\Run: [39945620.exe] C:\WINNT\System32\39945620.exe

O4 - HKLM\..\Run: [4638308.exe] C:\WINNT\System32\4638308.exe

O4 - HKLM\..\Run: [47875612.exe] C:\WINNT\System32\47875612.exe

O4 - HKLM\..\Run: [48737734.exe] C:\WINNT\System32\48737734.exe

O4 - HKLM\..\Run: [65415591.exe] C:\WINNT\System32\65415591.exe

O4 - HKLM\..\Run: [7371157.exe] C:\WINNT\System32\7371157.exe

O4 - HKLM\..\Run: [79755800.exe] C:\WINNT\System32\79755800.exe

O4 - HKLM\..\Run: [8013552.exe] C:\WINNT\System32\8013552.exe

O4 - HKLM\..\Run: [94457644.exe] C:\WINNT\System32\94457644.exe

O4 - HKLM\..\Run: [P2P Networking2] C:\WINNT\System32\P2P Networking\P2P Networking2.exe /AUTOSTART

O4 - HKLM\..\Run: [39857119.exe] C:\WINNT\System32\39857119.exe

O4 - HKLM\..\Run: [48771303.exe] C:\WINNT\System32\48771303.exe

O4 - HKLM\..\Run: [19639223.exe] C:\WINNT\System32\19639223.exe

O4 - HKLM\..\Run: [70747011.exe] C:\WINNT\System32\70747011.exe

O4 - HKLM\..\Run: [13846987.exe] C:\WINNT\System32\13846987.exe

O4 - HKLM\..\Run: [34318178.exe] C:\WINNT\System32\34318178.exe

O4 - HKLM\..\Run: [46834963.exe] C:\WINNT\System32\46834963.exe

O4 - HKLM\..\Run: [46873110.exe] C:\WINNT\System32\46873110.exe

O4 - HKLM\..\Run: [54612368.exe] C:\WINNT\System32\54612368.exe

O4 - HKLM\..\Run: [70977419.exe] C:\WINNT\System32\70977419.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [82381838.exe] C:\WINNT\System32\82381838.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [rcigmykibm] C:\WINNT\System32\zipudl.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

O4 - HKLM\..\Run: [WinTime] C:\WINNT\system32\wintime.exe

O4 - HKLM\..\Run: [ist service uninstall] C:\WINNT\mstasks2.exe /u

O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\msxmidi.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\CONFLICT.1\bridge.dll",Load

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [system Update2] c:\docume~1\chris\applic~1\taskmon.exe

O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup

O4 - HKCU\..\Run: [spyware Begone] c:\freescan\freescan.exe -FastScan

O4 - HKCU\..\Run: [system Update4] c:\docume~1\chris\applic~1\explore.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [xpsystem] C:\WINNT\System32\services\msxmidi.exe

O4 - HKCU\..\Run: [uwae] C:\Documents and Settings\Chris\Application Data\imsc.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: BT Yahoo! Sidebar (HKLM)

O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)

O9 - Extra button: Homepage (HKCU)

O9 - Extra button: BT (HKCU)

O13 - DefaultPrefix:

O13 - WWW Prefix:

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{33EA67A2-048D-45CC-B797-17B49C57102E}: NameServer = 194.72.9.44 194.74.65.85

 

Hope you can help It would be very much appreciated

 

Regards,

Chris.

Edited by Chris Kelly

Share this post


Link to post
Share on other sites

Im suffering from the a bout:blank problem :grrr:

 

here is my latest hjt log and beneath my dllfix log

 

Logfile of HijackThis v1.97.7

Scan saved at 19:12:56, on 15/06/2004

Platform: Windows 2000 SP2 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\msdtc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\System32\mqsvc.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\WINNT\System32\CTHELPER.EXE

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\System32\zipudl.exe

C:\WINNT\System32\RUNDLL32.EXE

C:\WINNT\system32\wintime.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\docume~1\chris\applic~1\explore.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINNT\webshots.scr

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Chris\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [uswwuqfw] C:\WINNT\wnqmco.exe

O4 - HKLM\..\Run: [P2P Networking2] C:\WINNT\System32\P2P Networking\P2P Networking2.exe /AUTOSTART

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [rcigmykibm] C:\WINNT\System32\zipudl.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinTime] C:\WINNT\system32\wintime.exe

O4 - HKLM\..\Run: [ist service uninstall] C:\WINNT\mstasks2.exe /u

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [system Update2] c:\docume~1\chris\applic~1\taskmon.exe

O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup

O4 - HKCU\..\Run: [system Update4] c:\docume~1\chris\applic~1\explore.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: BT Yahoo! Sidebar (HKLM)

O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)

O9 - Extra button: Homepage (HKCU)

O9 - Extra button: BT (HKCU)

O13 - DefaultPrefix:

O13 - WWW Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{33EA67A2-048D-45CC-B797-17B49C57102E}: NameServer = 194.72.9.44 194.74.65.85

 

 

DllFix:

 

 

--==***@@@ FIND-ALL' VERSION MODIFIED -6/14 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

Tue 15/06/2004

19:15

 

System Info:

 

Microsoft Windows 2000 [Version 5.00.2195]

C: "New Volume" (1469:9325) - FS:NTFS clusters:4k

Total: 61 483 933 696 [57G] - Free: 43 938 459 648 [41G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.0.2140.1 C:\WINNT\system32\notepad.exe

5.0.2140.1 C:\WINNT\notepad.exe

*Media Player version :

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;

 

 

 

Locked or 'Suspect' file(s) found...

These may be other files that Dllfix doesnt target.

If not file is listed than Dllfix may not Help.

in this case please post the contents of Windows.txt to the appinit

entry can be checked. You will find it in the dllfix folder after findall completes.

\\?\C:\WINNT\System32\D3DGE.DLL +++ File read error

\\?\C:\WINNT\System32\D3DGE.DLL +++ File read error

 

 

Scanning for main Hijacker:

 

 

Dllfix must have the Hijackerfiles in system32 to fix properly.

If there are no protocal keys text/html and text/plain

then dllfix may not work. This fix targets this type Hijack Entry.

that keeps reoccuring with different filenames.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= res://C:\WINDOWS\System32\xxxxxx.dll/sp.html (obfuscated)

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A4DEBA3-6B01-4D56-A907-B7F1BFDCC4D4}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

*Security settings for 'Windows' key:

 

If error than registry may need to be restored from option 4.

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

 

Can't open Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

 

2 - The system cannot find the file specified.

 

 

 

Much appreciated

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0