• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
minnerd

outhost-casino palazzio problem

12 posts in this topic

:angry: here is the log file txt from hijack...now what do i do? I can't run the program in normal mode so i had to run in safe mode...i don't know if doing that identifies all the running processes that would be indentified in normal...but that's what i had to do...i'm also going to have to open it in safe mode when i go to ignore the files.

 

YOUR HELP WOULD REALLY BE APPRECIATED!

 

Logfile of HijackThis v1.97.7

Scan saved at 6:03:17 PM, on 5/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\My Documents\New Folder\WillyFerrell.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tyivwj.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tyivwj.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tyivwj.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://tyivwj.outhost.info/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://tyivwj.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tyivwj.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://tyivwj.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us10.hpwis.com/

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O1 - Hosts: 213.159.118.228 1-se.com

O1 - Hosts: 213.159.118.228 58q.com

O1 - Hosts: 213.159.118.228 aifind.cc

O1 - Hosts: 213.159.118.228 aifind.info

O1 - Hosts: 213.159.118.228 allneedsearch.com

O1 - Hosts: 213.159.118.228 approvedlinks.com

O1 - Hosts: 213.159.118.228 auto.ie.searchforge.com

O1 - Hosts: 213.159.118.228 awebfind.biz

O1 - Hosts: 213.159.118.228 best.royalsearch.net

O1 - Hosts: 213.159.118.228 cracks.am

O1 - Hosts: 213.159.118.228 default-homepage-network.com

O1 - Hosts: 213.159.118.228 find.microgirls.com

O1 - Hosts: 213.159.118.228 find4u.net

O1 - Hosts: 213.159.118.228 freshvideogals.com

O1 - Hosts: 213.159.118.228 i-lookup.com

O1 - Hosts: 213.159.118.228 ie-search.com

O1 - Hosts: 213.159.118.228 in.webcounter.cc

O1 - Hosts: 213.159.118.228 itseasy.us

O1 - Hosts: 213.159.118.228 just.find-itnow.com

O1 - Hosts: 213.159.118.228 link.startmake.com

O1 - Hosts: 213.159.118.228 mysearchnow.com

O1 - Hosts: 213.159.118.228 nativehardcore.com

O1 - Hosts: 213.159.118.228 qwertysearch123.biz

O1 - Hosts: 213.159.118.228 search.ieplugin.com

O1 - Hosts: 213.159.118.228 search.psn.cn

O1 - Hosts: 213.159.118.228 searchbar.findthewebsiteyouneed.com

O1 - Hosts: 213.159.118.228 searchcentrix.com

O1 - Hosts: 213.159.118.228 searchmyrequest.com

O1 - Hosts: 213.159.118.228 super-spider.com

O1 - Hosts: 213.159.118.228 t.rack.cc

O1 - Hosts: 213.159.118.228 teen-biz.com

O1 - Hosts: 213.159.118.228 teenhqpics.com

O1 - Hosts: 213.159.118.228 tits.hardcore4ever.net

O1 - Hosts: 213.159.118.228 webcoolsearch.com

O1 - Hosts: 213.159.118.228 wmmse.com

O1 - Hosts: 213.159.118.228 www.008i.com

O1 - Hosts: 213.159.118.228 www.2fastsearch.net

O1 - Hosts: 213.159.118.228 www.8095.com

O1 - Hosts: 213.159.118.228 www.alfa-search.com

O1 - Hosts: 213.159.118.228 www.boredlife.com

O1 - Hosts: 213.159.118.228 www.couldnotfind.com

O1 - Hosts: 213.159.118.228 www.cracks.am

O1 - Hosts: 213.159.118.228 www.daum.net

O1 - Hosts: 213.159.118.228 www.dreamwiz.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find-itnow.com

O1 - Hosts: 213.159.118.228 www.find4u.net

O1 - Hosts: 213.159.118.228 www.firstbookmark.com

O1 - Hosts: 213.159.118.228 www.gajai.com

O1 - Hosts: 213.159.118.228 www.hand-book.com

O1 - Hosts: 213.159.118.228 www.hao123.com

O1 - Hosts: 213.159.118.228 www.hotsearchbox.com

O1 - Hosts: 213.159.118.228 www.hotwebsearch.com

O1 - Hosts: 213.159.118.228 www.hugesearch.net

O1 - Hosts: 213.159.118.228 www.iquicksearch.com

O1 - Hosts: 213.159.118.228 www.lookfor.cc

O1 - Hosts: 213.159.118.228 www.maxxxhosters.com

O1 - Hosts: 213.159.118.228 www.naver.com

O1 - Hosts: 213.159.118.228 www.nkvd.us

O1 - Hosts: 213.159.118.228 www.novafuck.com

O1 - Hosts: 213.159.118.228 www.ohcorea.com

O1 - Hosts: 213.159.118.228 www.omega-search.com

O1 - Hosts: 213.159.118.228 www.onet.pl

O1 - Hosts: 213.159.118.228 www.power-search.info

O1 - Hosts: 213.159.118.228 www.rightfinder.net

O1 - Hosts: 213.159.118.228 www.search-1.net

O1 - Hosts: 213.159.118.228 www.search-and-go.com

O1 - Hosts: 213.159.118.228 www.search-dot.com

O1 - Hosts: 213.159.118.228 www.search-space.com

O1 - Hosts: 213.159.118.228 www.searchforge.com

O1 - Hosts: 213.159.118.228 www.searching-the-net.com

O1 - Hosts: 213.159.118.228 www.searchv.com

O1 - Hosts: 213.159.118.228 www.searchxl.com

O1 - Hosts: 213.159.118.228 www.seznam.cz

O1 - Hosts: 213.159.118.228 www.slotch.com

O1 - Hosts: 213.159.118.228 www.spidersearch.com

O1 - Hosts: 213.159.118.228 www.startium.com

O1 - Hosts: 213.159.118.228 www.therealsearch.com

O1 - Hosts: 213.159.118.228 www.ttjj.com

O1 - Hosts: 213.159.118.228 www.viewpornkey.com

O1 - Hosts: 213.159.118.228 www.wazzupnet.com

O1 - Hosts: 213.159.118.228 www.websearch.com

O1 - Hosts: 213.159.118.228 www.windowws.cc

O1 - Hosts: 213.159.118.228 www.xgmm.com

O1 - Hosts: 213.159.118.228 xwebsearch.biz

O1 - Hosts: 213.159.118.228 yourbookmarks.ws

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [system Network Service] C:\WINDOWS\svhost.exe -sr -1

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [system Network Service] C:\WINDOWS\svhost.exe -sr -1

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab

O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab

O19 - User stylesheet: C:\WINDOWS\system32\lgrwrn.b06

Share this post


Link to post
Share on other sites

please download CWShredder

This was written to deal with Coolweb and all its variants.

 

Download and run the program. Let it fix everything it finds, and reboot.

 

Run Hijack this again, and post a fresh log so we can deal with whatever is left

Share this post


Link to post
Share on other sites

It is not letting me download the program from any of the sites...i downloaded that coolweb killer because hijack was being closed automatically...but it said that it didn't find any searchkiller program...how am i supposed to get the CWShredder to run it?

Share this post


Link to post
Share on other sites

ok so i downloaded and ran it through the media card on my pda....it said for me to ask if C:\windows\ctdrvins.exe is random? Yes or No I have no clue

Share this post


Link to post
Share on other sites

ok someone told me that file was for creative labs so i marked it as NO (for being random) then i ran hijack again...here is my new log

 

Logfile of HijackThis v1.97.7

Scan saved at 7:36:10 PM, on 5/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

c:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WZCBDL Service\WZCBDLS.exe

C:\Program Files\D-Link\Air USB Utility\AirCFG.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Documents and Settings\Owner\My Documents\New Folder\WillyFerrell.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ipszyr.outhost.info/?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipszyr.outhost.info/?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ipszyr.outhost.info/?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipszyr.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ipszyr.outhost.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ipszyr.outhost.info/?

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wsgdwr.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wsgdwr.outhost.info/sp.php

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://ipszyr.outhost.info/?

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipszyr.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ipszyr.outhost.info/?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ipszyr.outhost.info/?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ipszyr.outhost.info/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ipszyr.outhost.info/?

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://wsgdwr.outhost.info/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us10.hpwis.com/

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)

O1 - Hosts: 213.159.118.228 collections.inhost.info

O1 - Hosts: 213.159.118.228 collections.inhost2.info

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [system Network Service] C:\WINDOWS\svhost.exe -sr -1

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [system Network Service] C:\WINDOWS\svhost.exe -sr -1

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing

O13 - DefaultPrefix: http://ipszyr.outhost.info/?

O13 - WWW Prefix: http://ipszyr.outhost.info/?

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab

O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab

O19 - User stylesheet: C:\WINDOWS\system32\aichae.98o

Share this post


Link to post
Share on other sites

This is my new log file....the palazzo problem is gone...so is the homepage problem...but i'm still getting the outhost page coming up when i try and go to certain sites...anyone's help in how to fix this problem would be greatly appreciated.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:17:29 AM, on 5/31/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

c:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WZCBDL Service\WZCBDLS.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe

C:\Program Files\D-Link\Air USB Utility\AirCFG.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\My Documents\New Folder\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c

O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab

O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab

O19 - User stylesheet: C:\WINDOWS\system32\dkiqvy.kox

Share this post


Link to post
Share on other sites

Minnerd

 

Go to Start > Run and type: 'cmd' (without quotes) and click Ok.

From The "Command Prompt" type:

 

'NET STOP HACKERDEFENDER100' (without quotes) and press Enter

 

Note: (that's) NET<space>STOP<space>HACKERDEFENDER100

 

If successful you should see: (wait 30 sec.)

 

"The service is not responding to the control function."

 

Search for file "winunins.ini" and open it in Notepad.

Paste the contents of "winunins.ini" here.

 

(Until here instructions by Winhelp2002, thank you.)

 

Then let Hijack This fix the following lines:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O19 - User stylesheet: C:\WINDOWS\system32\dkiqvy.kox

 

Do this by closing all browser windows, placing a checkmark before the above items and clicking the Fix-button.

 

Download a clean hostsfile and place it in folder C:\WINDOWS\System32\drivers\etc .

Close all browser windows.

Find in the same folder file 'hosts' (without name-extension), select it, right-click on it and choose properties. Uncheck attributes read-only, system and hidden. Then rename the file to 'hosts.bak' and rename the downloaded 'hosts.txt' to 'hosts'. Edit it's properties and check read-only.

_______

Wiskonst

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0