• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kenped

res://fjqll.dll/index.html#37680 browser Hijack

6 posts in this topic

Hi,

 

I hope someone can help me with this "small" problem,

 

My browser is been Hijacked,, And cant get rid of it,,

 

Tried Adware (licenced) spyware (freeversion) and Hijackthis! and even a CWShedder.

 

this is my Hijackthis log:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:06:54, on 19.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\server\Apache2\bin\Apache.exe

c:\server\mysql\bin\mysqld-nt.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\server\Apache2\bin\Apache.exe

C:\WINDOWS\system32\addfg.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\addjz32.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\server\Apache2\bin\ApacheMonitor.exe

C:\server\mysql\bin\winmysqladmin.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programfiler\Outlook Express\msimn.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\mIRC\mirc.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\totalcmd\TOTALCMD.EXE

C:\gj\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fjqll.dll/sp.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fjqll.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fjqll.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fjqll.dll/sp.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fjqll.dll/sp.html#37680

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fjqll.dll/index.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {B5371151-6D20-97AF-3431-B569B2AA2E2A} - C:\WINDOWS\netbn32.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN-verktøylinje - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar\01.01.1629.0\no\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [addjz32.exe] C:\WINDOWS\system32\addjz32.exe

O4 - HKLM\..\Run: [netht32.exe] C:\WINDOWS\system32\netht32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - Startup: WinMySQLadmin.lnk = C:\server\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15629e895c4b84...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

Share this post


Link to post
Share on other sites

Fixed with Hijackthis :-))) this is my log after millions of tries.. but now its not hijacked after reboot again :-)

 

Logfile of HijackThis v1.98.0

Scan saved at 12:24:54, on 19.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\server\Apache2\bin\Apache.exe

c:\server\mysql\bin\mysqld-nt.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\server\Apache2\bin\Apache.exe

C:\WINDOWS\system32\addfg.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\addjz32.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\server\Apache2\bin\ApacheMonitor.exe

C:\server\mysql\bin\winmysqladmin.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programfiler\Outlook Express\msimn.exe

C:\mIRC\mirc.exe

C:\totalcmd\TOTALCMD.EXE

C:\Documents and Settings\Ken\Skrivebord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - Startup: WinMySQLadmin.lnk = C:\server\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

Share this post


Link to post
Share on other sites

Ok its back again,, looks like it was dorment :-(

 

here is my new log:

 

Logfile of HijackThis v1.98.0

Scan saved at 14:33:50, on 19.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\server\Apache2\bin\Apache.exe

c:\server\mysql\bin\mysqld-nt.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\server\Apache2\bin\Apache.exe

C:\WINDOWS\system32\addfg.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\addjz32.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\server\Apache2\bin\ApacheMonitor.exe

C:\server\mysql\bin\winmysqladmin.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programfiler\Outlook Express\msimn.exe

C:\totalcmd\TOTALCMD.EXE

C:\Programfiler\Macromedia\Dreamweaver MX\Dreamweaver.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\mIRC\mirc.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ken\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfopv.dll/sp.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kfopv.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kfopv.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kfopv.dll/sp.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfopv.dll/sp.html#37680

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kfopv.dll/index.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ippi.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [addjz32.exe] C:\WINDOWS\system32\addjz32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - Startup: WinMySQLadmin.lnk = C:\server\mysql\bin\winmysqladmin.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\server\Apache2\bin\ApacheMonitor.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

Edited by kenped

Share this post


Link to post
Share on other sites

Hi Kenped,

 

Download About:Buster from here, http://tools.zerosrealm.com/AboutBuster.zip

Reboot your computer in safe mode, open About Buster but dont run it yet. Open Hijack This and select the following to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfopv.dll/sp.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kfopv.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kfopv.dll/index.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kfopv.dll/sp.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kfopv.dll/sp.html#37680

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kfopv.dll/index.html#37680

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {9C4476F4-0E42-FB38-94FA-E07CE7375BAD} - C:\WINDOWS\system32\ippi.dll

O4 - HKLM\..\Run: [addjz32.exe] C:\WINDOWS\system32\addjz32.exe

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

Select fix and close Hijack This.

 

Now Run About:Buster twice and let it fix whatver it finds.

 

Go to My computer and delete the following files.

C:\WINDOWS\system32\ippi.dll

C:\WINDOWS\system32\addjz32.exe

 

Also delete all files in the folders for Temporary Internet Files on all Account User names.

 

Reboot normally and post a new Hijack This log.

Share this post


Link to post
Share on other sites

Hi thanks it worked, partially :-)

 

I need to search up all the add*.* files from windows directory and under. it was a lot of dll and exe files that I needed to delete.. once that was done your fix worked :-)

 

Thanks a million :-)

 

Ken

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0