• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
shug

"deal helper" expert help needed

6 posts in this topic

I was lucky enough to get infected with a browser Hijacker that seems to have been related to "deal helper", "180 solutions" and a couple of other annoying programs...

 

I found some info on a google groups search and used this method to remove the deal helper google search hijack---

 

"It was removed by running

the command line "regsvr32 /u msdhmd.dll". The DLL is 119,808 bytes dated

8/22/2001. Info in the DLL indicates it was actually compiled on

4/14/2004. Re-registering it with "regsvr32 msdhmd.dll" started the search

hijacking again." <-- from a google group post.

 

I then ran updated versions of adaware and spybot S&D both of which found alot of stuff that needed to be removed/fixed. I also used Winpatrol to identify some of the programs.

 

My Google toolbar no longer works but everything else related to my browser appears to be working normally again.

 

I'm new to alot of this so if some experts on the forum would be so kind as to view my hijackthis.log I would be very grateful.... also, would it be ok to reinstall my google toolbar?? TIA

 

--------------------------------------------------

 

Logfile of HijackThis v1.97.7

Scan saved at 6:25:53 PM, on 6/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\downloads\hijack this\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.22.0.4:8080

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [sB Audigy 2 Startup Menu] /L:ENG

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/register/wowbeta/si.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7841.7472106482

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Edited by shug

Share this post


Link to post
Share on other sites

Your log looks OK. I don't see any reason why you shouldn't install the Google toolbar.

Share this post


Link to post
Share on other sites
I was lucky enough to get infected with a browser Hijacker that seems to have been related to "deal helper", "180 solutions" and a couple of other annoying programs...

 

I found some info on a google groups search and used this method to remove the deal helper google search hijack---

 

"It was removed by running

the command line "regsvr32 /u msdhmd.dll". The DLL is 119,808 bytes dated

8/22/2001. Info in the DLL indicates it was actually compiled on

4/14/2004. Re-registering it with "regsvr32 msdhmd.dll" started the search

hijacking again." <-- from a google group post.

 

I then ran updated versions of adaware and spybot S&D both of which found alot of stuff that needed to be removed/fixed. I also used Winpatrol to identify some of the programs.

shug --

 

You saved my day, man! I had found DealHelper and 180solutions references after running SpyBot SD and Ad-Aware. After doing all the "fixes" and deleting temp files from all known locations, the Google search hijack persisted.

 

Not sure if yours was the same, but when I entered search criteria in Google, I'd get a list of other search links as Page 1 with a small pop-up containing a few other random search links. It was quite annoying. I figured there was some registry change that the spyware programs didn't catch.

 

I found your post and entered "regsvr32 /u msdhmd.dll" and then tried a random Google search and it worked like it was supposed to! Awesome...

 

I have one question, though: By un-registering msdhmd.dll, is anything else affected adversely? Or rather, is this DLL file actually necessary for any other program? It seems like it isn't.

 

Thanks!! :thumbsup::bounce:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0