• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kripau2000

res://uxhuf.dll/index.html#96676

5 posts in this topic

i've had this problem for days....can someone help me???

here is my hijack this log

 

Logfile of HijackThis v1.98.0

Scan saved at 4:23:27 PM, on 7/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\iemu32.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\System32\sxvhost.exe

C:\WINDOWS\system32\atlnm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uxhuf.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {C710E428-2D83-FC41-D629-5B6F55DC1BD2} - C:\WINDOWS\sdkzm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [apizd32.exe] C:\WINDOWS\system32\apizd32.exe

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\Run: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe

O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe

O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\sdkzn.exe

O4 - HKLM\..\RunOnce: [netre.exe] C:\WINDOWS\netre.exe

O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe

O4 - HKLM\..\RunOnce: [iesb.exe] C:\WINDOWS\iesb.exe

O4 - HKLM\..\RunOnce: [iemu32.exe] C:\WINDOWS\system32\iemu32.exe

O4 - HKLM\..\RunOnce: [appsk.exe] C:\WINDOWS\appsk.exe

O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\mskm32.exe

O4 - HKLM\..\RunOnce: [ipev.exe] C:\WINDOWS\system32\ipev.exe

O4 - HKLM\..\RunOnce: [iexp.exe] C:\WINDOWS\iexp.exe

O4 - HKLM\..\RunOnce: [ipnw.exe] C:\WINDOWS\system32\ipnw.exe

O4 - HKLM\..\RunOnce: [apibr.exe] C:\WINDOWS\apibr.exe

O4 - HKLM\..\RunOnce: [ntqn.exe] C:\WINDOWS\ntqn.exe

O4 - HKLM\..\RunOnce: [iefg.exe] C:\WINDOWS\system32\iefg.exe

O4 - HKLM\..\RunOnce: [ntvf.exe] C:\WINDOWS\ntvf.exe

O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe

O4 - HKLM\..\RunOnce: [sysdq32.exe] C:\WINDOWS\sysdq32.exe

O4 - HKLM\..\RunOnce: [iprb.exe] C:\WINDOWS\iprb.exe

O4 - HKLM\..\RunOnce: [ipkw.exe] C:\WINDOWS\system32\ipkw.exe

O4 - HKLM\..\RunOnce: [mseo32.exe] C:\WINDOWS\mseo32.exe

O4 - HKLM\..\RunOnce: [apigo.exe] C:\WINDOWS\apigo.exe

O4 - HKLM\..\RunOnce: [apirw.exe] C:\WINDOWS\system32\apirw.exe

O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINDOWS\system32\apipx32.exe

O4 - HKLM\..\RunOnce: [addtt.exe] C:\WINDOWS\system32\addtt.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{83C37521-2258-4E52-94D5-1CBED124D094}: NameServer = 210.14.16.5 202.57.125.1

Share this post


Link to post
Share on other sites
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uxhuf.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {C710E428-2D83-FC41-D629-5B6F55DC1BD2} - C:\WINDOWS\sdkzm.dll

 

O4 - HKLM\..\Run: [apizd32.exe] C:\WINDOWS\system32\apizd32.exe

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\Run: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe

O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe

O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\sdkzn.exe

O4 - HKLM\..\RunOnce: [netre.exe] C:\WINDOWS\netre.exe

O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe

O4 - HKLM\..\RunOnce: [iesb.exe] C:\WINDOWS\iesb.exe

O4 - HKLM\..\RunOnce: [iemu32.exe] C:\WINDOWS\system32\iemu32.exe

O4 - HKLM\..\RunOnce: [appsk.exe] C:\WINDOWS\appsk.exe

O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\mskm32.exe

O4 - HKLM\..\RunOnce: [ipev.exe] C:\WINDOWS\system32\ipev.exe

O4 - HKLM\..\RunOnce: [iexp.exe] C:\WINDOWS\iexp.exe

O4 - HKLM\..\RunOnce: [ipnw.exe] C:\WINDOWS\system32\ipnw.exe

O4 - HKLM\..\RunOnce: [apibr.exe] C:\WINDOWS\apibr.exe

O4 - HKLM\..\RunOnce: [ntqn.exe] C:\WINDOWS\ntqn.exe

O4 - HKLM\..\RunOnce: [iefg.exe] C:\WINDOWS\system32\iefg.exe

O4 - HKLM\..\RunOnce: [ntvf.exe] C:\WINDOWS\ntvf.exe

O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe

O4 - HKLM\..\RunOnce: [sysdq32.exe] C:\WINDOWS\sysdq32.exe

O4 - HKLM\..\RunOnce: [iprb.exe] C:\WINDOWS\iprb.exe

O4 - HKLM\..\RunOnce: [ipkw.exe] C:\WINDOWS\system32\ipkw.exe

O4 - HKLM\..\RunOnce: [mseo32.exe] C:\WINDOWS\mseo32.exe

O4 - HKLM\..\RunOnce: [apigo.exe] C:\WINDOWS\apigo.exe

O4 - HKLM\..\RunOnce: [apirw.exe] C:\WINDOWS\system32\apirw.exe

O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINDOWS\system32\apipx32.exe

O4 - HKLM\..\RunOnce: [addtt.exe] C:\WINDOWS\system32\addtt.exe

Hi kripau,

 

1. Download CWShredder, but don't use it now.

 

2. Tick all above in HijackThis, close all windows except HijackTis and click Fix Checked.

 

3. Run CWShredder now

 

4. Reboot into safe mode and delete:

the files:

C:\WINDOWS\sdkzm.dll

C:\WINDOWS\system32\apizd32.exe

C:\WINDOWS\system32\atlnm.exe

 

Use the computers' search engine to find "sxvhost.exe" (Watch the spelling!) and delete this file.

 

5. Go to some of the online scans listed in my sig and run a full scan.

 

6. Now reboot, make a new log and post it here.

Edited by H@ns

Share this post


Link to post
Share on other sites

H@ns, Please see The various helper groups here. Do join the team if you want to post help, we'd love to have you with us. :)

 

Also, a special fix is required for this variant of CWS so please join the Boot Camp and learn more about it.

Edited by LineOFire

Share this post


Link to post
Share on other sites

You are the third today :D

 

Thanks anyway :bounce:

 

edit: i've already post a request for the Boot Camp, still waiting for response :cool:

Edited by H@ns

Share this post


Link to post
Share on other sites

Hello Kripau2000

 

Download this tool called AboutBuster from here: http://www.downloads.subratam.org/AboutBuster.zip or here: http://malwarebytes.biz/AboutBuster.zip

 

Unzip it to your desktop but don't run it yet.

 

You may find it helpful to print out these instructions.

 

Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

 

Install the program and launch it.First, in the main window, look in the bottom right corner and click on Check for updates now Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R332 12.07.2004 or higher listed. Next, we need to configure Ad-aware for a full scan but do not scan yet.

 

icon11.gif Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

  • Automatically save log-file
  • Automatically quarantine objects prior to removal
  • Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

  • Scan Within Archives
  • Scan Active Processes
  • Scan Registry
  • Deep Scan Registry
  • Scan my IE favorites for banned URL’s
  • Scan my Hosts file
  • Under Click here to select drives + folders, choose:
  • All of your hard drives

icon11.gif Click on the Advanced button on the left and select:

  • Include additional process information
  • Include additional file information
  • Include environment information
  • Include additional object details

icon11.gif Click the Tweak button and select:

  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile

    [*]Under the Cleaning Engine:

    • Let Windows remove files in use at next reboot

icon11.gif Click on Proceed to save the settings.

 

icon11.gif Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

  • Use Custom Scanning Options

[*]Select proceed to save your settings and close the program.

 

Make sure your PC is configured to show hidden files. Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK"

 

Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uxhuf.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uxhuf.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uxhuf.dll/index.html#96676

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {C710E428-2D83-FC41-D629-5B6F55DC1BD2} - C:\WINDOWS\sdkzm.dll

 

O4 - HKLM\..\Run: [apizd32.exe] C:\WINDOWS\system32\apizd32.exe

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\Run: [atlnm.exe] C:\WINDOWS\system32\atlnm.exe

O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe

O4 - HKLM\..\RunOnce: [mfcye32.exe] C:\WINDOWS\mfcye32.exe

O4 - HKLM\..\RunOnce: [sdkzn.exe] C:\WINDOWS\sdkzn.exe

O4 - HKLM\..\RunOnce: [netre.exe] C:\WINDOWS\netre.exe

O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe

O4 - HKLM\..\RunOnce: [iesb.exe] C:\WINDOWS\iesb.exe

O4 - HKLM\..\RunOnce: [iemu32.exe] C:\WINDOWS\system32\iemu32.exe

O4 - HKLM\..\RunOnce: [appsk.exe] C:\WINDOWS\appsk.exe

O4 - HKLM\..\RunOnce: [mskm32.exe] C:\WINDOWS\mskm32.exe

O4 - HKLM\..\RunOnce: [ipev.exe] C:\WINDOWS\system32\ipev.exe

O4 - HKLM\..\RunOnce: [iexp.exe] C:\WINDOWS\iexp.exe

O4 - HKLM\..\RunOnce: [ipnw.exe] C:\WINDOWS\system32\ipnw.exe

O4 - HKLM\..\RunOnce: [apibr.exe] C:\WINDOWS\apibr.exe

O4 - HKLM\..\RunOnce: [ntqn.exe] C:\WINDOWS\ntqn.exe

O4 - HKLM\..\RunOnce: [iefg.exe] C:\WINDOWS\system32\iefg.exe

O4 - HKLM\..\RunOnce: [ntvf.exe] C:\WINDOWS\ntvf.exe

O4 - HKLM\..\RunOnce: [appzu.exe] C:\WINDOWS\system32\appzu.exe

O4 - HKLM\..\RunOnce: [sysdq32.exe] C:\WINDOWS\sysdq32.exe

O4 - HKLM\..\RunOnce: [iprb.exe] C:\WINDOWS\iprb.exe

O4 - HKLM\..\RunOnce: [ipkw.exe] C:\WINDOWS\system32\ipkw.exe

O4 - HKLM\..\RunOnce: [mseo32.exe] C:\WINDOWS\mseo32.exe

O4 - HKLM\..\RunOnce: [apigo.exe] C:\WINDOWS\apigo.exe

O4 - HKLM\..\RunOnce: [apirw.exe] C:\WINDOWS\system32\apirw.exe

O4 - HKLM\..\RunOnce: [apipx32.exe] C:\WINDOWS\system32\apipx32.exe

O4 - HKLM\..\RunOnce: [addtt.exe] C:\WINDOWS\system32\addtt.exe

 

(After checkmarking all the above, then press *fix checked* in HJT. Close HijackThis.)

 

Now reboot your computer and start in safe mode. To do this, press the F8 key repeatedly as the computer starts up until you see a menu screen (if Windows starts normally, restart it again). Use the arrow keys to highlight "Safe Mode" and press Enter. For further information on safe mode click here

 

and delete the following files if present.

 

Do NOT delete any files other than those named exactly as listed, if found. Do not be tempted to delete files with a similar name as malware can mimic legitimate file names with a slight misspelling.

 

C:\WINDOWS\system32\apizd32.exe

C:\WINDOWS\system32\atlnm.exe

C:\WINDOWS\System32\sxvhost.exe

C:\WINDOWS\mfcye32.exe

C:\WINDOWS\sdkzn.exe

C:\WINDOWS\netre.exe

C:\WINDOWS\winal32.exe

C:\WINDOWS\iesb.exe

C:\WINDOWS\system32\iemu32.exe

C:\WINDOWS\appsk.exe

C:\WINDOWS\mskm32.exe

C:\WINDOWS\system32\ipev.exe

C:\WINDOWS\iexp.exe

C:\WINDOWS\system32\ipnw.exe

C:\WINDOWS\apibr.exe

C:\WINDOWS\ntqn.exe

C:\WINDOWS\system32\iefg.exe

C:\WINDOWS\ntvf.exe

C:\WINDOWS\system32\appzu.exe

C:\WINDOWS\iprb.exe

C:\WINDOWS\system32\ipkw.exe

C:\WINDOWS\mseo32.exe

C:\WINDOWS\apigo.exe

C:\WINDOWS\system32\apirw.exe

C:\WINDOWS\system32\apipx32.exe

C:\WINDOWS\system32\addtt.exe

 

Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or word pad and save as a .txt file). Then click OK to run aboutbuster.exe again, make a copy of that report also.

 

Scan with Ad-aware When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

 

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

Reboot to normal mode, Go to TrendMicro and perform an online virus scan. Let it fix anything that it finds. Do the same at Pandasoftware.

 

Scan again with HijackThis and post a new log here along with the two reports from AboutBuster.

 

******

 

NOTE: Two possibly three files may have been deleted from your computer by the hijacker and may need to be replaced. Check to see if these are missing.

[*]Control.exe

[*]hosts (with no extension)

[*]SDHelper.dll (if you are using Spybot Search & Destroy)

 

If control. exe is missing

Go here: http://www.spywareinfo.com/~merijn/winfiles.html#control

and download the version of control.exe for your operating system. If you are running Windows 95/98/98SE/ME: copy it to C:\WINDOWS

Windows 2000, copy it to c:\winnt\system32\.

For Windows XP, copy it to c:\windows\system32\.

 

Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip

Press 'Restore Original Hosts' and press 'OK'

Exit Program.

Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

 

If SDHelper.dll is missing, replace it here:

URL=http://www.spywareinfo.com/~merijn/winfiles.html#sdhelper

and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

........................................................

Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended here:

http://www.spywareinfo.com/articles/hijacked/prevent.php

ActiveX controls and plug-ins

 

    * Download signed ActiveX controls (Prompt)

    * Download unsigned ActiveX controls (Disable)

    * Initialize and script ActiveX controls not marked as safe (Disable)

    * Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)

    * Script ActiveX controls marked safe for scripting (Prompt)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0