• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Sapphire

PLEASE help me!

6 posts in this topic

PLEASE CAN SOMEONE HELP ME, I DON'T KNOW WHAT TO DO!...

My browser homepage has been changed to this http://solongas.com/hp.htm?id=617 ,and I get pop ups

This is the hijack this log:

 

 

 

Logfile of HijackThis v1.98.0

Scan saved at 11:15:10, on 20/07/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\ARCHIVOS DE PROGRAMA\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE

C:\ARCHIVOS DE PROGRAMA\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\WINDOWS\EZKHJUWL.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARCHIVOS DE PROGRAMA\ACCESO A INTERNET ONO\TARIFA PLANA ONO\ONODIALERP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\MIS DOCUMENTOS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=617

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\5DZTMU5I40.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Detector de disco] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Archivos de programa\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [Creative Launcher] C:\Archivos de programa\Creative\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [WT GameChannel] C:\Archivos de programa\WildTangent\Apps\GameChannel.exe

O4 - HKLM\..\Run: [NAV Agent] C:\ARCHIV~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [japsnysj] C:\WINDOWS\ezkhjuwl.exe

O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1

O4 - HKLM\..\Run: [] c:\WINDOWS\System\

O4 - HKLM\..\Run: [CamMonitor] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System\zzb.exe

O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [Communicator] C:\ARCHIVOS DE PROGRAMA\LILO & STITCH FUN PAK\COMMUNICATOR.EXE

O4 - HKCU\..\Run: [] c:\WINDOWS\System\

O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Lanceur Pointsoft.lnk = C:\WINDOWS\HWINFO.EXE

O4 - Startup: PalNetaware.lnk = C:\Archivos de programa\Paltalk\pnetaware.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: TopGO - {14051600-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\TopGO (file missing)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YHEXBMES0411.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YHEXBMES0411.DLL

O12 - Plugin for .mp3: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mpeg: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mov: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .png: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin4.dll

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {1E5592CB-8F5B-46F8-9EA6-65C01213808A} (InstaladorBetyByte Control) - http://www.cocacola.es/cab/instaladorbetybyte.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab

O16 - DPF: GraphicalChat Application - http://www.onchat.com/ChatWorld/chat-signed-ie.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.chicasmodelos.com/ruboskizo2.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab

O16 - DPF: {47F946A1-6E7A-D03B-71FF-666ACCFD91A0} (DownloadUL Class) - http://public.searchbarcash.com/cab/024/ffteogys.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab

O19 - User stylesheet: C:\WINDOWS\Web\tips.ini

O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

Share this post


Link to post
Share on other sites

*bump*

 

Please help, it's installing me re-dialers, and it also has changed my 404 page.

 

I'm desperate, please HELP.

Share this post


Link to post
Share on other sites

Hey Sapphire,

I have the same thing on my windows ME and just found the solution for both win 98 and ME. ;D You have some variant of CoolWebSearch Trojan that's hijacking your browser. I haven't yet tried it myself (I'll do it 1st thing tomorrow morning) but there are lots of people who swear this fixed it away....

 

You can find the solution Here courtesy of 'Bob0 the great' who figured this beast out.

 

cheers, :D

G

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0