• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Takis

IE home page hijacked to http://forum.videoediting.ru/

6 posts in this topic

It gets set to this URL, hxxp://forum.videoediting.ru/, every time the pc is booted...

I've set the hosts file to point this at another ip, but I would like to get rid of it.

 

Hijackthis log:

==============================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:53:33, on 28/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AvidSDMService.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe

C:\Program Files\CA\eTrustITM\InoRpc.exe

C:\Program Files\CA\eTrustITM\InoRT.exe

C:\Program Files\CA\eTrustITM\InoTask.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Services.exe

C:\WINDOWS\system32\p2csvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe

C:\Program Files\CA\eTrustITM\realmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DoroPDFWriter\DoroServer.exe

C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Communications.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [Matrox PowerDesk 8] "c:\Program Files\Matrox Graphics Inc\PowerDesk HF\\matrox.powerdesk.exe" /silent

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Grass Valley EDIUS AntiTrial] rundll32.exe advpack.dll,LaunchINFSection gv_edius.inf, AntiTrial

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: P2 Card Manager.lnk = C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.MSI.htm

O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://192.168.1.249:19614/RtspVaPgDec.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peppas.eu

O17 - HKLM\Software\..\Telephony: DomainName = peppas.eu

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB98703E-EBDB-4872-B9B7-B007DCB4C144}: Domain = peppas.eu

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB98703E-EBDB-4872-B9B7-B007DCB4C144}: NameServer = 194.219.227.2,193.92.150.3

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = peppas.eu

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = peppas.eu

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe

O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Google Update Service (gupdate1c961306e0278b0) (gupdate1c961306e0278b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe

O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe

O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe

O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Matrox Centering Service (HF) - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Services.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: p2csvc - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 12195 bytes==========================

 

Thanks in advance for you time and effort

 

Takis

Share this post


Link to post
Share on other sites

Hi,

 

OK, let's try a simple solution first.

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread. Can you reset your homepage now? Or has the videoediting.ru one returned?

 

jedi

Share this post


Link to post
Share on other sites
Hi,

 

OK, let's try a simple solution first.

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread. Can you reset your homepage now? Or has the videoediting.ru one returned?

 

jedi

Hi Jedi,

 

After fixing with hjt, home page was reset to msn.com. Unfortunately with next reboot videoediting.ru has returned:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:11:30, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\p2csvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DoroPDFWriter\DoroServer.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Communications.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "c:\Program Files\Matrox Graphics Inc\PowerDesk HF\\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Grass Valley EDIUS AntiTrial] rundll32.exe advpack.dll,LaunchINFSection gv_edius.inf, AntiTrial
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: P2 Card Manager.lnk = C:\Program Files\Panasonic P2\Drivers\App\P2TaskTray.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.MSI.htm
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://192.168.1.249:19614/RtspVaPgDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peppas.eu
O17 - HKLM\Software\..\Telephony: DomainName = peppas.eu
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB98703E-EBDB-4872-B9B7-B007DCB4C144}: Domain = peppas.eu
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB98703E-EBDB-4872-B9B7-B007DCB4C144}: NameServer = 194.219.227.2,193.92.150.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = peppas.eu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = peppas.eu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Update Service (gupdate1c961306e0278b0) (gupdate1c961306e0278b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service (HF) - Unknown owner - c:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Services.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: p2csvc -  Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\p2csvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12725 bytes

 

Takis

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/

O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe

O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe

 

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread. Can you reset your homepage?

 

jedi

Share this post


Link to post
Share on other sites
Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/

O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe

O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe

 

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread. Can you reset your homepage?

 

jedi

 

Hi Jedi,

 

actually the offending code was the following:

O4 - HKCU\..\Run: [Grass Valley EDIUS AntiTrial] rundll32.exe advpack.dll,LaunchINFSection gv_edius.inf, AntiTrial

 

I edited the gv_edius.inf and replaced forum.videoediting.ru with my normal home page and now it's ok :D

 

Thank you very much for your time!!!

Share this post


Link to post
Share on other sites

Hi again,

 

Thanks. I'll have these entries recorded in our file databases for future reference.

 

jedi

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0