WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] crazy browser

Started by delta48 , Jan 22 2008 12:52 PM

This topic is locked

6 replies to this topic

#1 delta48

New Member

New Member
4 posts

Posted 22 January 2008 - 12:52 PM

# hi, firefox and internet explorer, are displaying
# Www-search.net,
# and popup a window "click2find"
# so i post the hijack log
# i hope that you can help me.
#

Logfile of HijackThis v1.99.1

Scan saved at 12:22:32 p.m., on 22/01/08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

c:\windows\SYSTEM\KB891711\KB891711.EXE

C:\ARCHIVOS DE PROGRAMA\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\ARCHIVOS DE PROGRAMA\DIRECTCD\DIRECTCD.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\WINDOWS\SYSTEM\HPZTSB10.EXE

C:\ARCHIVOS DE PROGRAMA\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

D:\ARCHIVOS DE PROGRAMAS2\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telmex.com.mx/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\ARCHIV~1\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [Keyboard Manager] C:\Archivos de programa\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARCHIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O9 - Extra button: IC 3.0 - {bba9a1cb-c90a-4912-8f01-dfa51a2b4102} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARCHIVOS DE PROGRAMA\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARCHIVOS DE PROGRAMA\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.g...zylomloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom....gamesplayer.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.132,85.255.112.144

Edited by delta48, 23 January 2008 - 08:52 PM.

Advertisements

Register to Remove

#2 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 28 January 2008 - 07:18 AM

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

* Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
* The fix will begin; follow the prompts.
* You will be asked to reboot your computer; please do so.
* Your system may take longer than usual to load; this is normal.
* Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 delta48

New Member

New Member
4 posts

Posted 28 January 2008 - 09:01 PM

#Well here are the logs

Fixwareout Last edited 9/01/2007

Post this report in the forums please

Random Runs removed from HKLM

We recommend getting a free online scan

Computer Associates eTrust AV Web Scanner: http://www3.ca.com/v.../virusscan.aspx

Hosts file was reset, If you use a custom hosts file please replace it.

#and here the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:52:52 p.m., on 28/01/08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\ARCHIVOS DE PROGRAMA\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\ARCHIVOS DE PROGRAMA\DIRECTCD\DIRECTCD.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\WINDOWS\SYSTEM\HPZTSB10.EXE

C:\ARCHIVOS DE PROGRAMA\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\ALTERNATIVO\SEGURIDAD\HIJACKTHIS.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telmex.com.mx/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Archivos de programa\DirectCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [Keyboard Manager] C:\Archivos de programa\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARCHIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O9 - Extra button: IC 3.0 - {bba9a1cb-c90a-4912-8f01-dfa51a2b4102} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARCHIVOS DE PROGRAMA\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ARCHIVOS DE PROGRAMA\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - D:\ARCHIVOS DE PROGRAMAS2\SUPERANTI\SASWINLO.DLL

--

End of file - 3491 bytes

#4 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 29 January 2008 - 06:17 AM

Be sure to keep SunJava, updated
In Add/Remove programs click on these and press *remove* if listed:
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5- 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
Or any other outdated J2SE
It is important to remove older versions as these are the ones with the holes in them.
You will be surprised when you go to add/remove to see all of the versions sitting there.
Download Newest >>>> http://www.java.com/...nload/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test

---------------------------

Download and run - ATF Cleaner instructions here.

------------------------------------------------

Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 delta48

New Member

New Member
4 posts

Posted 29 January 2008 - 07:49 AM

# well i tried to enter to the java page, but when i click to the link in google it show me
#http://64.28.180.164 but the page is not displayed
#at my third retried java page apear and all look normal

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:42:23 a.m., on 29/01/08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\ARCHIVOS DE PROGRAMA\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\ARCHIVOS DE PROGRAMA\DIRECTCD\DIRECTCD.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE

C:\WINDOWS\SYSTEM\HPZTSB10.EXE

C:\ARCHIVOS DE PROGRAMA\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONSCREEN DISPLAY\OSD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARCHIVOS DE PROGRAMA\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\ESCRITORIO\JRE-1_5_0_14-WINDOWS-I586-P-IFTW.EXE

C:\WINDOWS\SYSTEM\MSIEXEC.EXE

D:\ALTERNATIVO\SEGURIDAD\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telmex.com.mx/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Archivos de programa\DirectCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [Keyboard Manager] C:\Archivos de programa\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb10.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\ARCHIV~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O9 - Extra button: IC 3.0 - {bba9a1cb-c90a-4912-8f01-dfa51a2b4102} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - D:\ARCHIVOS DE PROGRAMAS2\SUPERANTI\SASWINLO.DLL

--

End of file - 3187 bytes

#6 delta48

New Member

New Member
4 posts

Posted 29 January 2008 - 08:11 PM

I run antisuperspyware in safe mode, 'cause i found a similar problem here http://www.forospywa...om/t141176.html (is in spanish)
and i found a trojan kdwmz.exe that was deleted.
internet explorer is working fine now, and curiosly spywareblaster run again.
thanks for your help little eagle.

Edited by delta48, 29 January 2008 - 08:38 PM.

#7 little eagle

spyware hawk

Visiting Fellow
8,968 posts

Interests:spyware

Posted 30 January 2008 - 06:38 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Body Background

skin color theme