• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tritonbill

sexxx.exe/www.palozzacasino.com + smartsearch

5 posts in this topic

Every time i open IE i get about:blank as my home page, which brings up some search engine. I have run Norton Anti-Virus 2004, Ad-Aware 6 with most current updates, as well as spy bot search and destroy also with current updates.

 

There is also an icon on my desktop with the description of SEX. If I delete the icon it comes back on next boot. My browser also wants toredirect to www.palazzocasino.com or sometimes smartsearch search engine.

 

here is my log from hijack this:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:16:04 PM, on 6/18/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\usrgrcoi.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Common Files\PSD Tools\ChannelUp.exe

C:\WINDOWS\System32\wapitr.exe

C:\WINDOWS\System32\wiakmgr.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\PC 1\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PC1~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PC1~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PC1~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\PC1~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\PC1~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\PC1~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/

O2 - BHO: (no name) - {4F8A1DB4-6B44-4BF0-AAD8-3053A67D3566} - C:\WINDOWS\System32\kafmkk.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [sFFi36Q] usrgrcoi.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe

O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapitr.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\PC 1\HXIUL.EXE

O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\PC 1\Client\HelpExp.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [dowsRWc9e] wiakmgr.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Common Files\svchost.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.235/buka.chm::/x.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7982.2199768519

O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

 

 

Thanks for your help in advance,

bill

Share this post


Link to post
Share on other sites

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

 

Reboot to SAFE mode to run swshredder

 

How to start computer in safe mode

 

Then these 2 programs .

Ad-Aware and Spybot

 

Download the latest version of Ad-Aware at ADAWARE

 

Setup Ad-Aware .

After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button.

Under "Log-file detail", select all options.

Click the "Tweaks" button.

 

Under "Scanning Engine", select the following:

"Include additional Ad-aware settings in logfile" and

"Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on 'Proceed' to save these Preferences.

Please make sure that you activate IN-DEPTH scanning before you proceed

 

Download SPYBOT

 

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds

 

How to setup Ad-Aware and Spy-Bot S&D Check my signature for details

 

And after that, please do the following:

 

reboot computer and post a new log

Share this post


Link to post
Share on other sites

Here is my new log. When I start Internet Explorer the about:blank still came up and forwarded me to Smartsearch search engine.

 

I got rid of the sexxx.exe by going to safe mode and removing from windows directory.

 

How do I get rid of these last spywares? I did as you said ,ran cwshredder, adaware and spybot and here is my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:52:36 AM, on 6/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\System32\qprathlp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Common Files\PSD Tools\ChannelUp.exe

C:\WINDOWS\System32\wapitr.exe

C:\WINDOWS\System32\rdcphbk.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\wanmpsvc.exe

C:\Documents and Settings\PC 1\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [sFFi36Q] qprathlp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe

O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapitr.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\PC 1\HXIUL.EXE

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [dowsRWc9e] rdcphbk.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7982.2199768519

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Share this post


Link to post
Share on other sites

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

 

O4 - HKLM\..\Run: [sFFi36Q] qprathlp.exe

 

 

O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe

 

O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapitr.exe

 

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\PC 1\HXIUL.EXE

 

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

 

O4 - HKCU\..\Run: [dowsRWc9e] rdcphbk.exe

 

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

 

 

Now reboot into safe mode and delete the following files and folders if found .

 

qprathlp.exe........ delete file

 

 

C:\Program Files\Common Files\PSD Tools ... delete folder

 

C:\WINDOWS\System32\wapitr.exe....... delete file

 

C:\Program Files\Alset\ . delete folder

 

C:\WINDOWS\System32\msmc.exe ....... delete file

 

rdcphbk.exe ....... delete file

 

 

to delete the above files and folder you will need to do the following

go to

Show hidden files & folders

 

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

 

reboot computer and post a new log

Share this post


Link to post
Share on other sites

Thanks for not coming back .All the time i put into you log ,Wasted !!:)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0