• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0


2 posts in this topic

I have a windows XP machine that the homepage keeps going to the following address.




I comes up with a (windows flag) home search site, and then an annoying popup saying that I am infected with spyware. And then everytime I do a google search or something is opens another window with more searches.


Spybot and Ad Aware didn't touch this problem. Am a newbie at this hijackthis thing but here's the log it gave me. I tried removing the R1, R0 but it still persists and all the entries came back. I got scared with the rest and am unable to find every thing in the BHO index of the tutorial. So I'm going to try and figure this out but would appreciate someone to take a look at the log file as well, then I can stare and compare and see if I can learn to do this. Anyway heres the log file.. Thanks in advance. Ben


Logfile of HijackThis v1.97.7

Scan saved at 10:26:12 AM, on 7/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:














C:\Program Files\VERITAS Software\Update Manager\sgtray.exe



C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


C:\Documents and Settings\Owner\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fkxiy.dll/sp.html#26980

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fkxiy.dll/index.html#26980

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fkxiy.dll/index.html#26980

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fkxiy.dll/sp.html#26980

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fkxiy.dll/index.html#26980

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fkxiy.dll/sp.html#26980

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = "C:\Program Files\Outlook Express\msimn.exe"

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll

O2 - BHO: (no name) - {31BD3B6A-B937-791E-3F3E-683DD5414CF4} - C:\WINDOWS\system32\netkc32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe


O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"


O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [ipwn.exe] C:\WINDOWS\ipwn.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKLM\..\RunOnce: [javaik32.exe] C:\WINDOWS\system32\javaik32.exe

O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: MoneySide (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ejkiugdj.exe

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {D8A2A4F3-1480-48E9-9CDB-0529465E7DD0} (PatchInstaller.Installer) - file://E:\content\include\PatchInstaller.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{33EEF658-8150-4248-A32B-C5A662FD9648}: NameServer =

O17 - HKLM\System\CS1\Services\Tcpip\..\{33EEF658-8150-4248-A32B-C5A662FD9648}: NameServer =

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0