• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
zero123

need help removing homesearch plz!

2 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 12:21:08 AM, on 7/21/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\mapiicon.exe

C:\Documents and Settings\Administrator\My Documents\Leslie\IPGamma\IPGamma.exe

C:\WINDOWS\System32\dplaysvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

C:\WINDOWS\system32\sndvol.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zvvts.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zvvts.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zvvts.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676

O2 - BHO: (no name) - {0440569F-36A4-10C4-11A3-E6681BB55C06} - C:\WINDOWS\system32\sysfl.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ADOBE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [iphh32.exe] C:\WINDOWS\system32\iphh32.exe

O4 - HKLM\..\RunServices: [Configuration Loader] sndvol.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKLM\..\RunOnce: [iezr32.exe] C:\WINDOWS\system32\iezr32.exe

O4 - HKLM\..\RunOnce: [crxp.exe] C:\WINDOWS\crxp.exe

O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\nter32.exe

O4 - HKLM\..\RunOnce: [sysje.exe] C:\WINDOWS\system32\sysje.exe

O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\system32\d3ct.exe

O4 - HKLM\..\RunOnce: [ipmy.exe] C:\WINDOWS\system32\ipmy.exe

O4 - HKLM\..\RunOnce: [mfcro32.exe] C:\WINDOWS\system32\mfcro32.exe

O4 - HKLM\..\RunOnce: [msry32.exe] C:\WINDOWS\system32\msry32.exe

O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe

O4 - HKLM\..\RunOnce: [winpi32.exe] C:\WINDOWS\system32\winpi32.exe

O4 - HKLM\..\RunOnce: [javakn.exe] C:\WINDOWS\system32\javakn.exe

O4 - HKLM\..\RunOnce: [iexu32.exe] C:\WINDOWS\system32\iexu32.exe

O4 - HKLM\..\RunOnce: [sdkjq.exe] C:\WINDOWS\system32\sdkjq.exe

O4 - HKLM\..\RunOnce: [mfcwk32.exe] C:\WINDOWS\mfcwk32.exe

O4 - Startup: Shortcut to IPGamma.lnk = C:\Documents and Settings\Administrator\My Documents\Leslie\IPGamma\IPGamma.exe

O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research (HKLM)

O9 - Extra button: ICQ 4.0 (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll

O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12359B8B-9EF7-4DC6-8D63-CFE0E7346834}: NameServer = 203.96.152.4 203.96.152.12

O17 - HKLM\System\CS1\Services\Tcpip\..\{12359B8B-9EF7-4DC6-8D63-CFE0E7346834}: NameServer = 203.96.152.4 203.96.152.12

 

heres my hijack thingy so can the pros help?

Share this post


Link to post
Share on other sites

Hello please download About:Buster and unzip it to your desktop. Don´t run it yet.

 

How to use Ad-Aware to remove Spyware <= Please check this link for instructions on how to download, install and then use adaware. Don´t use it yet.

1 You already have Adaware installed. Make sure it's up to date. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R333 18.07.2004 or higher listed.

 

2 Print out these instructions so you have them handy as most of the steps need to be done in safe mode and you may not be able to go online.

 

3. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. This service is installed by the malware. If this service is not listed go ahead with the next step.

 

4. Reboot to Safe Mode

How to start the computer in

Safe mode

 

 

5. Make sure your PC is configured to show hidden files

 

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.

Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

Click "Apply" then "OK"

 

6.CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zvvts.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zvvts.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zvvts.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zvvts.dll/sp.html#96676

O2 - BHO: (no name) - {0440569F-36A4-10C4-11A3-E6681BB55C06} - C:\WINDOWS\system32\sysfl.dll

O4 - HKLM\..\Run: [iphh32.exe] C:\WINDOWS\system32\iphh32.exe

O4 - HKLM\..\RunServices: [Configuration Loader] sndvol.exe

O4 - HKLM\..\RunOnce: [iezr32.exe] C:\WINDOWS\system32\iezr32.exe

O4 - HKLM\..\RunOnce: [crxp.exe] C:\WINDOWS\crxp.exe

O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\nter32.exe

O4 - HKLM\..\RunOnce: [sysje.exe] C:\WINDOWS\system32\sysje.exe

O4 - HKLM\..\RunOnce: [d3ct.exe] C:\WINDOWS\system32\d3ct.exe

O4 - HKLM\..\RunOnce: [ipmy.exe] C:\WINDOWS\system32\ipmy.exe

O4 - HKLM\..\RunOnce: [mfcro32.exe] C:\WINDOWS\system32\mfcro32.exe

O4 - HKLM\..\RunOnce: [msry32.exe] C:\WINDOWS\system32\msry32.exe

O4 - HKLM\..\RunOnce: [atlik.exe] C:\WINDOWS\atlik.exe

O4 - HKLM\..\RunOnce: [winpi32.exe] C:\WINDOWS\system32\winpi32.exe

O4 - HKLM\..\RunOnce: [javakn.exe] C:\WINDOWS\system32\javakn.exe

O4 - HKLM\..\RunOnce: [iexu32.exe] C:\WINDOWS\system32\iexu32.exe

O4 - HKLM\..\RunOnce: [sdkjq.exe] C:\WINDOWS\system32\sdkjq.exe

O4 - HKLM\..\RunOnce: [mfcwk32.exe] C:\WINDOWS\mfcwk32.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe

 

 

 

7. Delete the following files if present.

C:\WINDOWS\crxp.exe

C:\WINDOWS\atlik.exe

C:\WINDOWS\mfcwk32.exe

C:\WINDOWS\nter32.exe

C:\WINDOWS\system32\zvvts.dll

C:\WINDOWS\system32\sysfl.dll

C:\WINDOWS\system32\iphh32.exe

C:\WINDOWS\system32\sndvol.exe

C:\WINDOWS\system32\iezr32.exe

C:\WINDOWS\system32\sysje.exe

C:\WINDOWS\system32\d3ct.exe

C:\WINDOWS\system32\ipmy.exe

C:\WINDOWS\system32\mfcro32.exe

C:\WINDOWS\system32\msry32.exe

C:\WINDOWS\system32\winpi32.exe

C:\WINDOWS\system32\javakn.exe

C:\WINDOWS\system32\iexu32.exe

C:\WINDOWS\system32\sdkjq.exe

C:\Program Files\Internet Explorer\a.exe

[/b]

 

 

8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

 

9. Scan with Adaware and let it remove any bad files found.

 

10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

11. Reboot to normal mode, scan again with Hijack This and post a new log here.

 

12. Finally, do an online scan HERE. Let it remove any infected files found.

 

 

Post a fresh HijackThis log and the AboutBuster report back here please.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0