Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Voracious Browser Hijacker [RESOLVED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
let me prepare the manual fix for this !!

I will revent shortly with the fix.
  • 0

Advertisements


#17
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thank you so much
  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Copy the part in bold below into notepad and save it as fix.reg
Save as type:All files (The first line in the file should be REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0782824C-1639-4EFA-A10B-EC283974C5B1}"=-
"{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}"=-
"{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}"=-
"{8DFCC837-198B-4E47-BB6C-7DB989B17788}"=-
"{C95367F3-DBDA-4F4F-9798-938A8BB8787F}"=-
"{67BFEEB3-A797-421F-B40C-32A5D2F238F1}"=-
"{A7F4C8D2-39B7-4820-BC75-42733287A2F7}"=-
"{49F23447-29D6-4225-A438-ABF9CC4A8547}"=-
"{02980D7F-B8FD-4BDE-9989-33D057464E27}"=-
"{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}"=-
"{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}"=-
"{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}"=-
"{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}"=-
"{CC759374-5727-4190-87A0-826E405E1AEB}"=-
"{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}"=-
"{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}"=-
"{25D57FF6-8723-418C-948F-81C10B4696A2}"=-
"{8827CE28-538B-415F-9119-3D997CA999CB}"=-
"{001C1915-70F3-4C52-8CA5-0F37EC0CC576}"=-
"{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}"=-

[-HKEY_CLASSES_ROOT\CLSID\{0782824C-1639-4EFA-A10B-EC283974C5B1}]

[-HKEY_CLASSES_ROOT\CLSID\{0035A41A-50A7-47B5-90CB-7CD1419F7FDA}]

[-HKEY_CLASSES_ROOT\CLSID\{1DD274D8-90B8-4640-9B30-AFEDAA85FD99}]

[-HKEY_CLASSES_ROOT\CLSID\{8DFCC837-198B-4E47-BB6C-7DB989B17788}]

[-HKEY_CLASSES_ROOT\CLSID\{C95367F3-DBDA-4F4F-9798-938A8BB8787F}]

[-HKEY_CLASSES_ROOT\CLSID\{67BFEEB3-A797-421F-B40C-32A5D2F238F1}]

[-HKEY_CLASSES_ROOT\CLSID\{A7F4C8D2-39B7-4820-BC75-42733287A2F7}]

[-HKEY_CLASSES_ROOT\CLSID\{49F23447-29D6-4225-A438-ABF9CC4A8547}]

[-HKEY_CLASSES_ROOT\CLSID\{02980D7F-B8FD-4BDE-9989-33D057464E27}]

[-HKEY_CLASSES_ROOT\CLSID\{8D8A990B-8A02-48BD-88D8-22CBC725CC0E}]

[-HKEY_CLASSES_ROOT\CLSID\{5E1BBD20-555F-4E4E-9694-9A9DD745A18D}]

[-HKEY_CLASSES_ROOT\CLSID\{CDC40F77-672D-44F5-B6A5-F6F11DCBCC24}]

[-HKEY_CLASSES_ROOT\CLSID\{2B453BB1-C240-4635-8F52-AE4DEAABE4A2}]

[-HKEY_CLASSES_ROOT\CLSID\{CC759374-5727-4190-87A0-826E405E1AEB}]

[-HKEY_CLASSES_ROOT\CLSID\{A90E8223-87E0-4C0B-97EC-1B03B68BDB71}]

[-HKEY_CLASSES_ROOT\CLSID\{E1F3FCA2-DFD9-4E87-96B4-7654F2069D12}]

[-HKEY_CLASSES_ROOT\CLSID\{25D57FF6-8723-418C-948F-81C10B4696A2}]

[-HKEY_CLASSES_ROOT\CLSID\{8827CE28-538B-415F-9119-3D997CA999CB}]

[-HKEY_CLASSES_ROOT\CLSID\{001C1915-70F3-4C52-8CA5-0F37EC0CC576}]

[-HKEY_CLASSES_ROOT\CLSID\{CF0EF7B8-013A-4434-B7BD-7EDBE2FA669F}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""



1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, double click on fix.reg and let the file merge with your regsistry. .

4) please run Killbox. Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\SznTPFcs.dll
C:\WINDOWS\system32\solunirl.dll
C:\WINDOWS\system32\sbndcmsg.dll
C:\WINDOWS\system32\KCDLV1.DLL
C:\WINDOWS\system32\cyodm.dll
C:\WINDOWS\system32\IKFOSOFT.DLL
C:\WINDOWS\system32\pxd.dll
C:\WINDOWS\system32\rssutils.dll
C:\WINDOWS\system32\szsvc.dll
C:\WINDOWS\system32\MKCANS32.DLL
C:\WINDOWS\system32\SznTPFcs.dll
C:\WINDOWS\system32\syimgvw.dll
C:\WINDOWS\system32\MPSIP32.DLL
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\KYCOM.DLL
C:\WINDOWS\system32\MYSTKPRP.DLL
C:\Windows\system32\MOT2FW95.DLL
C:\Windows\system32\guard.tmp
C:\Windows\system32\MYSTKPRP.DLL
C:\Windows\system32\jt8407lqe.dll
C:\Windows\system32\jtn8075ue.dll
C:\Windows\system32\lhbmp13n.dll
C:\Windows\system32\MMRCLR40.DLL
C:\Windows\system32\padrv.dll
C:\Windows\system32\hr8605lse.dll
C:\Windows\system32\m664lgjq16oe.dll
C:\Windows\system32\maminst.dll
C:\Windows\system32\i0jqla151d.dll
C:\Windows\system32\kmdno1.dll
C:\Windows\system32\t08u0al9edq.dll
C:\Windows\system32\kldmlt47.dll
C:\Windows\system32\mensspc.dll
C:\Windows\system32\ajstream.dll
C:\Windows\system32\UOAT.DLL
C:\Windows\system32\szsvc.dll
C:\Windows\system32\solunirl.dll
C:\Windows\system32\mgvcp60.dll
C:\Windows\system32\mx3216.dll
C:\Windows\system32\hr0q05d5e.dll
C:\Windows\system32\rssutils.dll
C:\Windows\system32\rWsman.dll
C:\Windows\system32\pxd.dll
C:\Windows\system32\IKFOSOFT.DLL
C:\Windows\system32\meminst.dll
C:\Windows\system32\cyodm.dll
C:\Windows\system32\mbrd3x40.dll
C:\Windows\system32\HUICONS.DLL
C:\Windows\system32\n0n6la5s1d.dll
C:\Windows\system32\CKPESNPN.DLL
C:\Windows\system32\nalanman.dll
C:\Windows\system32\kt08l7du1.dll
C:\Windows\system32\cmyptext.dll
C:\Windows\system32\h40q0ed5eh0.dll
C:\Windows\system32\osdbse32.dll
C:\Windows\system32\hr6805jue.dll
C:\Windows\system32\wxcsapi.dll
C:\Windows\system32\k626lgfs1626.dll
C:\Windows\system32\KCDLV1.DLL
C:\Windows\system32\lv6m09j1e.dll
C:\Windows\system32\wpavideo.dll
C:\Windows\system32\en8sl1l71.dll
C:\Windows\system32\vfregexp.dll
C:\Windows\system32\p4r40e9qeh.dll
C:\Windows\system32\FJIFS.DLL
C:\Windows\system32\lv2209foe.dll
C:\Windows\system32\KRDGR1.DLL
C:\Windows\system32\lvrs0997e.dll
C:\Windows\system32\woaservc.dll
C:\Windows\system32\enp8l17u1.dll
C:\Windows\system32\n64slgh7164.dll
C:\Windows\system32\q0nu0a59ed.dll
C:\Windows\system32\hrns0557e.dll
C:\Windows\system32\VNA.DLL


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Reboot the PC in Normal Mode and post a fresh HJT log
  • 0

#19
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
done and done...
here is logfile, what do you think?

Logfile of HijackThis v1.99.1
Scan saved at 11:19:01 AM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Janabai2\Desktop\hijackthis-1\HijackThis.exe
  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Either you ddidnt post the complete log file or you are in big trouble !!!!

Please post the complete HJT log file please
  • 0

#21
JBiddy

JBiddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thought I posted the whole thng before, but I just redid it and here is the logfile? hope I am not in big trouble?

Logfile of HijackThis v1.99.1
Scan saved at 2:01:37 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janabai2\Desktop\hijackthis-1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clixis.com/de...p?display=login
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Janabai2"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Janabai2"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
I was just pulling your leg then. You had posted only the running processes and missed all the other entries !!!!! Check


Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Any issues with your PC ??? Let me know how your PC is behaving now
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP