• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
hijackedpage

hijacked homepage

3 posts in this topic

hey, my hompeage has been hijacked. can anyone help?

 

my log is below:

 

Logfile of HijackThis v1.98.0

Scan saved at 05:22:16, on 30/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\CCWTUP32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

D:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE

C:\PROGRAM FILES\SAVE\SAVE.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

D:\TELEPHONE CODE LOCATOR\UKPHONE2\PHONES.EXE

C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

D:\MSCAN\MSOFFICE\PANEL.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=megad

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=megad

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.terra.es/personal7/rusgirl/s/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.terra.es/personal7/rusgirl/s/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=megad

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=megad

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Madasafish

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>

O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\SYSTEM\CGMOPENBHO.DLL

O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\sys_ext.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll

O2 - BHO: (no name) - {DAD65D01-CA47-11D8-9BAD-00C07065F825} - C:\WINDOWS\SYSTEM\ADONOFA.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [iOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"

O4 - HKLM\..\Run: [Gearbox] "D:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"

O4 - HKLM\..\Run: [RealTray] D:\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [KAZAA] D:\KAZAA.EXE /SYSTRAY

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\RunServices: [iOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\SYSTEM32\WINPROC32.EXE

O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe

O4 - Startup: CheckIt ToolBox.lnk = C:\TSC\CheckIt\ToolBox.exe

O4 - Startup: UK Phone Codes Pop Up.lnk = D:\Telephone code locator\ukphone2\phones.exe

O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\watch.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\MESSENGER\MESSENGER\YPAGER.EXE (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\MESSENGER\MESSENGER\YPAGER.EXE (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Freeserve - {934354E0-298C-11D3-9BAC-F56A5F68C051} - http://www.freeserve.net/ (file missing) (HKCU)

O12 - Plugin for .hcvm: d:\NetscapePlugin.dll

O12 - Plugin for .sgvm: d:\NetscapePlugin.dll

O18 - Filter: text/html - {DAD65D00-CA47-11D8-9BAD-00C01F295DBE} - C:\WINDOWS\SYSTEM\ADONOFA.DLL

O18 - Filter: text/plain - {DAD65D00-CA47-11D8-9BAD-00C01F295DBE} - C:\WINDOWS\SYSTEM\ADONOFA.DLL

O21 - SSODL: System - {C68DECE0-A9BE-11D8-9BAD-00C0DFF01871} - C:\WINDOWS\system32\system32.dll

Share this post


Link to post
Share on other sites

i have deleted all ths ones with about:blank in the title, but the hijacked homepage still keeps coming back

 

please can someone advise me on which ones to delete?

Edited by hijackedpage

Share this post


Link to post
Share on other sites

Before you delete anything else, Move Hijack This into its own directory (e.g. c:\HJT) so that it will backup anything you delete that you shouldn't. First, run CWShredder, Ad-Aware and Spybot S&D. I reccomend the fix detailed by BobO HERE. If you can't find the .dll file under System Hooks, I would reccomend trying the fix I posted for Windows ME (it should work in a similar fashion in 98). HERE.

 

Also, you should (as detailed in my post) be able to delete any of the entries with sp.html.

 

Let me know how it goes.

 

The Fist

Edited by The Fist

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0