• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
smiddleton

PC has been hijacked!

2 posts in this topic

Here is my Hijack This log, please help! I ran CWshredder and that helped most of my problems, but my home default page is still http://213.159.117.134/index.php when I hit the default page button.

 

Logfile of HijackThis v1.98.0

Scan saved at 10:10:09 AM, on 7/27/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\DESKTOP\CWSHREDDER.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clioamp.org/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: Mpeg Axis - {13A5A810-1788-D014-733B-3ED42623C4C5} - C:\PROGRAM FILES\SOAPONLINENURB\MAILMORE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll

O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.clickspring.net

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/20647/online.chm::/on-line.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\SYSTEM\MSXWORD.DLL

O19 - User stylesheet: C:\WINDOWS\win32.bmp :wtf:

Share this post


Link to post
Share on other sites

ok tick and fix the following in Hijackthis with all windows closed except Hijackthis.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O3 - Toolbar: Mpeg Axis - {13A5A810-1788-D014-733B-3ED42623C4C5} - C:\PROGRAM FILES\SOAPONLINENURB\MAILMORE.DLL

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.clickspring.net

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://66.230.145.49/20647/online.chm::/on-line.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\SYSTEM\MSXWORD.DLL

O19 - User stylesheet: C:\WINDOWS\win32.bmp

 

Reboot and delete the following files.

 

C:\WINDOWS\win32.bmp

 

Then post a new log here in a reply. Can you paste this into your browser javascript:navigator.userAgent and copy and paste what it says

Edited by therock247uk

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0