• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
Muriel

CWshred, Sbot, &HJthis blocked!

4 posts in this topic

*This is a previous thread splintercell990 and I were working on, that we're just completing here. Just letting you know so that no one else takes the time to restart trying to fix the problem* :D

 

 

Hey there,

These problems started on the 3rd of March as far as I can tell, so this may be new to everyone (or maybe not).

I've read the FAQ and some of the articles on crapware removal. While I'm not a programmer, I can find my way around Windows fairly well, so I'll try to cooperate with any advice the best that I can. I should also mention up front that I share this computer (which runs Windows Me and AOL both, thank you for your sympathy) with two others that I am about ready to string up.

 

Ad aware, Spy sweeper and the free version of Pest Patrol are the only programs that this hijacker is not shutting down, and while they do find some crapware, they are not locating this problem (except for Pest P. occasionally finding something new called Bridge and another I think was called CWS.google.m3 but the others may be eliminating these as they don't consistantly show up. Alexa TBar and a monitor called KRec are the usual things the others find and delete.

 

As mentioned above, any attempt to download CW shred results in my internet browser being shut down immediately. While I've been able to download Sbot S&D ,spyware blaster, and browser HJ blaster, they are shutdown as soon as the setup begins. HJ this has been set up but is shut down as soon as it's started running. I was really quick and managed to complete a scan just before it shut down, so I'm hoping it finished properly. I'll paste it below

 

Some of the things I've looked into (please don't berate me too much for this)

-There is a hidden application in Application Data called SV host (not the SVc host I've seen mentioned elsewhere). It's 48KB and has a creation date of the 3rd Mar. when all this started. Could this be the culprit? If so, I experimented and can tell you it won't let me dump it in the recycle bin. Of course, maybe you'll tell me it's supposed to be there.

 

-In Internet Prop., the home page is stuck at rpgcao.outhost.info/. The jumbled letters in front of outhost always change and seem to be linked to application files in the windows/system folder with the same jumbled names. I've viewed these with wordpad and they are a very large single line of commands starting with get elements by tagname, dMtkc.index of ('music') etc. and ending with src=http:// (jumbled letters). outhost.info. I've deleted those that I find, but more appear at random.

 

-I've disabled the file folder _Restore through the troubleshooting option in system properties.

 

-Under accessibility in Internet Prop., format documents using my style sheet keeps getting automatically checked, no matter how many times I've undone it.

 

-And finally, one of the others here ran ad aware shortly after it was installed and I wasn't present, and erased quite a few windows options (those that display the taskbar and windows file folder icons) which I was able to remedy (I think) by running the OP system backup disc (reloading over, not deleting the windows folder- the others were screaming about losing their files. Personally, I think they've forfeited their right to even look at the system, much less use it)

Regardless, the files were restored and haven't had an impact on the problem of crapware tools getting shut down and web pages getting redirected.

 

Hopefully this isn't too much info. I'll take any advice or criticism anyone has to offer and check in periodically to report on any remedies and their results. Or to give more info that's requested.

 

Thanks,

Muriel

 

Here's the HJ this log:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:59:59 PM, on 5/10/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\APPLICATION DATA\SVHOST.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\WINDOWS\DESKTOP\ANIM8ER\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zigysz.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zigysz.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://zigysz.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://zigysz.outhost.info/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zigysz.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zigysz.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://zigysz.outhost.info/sp.php

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O1 - Hosts: 213.159.118.228 1-se.com

O1 - Hosts: 213.159.118.228 58q.com

O1 - Hosts: 213.159.118.228 aifind.cc

O1 - Hosts: 213.159.118.228 aifind.info

O1 - Hosts: 213.159.118.228 allneedsearch.com

O1 - Hosts: 213.159.118.228 approvedlinks.com

O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com

O1 - Hosts: 213.159.118.228 awebfind.biz

O1 - Hosts: 213.159.118.228 best.royalsearch.net

O1 - Hosts: 213.159.118.228 cracks.am

O1 - Hosts: 213.159.118.228 default-homepage-network.com

O1 - Hosts: 213.159.118.228 find.microgirls.com

O1 - Hosts: 213.159.118.228 find4u.net

O1 - Hosts: 213.159.118.228 freshvideogals.com

O1 - Hosts: 213.159.118.228 i-lookup.com

O1 - Hosts: 213.159.118.228 ie-search.com

O1 - Hosts: 213.159.118.228 in.webcounter.cc

O1 - Hosts: 213.159.118.228 itseasy.us

O1 - Hosts: 213.159.118.228 just.find-itnow.com

O1 - Hosts: 213.159.118.228 link.startmake.com

O1 - Hosts: 213.159.118.228 mysearchnow.com

O1 - Hosts: 213.159.118.228 nativehardcore.com

O1 - Hosts: 213.159.118.228 qwertysearch123.biz

O1 - Hosts: 213.159.118.228 search.ieplugin.com

O1 - Hosts: 213.159.118.228 search.psn.cn

O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com

O1 - Hosts: 213.159.118.228 searchcentrix.com

O1 - Hosts: 213.159.118.228 searchmyrequest.com

O1 - Hosts: 213.159.118.228 super-spider.com

O1 - Hosts: 213.159.118.228 t.rack.cc

O1 - Hosts: 213.159.118.228 teen-biz.com

O1 - Hosts: 213.159.118.228 teenhqpics.com

O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net

O1 - Hosts: 213.159.118.228 webcoolsearch.com

O1 - Hosts: 213.159.118.228 wmmse.com

O1 - Hosts: 213.159.118.228 www.008i.com

O1 - Hosts: 213.159.118.228 www.2fastsearch.net

O1 - Hosts: 213.159.118.228 www.8095.com

O1 - Hosts: 213.159.118.228 www.alfa-search.com

O1 - Hosts: 213.159.118.228 www.boredlife.com

O1 - Hosts: 213.159.118.228 www.couldnotfind.com

O1 - Hosts: 213.159.118.228 www.cracks.am

O1 - Hosts: 213.159.118.228 www.daum.net

O1 - Hosts: 213.159.118.228 www.dreamwiz.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find4u.net

O1 - Hosts: 213.159.118.228 www.firstbookmark.com

O1 - Hosts: 213.159.118.228 www.gajai.com

O1 - Hosts: 213.159.118.228 www.hand-book.com

O1 - Hosts: 213.159.118.228 www.hao123.com

O1 - Hosts: 213.159.118.228 www.hotsearchbox.com

O1 - Hosts: 213.159.118.228 www.hotwebsearch.com

O1 - Hosts: 213.159.118.228 www.hugesearch.net

O1 - Hosts: 213.159.118.228 www.iquicksearch.com

O1 - Hosts: 213.159.118.228 www.lookfor.cc

O1 - Hosts: 213.159.118.228 www.maxxxhosters.com

O1 - Hosts: 213.159.118.228 www.naver.com

O1 - Hosts: 213.159.118.228 www.nkvd.us

O1 - Hosts: 213.159.118.228 www.novaf*ck.com

O1 - Hosts: 213.159.118.228 www.ohcorea.com

O1 - Hosts: 213.159.118.228 www.omega-search.com

O1 - Hosts: 213.159.118.228 www.onet.pl

O1 - Hosts: 213.159.118.228 www.power-search.info

O1 - Hosts: 213.159.118.228 www.rightfinder.net

O1 - Hosts: 213.159.118.228 www.search-1.net

O1 - Hosts: 213.159.118.228 www.search-and-go.com

O1 - Hosts: 213.159.118.228 www.search-dot.com

O1 - Hosts: 213.159.118.228 www.search-space.com

O1 - Hosts: 213.159.118.228 www.searchforge.com

O1 - Hosts: 213.159.118.228 www.searching-the-net.com

O1 - Hosts: 213.159.118.228 www.searchv.com

O1 - Hosts: 213.159.118.228 www.searchxl.com

O1 - Hosts: 213.159.118.228 www.seznam.cz

O1 - Hosts: 213.159.118.228 www.slotch.com

O1 - Hosts: 213.159.118.228 www.spidersearch.com

O1 - Hosts: 213.159.118.228 www.startium.com

O1 - Hosts: 213.159.118.228 www.therealsearch.com

O1 - Hosts: 213.159.118.228 www.ttjj.com

O1 - Hosts: 213.159.118.228 www.viewpornkey.com

O1 - Hosts: 213.159.118.228 www.wazzupnet.com

O1 - Hosts: 213.159.118.228 www.websearch.com

O1 - Hosts: 213.159.118.228 www.windowws.cc

O1 - Hosts: 213.159.118.228 www.xgmm.com

O1 - Hosts: 213.159.118.228 xwebsearch.biz

O1 - Hosts: 213.159.118.228 yourbookmarks.ws

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\APPLICATION DATA\SVHOST.EXE -sr -0

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\APPLICATION DATA\SVHOST.EXE -sr -0

O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ixdesbrb.exe

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8117.4239930556

Edited by Muriel

Share this post


Link to post
Share on other sites

Ok tick and fix the follwoing in Hijackthis.

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zigysz.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zigysz.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://zigysz.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://zigysz.outhost.info/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zigysz.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zigysz.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://zigysz.outhost.info/sp.php

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O1 - Hosts: 213.159.118.228 1-se.com

O1 - Hosts: 213.159.118.228 58q.com

O1 - Hosts: 213.159.118.228 aifind.cc

O1 - Hosts: 213.159.118.228 aifind.info

O1 - Hosts: 213.159.118.228 allneedsearch.com

O1 - Hosts: 213.159.118.228 approvedlinks.com

O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com

O1 - Hosts: 213.159.118.228 awebfind.biz

O1 - Hosts: 213.159.118.228 best.royalsearch.net

O1 - Hosts: 213.159.118.228 cracks.am

O1 - Hosts: 213.159.118.228 default-homepage-network.com

O1 - Hosts: 213.159.118.228 find.microgirls.com

O1 - Hosts: 213.159.118.228 find4u.net

O1 - Hosts: 213.159.118.228 freshvideogals.com

O1 - Hosts: 213.159.118.228 i-lookup.com

O1 - Hosts: 213.159.118.228 ie-search.com

O1 - Hosts: 213.159.118.228 in.webcounter.cc

O1 - Hosts: 213.159.118.228 itseasy.us

O1 - Hosts: 213.159.118.228 just.find-itnow.com

O1 - Hosts: 213.159.118.228 link.startmake.com

O1 - Hosts: 213.159.118.228 mysearchnow.com

O1 - Hosts: 213.159.118.228 nativehardcore.com

O1 - Hosts: 213.159.118.228 qwertysearch123.biz

O1 - Hosts: 213.159.118.228 search.ieplugin.com

O1 - Hosts: 213.159.118.228 search.psn.cn

O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com

O1 - Hosts: 213.159.118.228 searchcentrix.com

O1 - Hosts: 213.159.118.228 searchmyrequest.com

O1 - Hosts: 213.159.118.228 super-spider.com

O1 - Hosts: 213.159.118.228 t.rack.cc

O1 - Hosts: 213.159.118.228 teen-biz.com

O1 - Hosts: 213.159.118.228 teenhqpics.com

O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net

O1 - Hosts: 213.159.118.228 webcoolsearch.com

O1 - Hosts: 213.159.118.228 wmmse.com

O1 - Hosts: 213.159.118.228 www.008i.com

O1 - Hosts: 213.159.118.228 www.2fastsearch.net

O1 - Hosts: 213.159.118.228 www.8095.com

O1 - Hosts: 213.159.118.228 www.alfa-search.com

O1 - Hosts: 213.159.118.228 www.boredlife.com

O1 - Hosts: 213.159.118.228 www.couldnotfind.com

O1 - Hosts: 213.159.118.228 www.cracks.am

O1 - Hosts: 213.159.118.228 www.daum.net

O1 - Hosts: 213.159.118.228 www.dreamwiz.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find4u.net

O1 - Hosts: 213.159.118.228 www.firstbookmark.com

O1 - Hosts: 213.159.118.228 www.gajai.com

O1 - Hosts: 213.159.118.228 www.hand-book.com

O1 - Hosts: 213.159.118.228 www.hao123.com

O1 - Hosts: 213.159.118.228 www.hotsearchbox.com

O1 - Hosts: 213.159.118.228 www.hotwebsearch.com

O1 - Hosts: 213.159.118.228 www.hugesearch.net

O1 - Hosts: 213.159.118.228 www.iquicksearch.com

O1 - Hosts: 213.159.118.228 www.lookfor.cc

O1 - Hosts: 213.159.118.228 www.maxxxhosters.com

O1 - Hosts: 213.159.118.228 www.naver.com

O1 - Hosts: 213.159.118.228 www.nkvd.us

O1 - Hosts: 213.159.118.228 www.novaf*ck.com

O1 - Hosts: 213.159.118.228 www.ohcorea.com

O1 - Hosts: 213.159.118.228 www.omega-search.com

O1 - Hosts: 213.159.118.228 www.onet.pl

O1 - Hosts: 213.159.118.228 www.power-search.info

O1 - Hosts: 213.159.118.228 www.rightfinder.net

O1 - Hosts: 213.159.118.228 www.search-1.net

O1 - Hosts: 213.159.118.228 www.search-and-go.com

O1 - Hosts: 213.159.118.228 www.search-dot.com

O1 - Hosts: 213.159.118.228 www.search-space.com

O1 - Hosts: 213.159.118.228 www.searchforge.com

O1 - Hosts: 213.159.118.228 www.searching-the-net.com

O1 - Hosts: 213.159.118.228 www.searchv.com

O1 - Hosts: 213.159.118.228 www.searchxl.com

O1 - Hosts: 213.159.118.228 www.seznam.cz

O1 - Hosts: 213.159.118.228 www.slotch.com

O1 - Hosts: 213.159.118.228 www.spidersearch.com

O1 - Hosts: 213.159.118.228 www.startium.com

O1 - Hosts: 213.159.118.228 www.therealsearch.com

O1 - Hosts: 213.159.118.228 www.ttjj.com

O1 - Hosts: 213.159.118.228 www.viewpornkey.com

O1 - Hosts: 213.159.118.228 www.wazzupnet.com

O1 - Hosts: 213.159.118.228 www.websearch.com

O1 - Hosts: 213.159.118.228 www.windowws.cc

O1 - Hosts: 213.159.118.228 www.xgmm.com

O1 - Hosts: 213.159.118.228 xwebsearch.biz

O1 - Hosts: 213.159.118.228 yourbookmarks.ws

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ixdesbrb.exe

 

Then delete if found.

 

C:\Program Files\Internet Explorer\ixdesbrb.exe

 

Then post a new log here in a reply.

Share this post


Link to post
Share on other sites

Hey there,

Thanks for helping! Splintercell990 was working on this with me yesterday, but I guess hasn't registered again.

Anyway, here's the new log, I'm already a couple of steps along, but these things, are still here:

 

-Still has svhost.exe in HJlog, even though I deleted svhost.exe from window\application data

 

-inatjoy.dll in c:windows\system, I think Cyril and some of the others were talking about needing to delete this as well

 

-and finally, when I rebooted earlier as part of the steps to replace the hosts file, I received a runtime error 5 at 00410F60----is this a problem?

 

Logfile of HijackThis v1.97.7

Scan saved at 5:20:42 PM, on 5/15/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\DESKTOP\ANIM8ER\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comic-con.org

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comic-con.org

O2 - BHO: MereSurfer Band - {4C12361F-3431-4A69-B0CA-CA788A8F7C12} - C:\PROGRAM FILES\MERESURFER 2003 FREE\MERESURFINSTALL.DLL

O3 - Toolbar: MereSurfer - {340166BC-786B-401F-96AC-7C8821EFA9CD} - C:\PROGRAM FILES\MERESURFER 2003 FREE\MERESURFERF.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\APPLICATION DATA\SVHOST.EXE -sr -0

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\APPLICATION DATA\SVHOST.EXE -sr -0

O4 - HKCU\..\RunServices: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\RunServices: [Network Service] C:\WINDOWS\APPLICATION DATA\SVHOST.EXE -sr -0

O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8117.4239930556

 

 

Here you go, and thanks again!

Muriel

 

Oh, do you want me to find the previous thread in the old forum and post it here to compare, or is that not necessary any longer?

Share this post


Link to post
Share on other sites

Due to the time passed without a response in this thread - I am closing it.

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0