• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
nemmisa

hijack log just removed 700 spyware objects and 15

8 posts in this topic

hi hope someone can help just removed loads of spyware and viruses off of a freinds computer could someone take a look at log to see what is left

 

 

Logfile of HijackThis v1.97.7

Scan saved at 21:50:45, on 15/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\WINDOWS\system32\drivers\dcfssvc.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\program files\quicktime\plugins\qttask.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\TRACEY AND EDDIE\Desktop\tracy's downloads\hijack this\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{DE09D68E-0488-4DF0-BD46-5BF35F2D1F2A} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O3 - Toolbar: Copernic Meta - {F79AD27F-8140-4E33-8B1D-C4FC6B663CCA} - C:\WINDOWS\Downloaded Program Files\CopernicMeta.dll

O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [EKRXBHO] C:\WINDOWS\EKRXBHO.exe

O4 - HKLM\..\Run: [FLSYCIP] C:\WINDOWS\FLSYCIP.exe

O4 - HKLM\..\Run: [DKQX] C:\WINDOWS\DKQX.exe

O4 - HKLM\..\Run: [QXAHOUBH] C:\WINDOWS\QXAHOUBH.exe

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: Search Using Copernic Meta - res://C:\WINDOWS\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt

O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)

O9 - Extra button: Copernic Agent (HKLM)

O9 - Extra button: Money Viewer (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Copernic Meta - file://C:\DOCUME~1\AARON\LOCALS~1\Temp\CopernicMeta0.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23b2b94751f7cd...ip/RdxIE601.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -

O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe

O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugi...ndle44v1d12.cab

Share this post


Link to post
Share on other sites

Hi, Nemmissa,

I will be glad to research these for you. I see that AVG is running. There was an update today. Was a scan run after it was updated? If not, please run the updated version.

You did not mention what programs were used to remove the spyware. Adaware had an update today, also. Please let me know if Adaware and Spybot were used.

If not, I will post instructions for both programs.

 

In addition, HijackThis this needs to be moved from the desktop to its own permanent folder. When HJT makes backups they will go into that folder. With it on the desktop, they would be scattered all over the desktop.

 

There are still several things that need to be fixed, but I will wait for your reply before giving further instructions.

Share this post


Link to post
Share on other sites

hi i used adware to clean up the spyware also used spybot which found a further 80 items but every time clicked to fix problems it crashed but have found some info on spybots website. and adware was using latest ref file and spybot latest update, updated her antivirus as my friend didn't know you had to do that (kid you not) and it found 15 trojen dialers etc which it cleaned up, i also replaced her hosts file with mvphosts as hers had redirects , i also installed her spywareblaster and opera browser her internet connection is up to speed now and her computer is running faster but still not as fast as it should do. i have a rough idea what to fix in hijack this but would just like some advice. also hijack this is in its own folder

Share this post


Link to post
Share on other sites

It sounds as if you have been busy!

Did you flush her System Restore after cleaning all her malware? We will definitely do it after this, anyway.

 

Spybot has an update today. After she gets that, please run another scan.

Then just to be safe, please have your friend run an online scan with Trendmicro's Housecall. http://www.trendmicro.com/en/home/us/enterprise.htm Sometimes Housecall finds things that other anti-virus programs don't.

 

Reboot and post a fresh HJT log. Then we can clean out some of the remnants.

Thanks.

Share this post


Link to post
Share on other sites

hi thanks for reply will try again after updating although last time spybot had a update it took a week to get it. will try the housecall website with, her should i turn off her system restore to flush it

Share this post


Link to post
Share on other sites

To flush the XP System Restore Points.

(Using XP, you must be logged in as Administrator to do this.)

 

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

 

Reboot. Go back in and turn System Restore back on. A new Restore Point will be created.

Share this post


Link to post
Share on other sites

hi thank you for reply i will try and see my freind this evening to try the house call website and see if spybot s&d can remove the last bits of spyware without crashing. although just as i thought my spybot is still not showing any updates only the teatimer help file. also none of the viruses and spyware were found in the restore so should i still flush it. also forgot to mention for ages she had a error message when starting pc about runtime libary can't remember exact message i did notice in hijack log that she has 2 entries for java runtime could this have anyting to do with her error message

Share this post


Link to post
Share on other sites

There was a security update for Sun JAVA a few months ago. The process for updating it was very specific. I can't tell from her log which version she has installed. You should be able to research that better when you know the exact error messge.

 

Regarding the System Restore. If it was not cleaned out, it might be a good idea to do it anyway, now that the computer is running better.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0