• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Erasculio

Hijacked by http://solongas.com/hp.htm?id=9

5 posts in this topic

First, I have read the FAQ, and I have already run update versions of Hijack, Spybot Search & Destroy, Ad-Aware and CWShredder, plus I have SpywareBlaster and SpywareGuard, and Norton Internet Security. I have seen a thread with the same problem as my own, but taking the steps indicated in that other thread (this one) didn't work for me.

 

About the problem itself:

 

Whenever I open Internet Explorer, my default home-page has been changed to solongas.com/hp.htm?id=9. Sometimes, my default search address is changed to the same link, and sometimes new Favourites are added to my list (such as xxx crazy sex and stuff like that).

 

My HijackThis log is:

 

Logfile of HijackThis v1.97.7

Scan saved at 18:11:46, on 14/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\ARQUIVOS DE PROGRAMAS\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\MSWHEEL.EXE

C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE

C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARQUIVOS DE PROGRAMAS\SPYWAREGUARD\SGMAIN.EXE

C:\ARQUIVOS DE PROGRAMAS\ALURIA SOFTWARE\ASE\ASE SCHEDULER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\ARQUIVOS DE PROGRAMAS\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\CMMON32.EXE

C:\ARQUIVOS DE PROGRAMAS\WINAMP\WINAMP.EXE

C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARQUIVOSL\SPYWARE\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

F1 - win.ini: run=hpfsched

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.terra.com.br/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\c4srwh7i.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CARQUIVOS%20DE%20PROGRAMAS%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\c4srwh7i.slt\prefs.js)

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\09YDDI4JLAV88G.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Arquivos de Programas\DirectCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AudioHQ] C:\Arquivos de programas\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE

O4 - HKLM\..\Run: [VsecomrEXE] C:\Arquivos de programas\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [Vshwin32EXE] C:\Arquivos de programas\Network Associates\McAfee VirusScan\VSHWIN32.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Arquivos de programas\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iamapp] c:\Arquivos de programas\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] "c:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [nisserv] c:\Arquivos de programas\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [Nisum] c:\Arquivos de programas\Norton Personal Firewall\NISUM.EXE

O4 - HKLM\..\RunServices: [ccPxySvc] c:\ARQUIV~1\NORTON~2\CCPXYSVC.EXE

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

O4 - Startup: ASE Scheduler.lnk = C:\Arquivos de programas\Aluria Software\ASE\ASE Scheduler.exe

O4 - User Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

O4 - User Startup: ASE Scheduler.lnk = C:\Arquivos de programas\Aluria Software\ASE\ASE Scheduler.exe

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIVOS DE PROGRAMAS\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIVOS DE PROGRAMAS\FLASHGET\jc_all.htm

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Dell Home (HKCU)

O15 - Trusted Zone: http://www.nocturnis.net

O15 - Trusted Zone: www.amazon.com

O15 - Trusted Zone: http://www.antiochforever.com

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = terra.com.br

 

Thank you for your assistance.

 

Erasculio

Share this post


Link to post
Share on other sites

Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, find, zip and send this file:

 

C:\WINDOWS\SYSTEM\09YDDI4JLAV88G.DLL

 

to this e-mail address including a link to this thread in the body of the email.

 

I can then give you the fix for this.

Share this post


Link to post
Share on other sites

Actually, thank you for your assistance, but I think I have solved the problem myself. I just looked through the old threads with the same problem (most of which were answered by you, in fact), ran HijackThis, and deleted everything I thought was weird.

 

At least now I don't see the solotas thing anymore.

 

My current HijackThis Log is:

 

Logfile of HijackThis v1.97.7

Scan saved at 21:21:01, on 15/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\NORTON PERSONAL FIREWALL\NISUM.EXE

C:\ARQUIVOS DE PROGRAMAS\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\DIRECTCD\DIRECTCD.EXE

C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE

C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARQUIVOS DE PROGRAMAS\SPYWAREGUARD\SGMAIN.EXE

C:\ARQUIVOS DE PROGRAMAS\ALURIA SOFTWARE\ASE\ASE SCHEDULER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\ARQUIVOS DE PROGRAMAS\SPYWAREGUARD\SGBHP.EXE

C:\ARQUIVOS DE PROGRAMAS\WINAMP\WINAMP.EXE

C:\WINDOWS\SYSTEM\CMMON32.EXE

C:\ARQUIVOS DE PROGRAMAS\CREATIVE\PLAYCENTER\CTPLAY.EXE

C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARQUIVOSL\SPYWARE\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br

F1 - win.ini: run=hpfsched

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Arquivos de Programas\DirectCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AudioHQ] C:\Arquivos de programas\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\ARQUIVOS DE PROGRAMAS\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE

O4 - HKLM\..\Run: [VsecomrEXE] C:\Arquivos de programas\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [Vshwin32EXE] C:\Arquivos de programas\Network Associates\McAfee VirusScan\VSHWIN32.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Arquivos de programas\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iamapp] c:\Arquivos de programas\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] "c:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [nisserv] c:\Arquivos de programas\Norton Personal Firewall\NISSERV.EXE

O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [Nisum] c:\Arquivos de programas\Norton Personal Firewall\NISUM.EXE

O4 - HKLM\..\RunServices: [ccPxySvc] c:\ARQUIV~1\NORTON~2\CCPXYSVC.EXE

O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

O4 - Startup: ASE Scheduler.lnk = C:\Arquivos de programas\Aluria Software\ASE\ASE Scheduler.exe

O4 - User Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

O4 - User Startup: ASE Scheduler.lnk = C:\Arquivos de programas\Aluria Software\ASE\ASE Scheduler.exe

O8 - Extra context menu item: Download using FlashGet - C:\ARQUIVOS DE PROGRAMAS\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - C:\ARQUIVOS DE PROGRAMAS\FLASHGET\jc_all.htm

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Dell Home (HKCU)

O15 - Trusted Zone: http://www.nocturnis.net

O15 - Trusted Zone: www.amazon.com

O15 - Trusted Zone: http://www.antiochforever.com

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = terra.com.br

 

I'm not sure, but I think it's clear (or at least I hope it is).

 

Again, thank you for your help, and thaks for all the effort you put in this place. It's really helping a lot of people.

 

Erasculio

Share this post


Link to post
Share on other sites

Yes, you got it all - well done :)

 

As this problem has been resolved the topic will be closed. If you need this topic reopened, please click here to email the moderating team - be sure to include the address of the thread and the name you posted under.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0