• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
cultureclsh

hijacked by http://solongas.com/hp.htm?id=9

9 posts in this topic

Ran the latest versions of Spybot and Adaware. They detect the problem but as soon as computer is rebooted, the problem persists. Ran CWShredder and same result. Here is my HijackThis Log. Thank you

 

Logfile of HijackThis v1.97.7

Scan saved at 4:54:40 PM, on 6/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Eddie Torres\My Documents\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\moeme0g4mawf.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Locators.com Search Bar (HKLM)

O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, find, zip and send these files:

 

c:\installer\id53.exe

C:\Program Files\zSearch\Zstb.exe

 

to this e-mail address including a link to this thread in the body of the email.

 

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\moeme0g4mawf.dll

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O9 - Extra button: Locators.com Search Bar (HKLM)

O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)

O15 - Trusted Zone: *.greg-search.com

 

Reboot into Safe Mode when done, find and delete the following:

 

C:\WINDOWS\System32\msmc.exe

C:\Program Files\TV Media\Tvm.exe

 

Reboot, rescan with HJT and post a new log here for a final check over.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 3:42:09 PM, on 6/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Eddie Torres\My Documents\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Grab a copy of winzip from here:

 

http://www.winzip.com/downwz.htm

 

Reboot into Safe Mode again, with only HJT running, have it fix:

 

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe

 

Find and delete:

 

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\WINDOWS\System32\msgked.exe

 

Reboot again and post a new HJT log.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.2

Scan saved at 01:44:03, on 2004-09-30

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE

C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\1RWIEB03KTOC.EXE

C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

C:\MOJE DOKUMENTY\MOJE OBRAZY\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez IDG.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\GWYM6Z~1.DLL

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.0\THGUARD.EXE"

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [romahere2] C:\WINDOWS\SYSTEM\1RWIEB03KTOC.EXE

O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.idg.pl

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GINMAKAO Class) - http://gryonline.wp.pl/files/makao_2_0_0_6.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

:(

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0