• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
captainjy

Please explain mis-tyed URLs

7 posts in this topic

Ok, I can go to www.msn.com, but if I go to www.msn.cim, I am taken to smartname.com. What controls this? I am just not sure if I have been hijacked. I have posted about this before and no one has answered. Please help. TIA!

Share this post


Link to post
Share on other sites

You have been hijacked!

 

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Thanks for the reply. Here is what HiJackThis found. Some of the things listed look suspicious, but are legit such as rmctrl.exe, which is from PowerDVD, WLTRYSVC.EXE, which is my network card, bcmwltry.exe which is my wireless tray, BCMSMMSG.exe, which is my modem. I don't see anything that looks too serious, but maybe you can. Appreciate your help!

 

Logfile of HijackThis v1.97.7

Scan saved at 11:14:02 PM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rmctrl.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Temporary Internet Files\Content.IE5\8T2309Y3\HijackThis[1].exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.com/

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8149.9834953704

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = federation.com

O17 - HKLM\Software\..\Telephony: DomainName = federation.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{247AA290-D065-47B6-8D06-919020438F15}: NameServer = 4.2.2.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0852B6-9AF3-4027-9230-2373B88831BC}: Domain = FEDERATION.COM

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0852B6-9AF3-4027-9230-2373B88831BC}: NameServer = 4.2.2.2

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = federation.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = federation.com

Share this post


Link to post
Share on other sites

You are running Hijack this from a temporary folder. Before we fix anything, please make a permanent folder on your drive, such as c:\HJT, and move the program into it. This will ensure that any backups are available if needed.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = federation.com

O17 - HKLM\Software\..\Telephony: DomainName = federation.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{2D0852B6-9AF3-4027-9230-2373B88831BC}: Domain = FEDERATION.COM

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = federation.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = federation.com

Reboot after fixing.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites
FEDERATION.COM is my home domain.

If so, the other O17 entries seem to be the wrong ones. It was just that anything pointing to Grand Cayman seemed to be the more probable culprit. The 4.2.2.2 and 4.2.2.3 entries refer to Level 3 communications. If not your ISP, fix them.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0