• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

hijack this log, i need help knowing what to fix

6 posts in this topic

Logfile of HijackThis v1.97.7

Scan saved at 10:50:05 PM, on 5/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:







C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe



C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE


C:\Program Files\Dantz\Retrospect\retrorun.exe


C:\Program Files\Iomega\AutoDisk\ADService.exe


C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\2Wire\Gateway\2PortalMon.exe




C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Internet Optimizer\optimize.exe


C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Broadband Wizard\bbwiz.exe

C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE


C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\MMJB.EXE

C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe

C:\Documents and Settings\JJK Jr\Desktop\wombat.exe


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://maaohy.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://maaohy.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://maaohy.outhost.info/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://maaohy.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://maaohy.outhost.info/

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe

O1 - Hosts: collections.inhost.info

O1 - Hosts: collections.inhost2.info

O1 - Hosts: 1-se.com

O1 - Hosts: 58q.com

O1 - Hosts: aifind.cc

O1 - Hosts: aifind.info

O1 - Hosts: allneedsearch.com

O1 - Hosts: approvedlinks.com

O1 - Hosts: auto.ie.searchforge.com

O1 - Hosts: awebfind.biz

O1 - Hosts: best.royalsearch.net

O1 - Hosts: cracks.am

O1 - Hosts: default-homepage-network.com

O1 - Hosts: find.microgirls.com

O1 - Hosts: find4u.net

O1 - Hosts: freshvideogals.com

O1 - Hosts: i-lookup.com

O1 - Hosts: ie-search.com

O1 - Hosts: in.webcounter.cc

O1 - Hosts: itseasy.us

O1 - Hosts: just.find-itnow.com

O1 - Hosts: link.startmake.com

O1 - Hosts: mysearchnow.com

O1 - Hosts: nativehardcore.com

O1 - Hosts: qwertysearch123.biz

O1 - Hosts: search.ieplugin.com

O1 - Hosts: search.psn.cn

O1 - Hosts: searchbar.findthewebsiteyouneed.com

O1 - Hosts: searchcentrix.com

O1 - Hosts: searchmyrequest.com

O1 - Hosts: super-spider.com

O1 - Hosts: t.rack.cc

O1 - Hosts: teen-biz.com

O1 - Hosts: teenhqpics.com

O1 - Hosts: tits.hardcore4ever.net

O1 - Hosts: webcoolsearch.com

O1 - Hosts: wmmse.com

O1 - Hosts: www.008i.com

O1 - Hosts: www.2fastsearch.net

O1 - Hosts: www.8095.com

O1 - Hosts: www.alfa-search.com

O1 - Hosts: www.boredlife.com

O1 - Hosts: www.couldnotfind.com

O1 - Hosts: www.cracks.am

O1 - Hosts: www.daum.net

O1 - Hosts: www.dreamwiz.com

O1 - Hosts: www.find-itnow.com

O1 - Hosts: www.find-itnow.com

O1 - Hosts: www.find4u.net

O1 - Hosts: www.firstbookmark.com

O1 - Hosts: www.gajai.com

O1 - Hosts: www.hand-book.com

O1 - Hosts: www.hao123.com

O1 - Hosts: www.hotsearchbox.com

O1 - Hosts: www.hotwebsearch.com

O1 - Hosts: www.hugesearch.net

O1 - Hosts: www.iquicksearch.com

O1 - Hosts: www.lookfor.cc

O1 - Hosts: www.maxxxhosters.com

O1 - Hosts: www.naver.com

O1 - Hosts: www.nkvd.us

O1 - Hosts: www.novafuck.com

O1 - Hosts: www.ohcorea.com

O1 - Hosts: www.omega-search.com

O1 - Hosts: www.onet.pl

O1 - Hosts: www.power-search.info

O1 - Hosts: www.rightfinder.net

O1 - Hosts: www.search-1.net

O1 - Hosts: www.search-and-go.com

O1 - Hosts: www.search-dot.com

O1 - Hosts: www.search-space.com

O1 - Hosts: www.searchforge.com

O1 - Hosts: www.searching-the-net.com

O1 - Hosts: www.searchv.com

O1 - Hosts: www.searchxl.com

O1 - Hosts: www.seznam.cz

O1 - Hosts: www.slotch.com

O1 - Hosts: www.spidersearch.com

O1 - Hosts: www.startium.com

O1 - Hosts: www.therealsearch.com

O1 - Hosts: www.ttjj.com

O1 - Hosts: www.viewpornkey.com

O1 - Hosts: www.wazzupnet.com

O1 - Hosts: www.websearch.com

O1 - Hosts: www.windowws.cc

O1 - Hosts: www.xgmm.com

O1 - Hosts: xwebsearch.biz

O1 - Hosts: yourbookmarks.ws

O1 - Hosts: www.yahoo.com #Home Page

O1 - Hosts: rd.yahoo.com #.url

O1 - Hosts: www.reviewfreaks.com #.url

O1 - Hosts: www.nakedcelebgalleries.com #.url

O1 - Hosts: ybbot.chatcircuit.com #.url

O1 - Hosts: www.dvdrhelp.com #.url

O1 - Hosts: register.earthlink.net #.url

O1 - Hosts: cgi.ebay.com #.url

O1 - Hosts: www.funny-pics.net #.url

O1 - Hosts: www.cheatplanet.com #.url

O1 - Hosts: db.gamefaqs.com #.url

O1 - Hosts: www4.sss.gov #.url

O1 - Hosts: www.paintballkingdom.com #.url

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem216.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe

O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AlarmWorks] C:\Program Files\AlarmWorks\clockmstr.exe /SYSTRAY

O4 - HKLM\..\Run: [belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -0

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - Startup: Broadband Wizard.lnk = C:\Program Files\Broadband Wizard\bbwiz.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00015/chm.chm::/files/initial.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37874.855150463

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/sonystyle...l/java/RntX.cab

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimi...DistIOcrack.CAB

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

O19 - User stylesheet: C:\WINDOWS\system32\iepafk.jt7




any and all help is appreciated

Share this post

Link to post
Share on other sites

Devilman, If you havent already tried my previous response please ignore it for now and do the following.


Goto Start | Run (type) cmd (click Ok)

From The "Command Prompt" (type)




Note: (that's) NET<space>STOP<space>HACKERDEFENDER100


If successful you should see: (wait 30 sec.)


"The service is not responding to the control function."



See if "winunins.ini" exists and open in Notepad

Paste the contents of "winunins.ini".

Share this post

Link to post
Share on other sites

ok it took a little longer than i thought but here is the contents of that ini file


[Hidden Table]













[Root Processes]





[Hidden Services]



[Hidden RegKeys]






[Hidden RegValues]


[startup Run]

C:\WINDOWS\svhost.exe -sr -0


[Free Space]


[Hidden Ports]







ServiceDisplayName=Windows System Uninstaller

ServiceDescription=Microsoft System Service





Share this post

Link to post
Share on other sites


1) Restart in Safe Mode (see "How To:" below)

2) Enable Hidden Files (see "How To:" below)


Locate and delete the following:








svhost.exe (not "svchost.exe")




Open Regedit and click Edit > Find

(enter) "HackerDefenderDrv100" (no quotes)

Click Find Now


Highlight and delete all references found.

Click "F3" to continue searching, repeat until you see the "Completed Search" message.


Next, do the same steps for each of the above files.


Note: If you cannot delete the registry keys (Access Denied) then Right-click key and click Permissions.. Set Full Control to Allow everyone rights


While still in Safe Mode: Run a full system scan with your antivirus

Restart normally and post a fresh HijackThis log.


Note: if for some reason "hxdefdrv.sys" seems to be running again in Safe Mode, repeat the "net stop" command again and then delete the files.


Link to show hidden files

hidden files


Link on how to boot to safe mode

Safe Mode and delete the following files and folders.

Edited by Atribune

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0