• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
adam999

Home search IE hijack

2 posts in this topic

Having a problem with Internet Explorer where the start and search pages are getting overwritten with links to DLLs on the harddrive. The URLs are of the form:

 

res://xxxxx.dll/index.html#96676

 

where xxxxx is a seemingly randomly generated 5 character string. There are constant popups regarding spyware and spyware removal tools. There is also an increasing drag on the browsing speed while IE is running, it just gets slower and slower.

 

The newest versions of Spybot S&D and AdAware were not able to get rid of the problem. Looking at the HijackThis log there appears to be a BHO that is the root of the problem along with many suspicious RunOnce entries during startup. I could start just blasting each of the entries, but I wanted to run this by the community first. I followed the FAQ, but the hijack appears to regenerate constantly.

 

Following is the hijackthis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:58:47 PM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\atlpl32.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\netdc.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\apipv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\User\My Documents\Adam's crap\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lfbcj.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lfbcj.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lfbcj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lfbcj.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lfbcj.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lfbcj.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1213B49D-9D45-A2C8-01DB-95DEB4CC99FA} - C:\WINDOWS\sdkgd.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [McAgentexe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [McUpdateexe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\netda.exe

O4 - HKLM\..\Run: [apipv.exe] C:\WINDOWS\system32\apipv.exe

O4 - HKLM\..\Run: [keimmxk] "C:\WINDOWS\System32\keimmxk.exe"

O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\RunOnce: [crln.exe] C:\WINDOWS\system32\crln.exe

O4 - HKLM\..\RunOnce: [crnl32.exe] C:\WINDOWS\crnl32.exe

O4 - HKLM\..\RunOnce: [mfcaz32.exe] C:\WINDOWS\mfcaz32.exe

O4 - HKLM\..\RunOnce: [apiyi32.exe] C:\WINDOWS\apiyi32.exe

O4 - HKLM\..\RunOnce: [sdkdk32.exe] C:\WINDOWS\sdkdk32.exe

O4 - HKLM\..\RunOnce: [sdkgx.exe] C:\WINDOWS\sdkgx.exe

O4 - HKLM\..\RunOnce: [syspz.exe] C:\WINDOWS\syspz.exe

O4 - HKLM\..\RunOnce: [msqa32.exe] C:\WINDOWS\system32\msqa32.exe

O4 - HKLM\..\RunOnce: [netbn32.exe] C:\WINDOWS\system32\netbn32.exe

O4 - HKLM\..\RunOnce: [addds32.exe] C:\WINDOWS\addds32.exe

O4 - HKLM\..\RunOnce: [syshb.exe] C:\WINDOWS\syshb.exe

O4 - HKLM\..\RunOnce: [sdkge32.exe] C:\WINDOWS\system32\sdkge32.exe

O4 - HKLM\..\RunOnce: [msyu32.exe] C:\WINDOWS\msyu32.exe

O4 - HKLM\..\RunOnce: [addoh32.exe] C:\WINDOWS\addoh32.exe

O4 - HKLM\..\RunOnce: [sysgy32.exe] C:\WINDOWS\system32\sysgy32.exe

O4 - HKLM\..\RunOnce: [sdkvg.exe] C:\WINDOWS\system32\sdkvg.exe

O4 - HKLM\..\RunOnce: [addwk32.exe] C:\WINDOWS\addwk32.exe

O4 - HKLM\..\RunOnce: [javafo32.exe] C:\WINDOWS\system32\javafo32.exe

O4 - HKLM\..\RunOnce: [mstu.exe] C:\WINDOWS\mstu.exe

O4 - HKLM\..\RunOnce: [ntxm32.exe] C:\WINDOWS\ntxm32.exe

O4 - HKLM\..\RunOnce: [d3fs32.exe] C:\WINDOWS\d3fs32.exe

O4 - HKLM\..\RunOnce: [mfcyg32.exe] C:\WINDOWS\system32\mfcyg32.exe

O4 - HKLM\..\RunOnce: [atlic.exe] C:\WINDOWS\atlic.exe

O4 - HKLM\..\RunOnce: [nttr32.exe] C:\WINDOWS\system32\nttr32.exe

O4 - HKLM\..\RunOnce: [netur32.exe] C:\WINDOWS\system32\netur32.exe

O4 - HKLM\..\RunOnce: [javaue.exe] C:\WINDOWS\system32\javaue.exe

O4 - HKLM\..\RunOnce: [javaab32.exe] C:\WINDOWS\system32\javaab32.exe

O4 - HKLM\..\RunOnce: [javays32.exe] C:\WINDOWS\javays32.exe

O4 - HKLM\..\RunOnce: [mfczb.exe] C:\WINDOWS\system32\mfczb.exe

O4 - HKLM\..\RunOnce: [crwl32.exe] C:\WINDOWS\system32\crwl32.exe

O4 - HKLM\..\RunOnce: [ieus.exe] C:\WINDOWS\system32\ieus.exe

O4 - HKLM\..\RunOnce: [atlzu.exe] C:\WINDOWS\system32\atlzu.exe

O4 - HKLM\..\RunOnce: [ipfg32.exe] C:\WINDOWS\ipfg32.exe

O4 - HKLM\..\RunOnce: [d3os32.exe] C:\WINDOWS\system32\d3os32.exe

O4 - HKLM\..\RunOnce: [netrl.exe] C:\WINDOWS\netrl.exe

O4 - HKLM\..\RunOnce: [adduw32.exe] C:\WINDOWS\adduw32.exe

O4 - HKLM\..\RunOnce: [crxp.exe] C:\WINDOWS\system32\crxp.exe

O4 - HKLM\..\RunOnce: [winoj.exe] C:\WINDOWS\system32\winoj.exe

O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe

O4 - HKLM\..\RunOnce: [d3cj32.exe] C:\WINDOWS\d3cj32.exe

O4 - HKLM\..\RunOnce: [javadj.exe] C:\WINDOWS\javadj.exe

O4 - HKLM\..\RunOnce: [appcd32.exe] C:\WINDOWS\appcd32.exe

O4 - HKLM\..\RunOnce: [ipjp.exe] C:\WINDOWS\system32\ipjp.exe

O4 - HKLM\..\RunOnce: [mfcye.exe] C:\WINDOWS\system32\mfcye.exe

O4 - HKLM\..\RunOnce: [sdkpr.exe] C:\WINDOWS\system32\sdkpr.exe

O4 - HKLM\..\RunOnce: [d3hq32.exe] C:\WINDOWS\system32\d3hq32.exe

O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\apipu32.exe

O4 - HKLM\..\RunOnce: [addli32.exe] C:\WINDOWS\system32\addli32.exe

O4 - HKLM\..\RunOnce: [sdkmm32.exe] C:\WINDOWS\sdkmm32.exe

O4 - HKLM\..\RunOnce: [winxi32.exe] C:\WINDOWS\winxi32.exe

O4 - HKLM\..\RunOnce: [ieub.exe] C:\WINDOWS\ieub.exe

O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\ieqi32.exe

O4 - HKLM\..\RunOnce: [iprg.exe] C:\WINDOWS\system32\iprg.exe

O4 - HKLM\..\RunOnce: [mfclg.exe] C:\WINDOWS\system32\mfclg.exe

O4 - HKLM\..\RunOnce: [syswz32.exe] C:\WINDOWS\system32\syswz32.exe

O4 - HKLM\..\RunOnce: [mfchv.exe] C:\WINDOWS\mfchv.exe

O4 - HKLM\..\RunOnce: [ieie32.exe] C:\WINDOWS\system32\ieie32.exe

O4 - HKLM\..\RunOnce: [netzj32.exe] C:\WINDOWS\system32\netzj32.exe

O4 - HKLM\..\RunOnce: [mfcbj.exe] C:\WINDOWS\system32\mfcbj.exe

O4 - HKLM\..\RunOnce: [d3vs32.exe] C:\WINDOWS\d3vs32.exe

O4 - HKLM\..\RunOnce: [addoo.exe] C:\WINDOWS\system32\addoo.exe

O4 - HKLM\..\RunOnce: [crhg.exe] C:\WINDOWS\system32\crhg.exe

O4 - HKLM\..\RunOnce: [atlmt.exe] C:\WINDOWS\atlmt.exe

O4 - HKLM\..\RunOnce: [netei.exe] C:\WINDOWS\system32\netei.exe

O4 - HKLM\..\RunOnce: [sysdl32.exe] C:\WINDOWS\system32\sysdl32.exe

O4 - HKLM\..\RunOnce: [atlfd32.exe] C:\WINDOWS\system32\atlfd32.exe

O4 - HKLM\..\RunOnce: [msjp.exe] C:\WINDOWS\msjp.exe

O4 - HKLM\..\RunOnce: [winie32.exe] C:\WINDOWS\winie32.exe

O4 - HKLM\..\RunOnce: [atlgk32.exe] C:\WINDOWS\system32\atlgk32.exe

O4 - HKLM\..\RunOnce: [netui.exe] C:\WINDOWS\netui.exe

O4 - HKLM\..\RunOnce: [atlpl32.exe] C:\WINDOWS\atlpl32.exe

O4 - HKLM\..\RunOnce: [addcp32.exe] C:\WINDOWS\system32\addcp32.exe

O4 - HKLM\..\RunOnce: [appkv32.exe] C:\WINDOWS\system32\appkv32.exe

O4 - HKLM\..\RunOnce: [crtz.exe] C:\WINDOWS\system32\crtz.exe

O4 - Startup: netdb.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

 

Thanks alot for any assistance you can provide.

Share this post


Link to post
Share on other sites

Unfortunately I somehow missed PGPhantom's update on this. Apparently AdAware did not have the latest update. I will follow those instructions and post the new hijacklog if the problems persist.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0