• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Mrwizard00

Work Machine all messed up!

4 posts in this topic

I need your help with a machine at my workplace. Its all messed up. Here is my log file. Everyone was such a huge help on my home machine, I hope you can help with this one.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 1:20:58 AM, on 6/17/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\PCAMGT.EXE

C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHOST32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\CLOCKTICK\CLOCKTICK.EXE

C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE

C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.can-data.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ACT!

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.can-data.net/

R3 - Default URLSearchHook is missing

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL

O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)

O2 - BHO: (no name) - {8A2FDAD3-F72B-5373-7AAB-C8F75FD4AB1A} - C:\windows\system\nbcrlxgr.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINDOWS\3_0_1browserhelper3.dll (file missing)

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)

O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - (no file)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL

O3 - Toolbar: FWN Toolbar - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} - C:\WINDOWS\SYSTEM\FWNTOOLBAR.DLL (file missing)

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [<H] c:\WINDOWS\System\<HEAD>

O4 - HKLM\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>

O4 - HKLM\..\Run: [</H] c:\WINDOWS\System\</HTML>

O4 - HKLM\..\Run: [<B] c:\WINDOWS\System\<BODY>

O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.

O4 - HKLM\..\Run: [] c:\WINDOWS\System\

O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from

O4 - HKLM\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKLM\..\Run: [</B] c:\WINDOWS\System\</BODY>

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [pcAnywhere Agent] C:\Program Files\Symantec\pcAnywhere\pcamgt.exe

O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [<H] c:\WINDOWS\System\<HEAD>

O4 - HKCU\..\Run: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\Run: [</H] c:\WINDOWS\System\</HTML>

O4 - HKCU\..\Run: [<B] c:\WINDOWS\System\<BODY>

O4 - HKCU\..\Run: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.

O4 - HKCU\..\Run: [] c:\WINDOWS\System\

O4 - HKCU\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\Run: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\Run: [</B] c:\WINDOWS\System\</BODY>

O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\RunServices: [<H] c:\WINDOWS\System\<HEAD>

O4 - HKCU\..\RunServices: [ <TITLE>Error</TI] c:\WINDOWS\System\ <TITLE>Error</TITLE>

O4 - HKCU\..\RunServices: [</H] c:\WINDOWS\System\</HTML>

O4 - HKCU\..\RunServices: [<B] c:\WINDOWS\System\<BODY>

O4 - HKCU\..\RunServices: [The site you have requested doesn't ex] c:\WINDOWS\System\The site you have requested doesn't exist.

O4 - HKCU\..\RunServices: [] c:\WINDOWS\System\

O4 - HKCU\..\RunServices: [The associated domain name has probably been reserved by a client ] c:\WINDOWS\System\The associated domain name has probably been reserved by a client from

O4 - HKCU\..\RunServices: [<A HREF="http://www.gandi.net/">GANDI</A> then par] c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then parked.

O4 - HKCU\..\RunServices: [</B] c:\WINDOWS\System\</BODY>

O4 - Startup: ClockTick.lnk = C:\Program Files\ClockTick\clocktick.exe

O4 - Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Startup: Event Reminder.lnk = c:\PROGRA~1\MINDSC~1\PRINTM~1\PMREMIND.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37887.136099537

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = CAN-NY

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.2.2,64.204.31.24

 

 

Thanks Much everyone!!

Share this post


Link to post
Share on other sites

I work for a place that sends emergency messages by computer so any help is greatly appreciated to get this machine fixed.

 

Thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0