1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

freednshost

Discussion in 'Virus & Other Malware Removal' started by Jen1, Apr 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Jen1

    Jen1 Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    2
    My son has been attacked by a hijacker and we cannot seem to get it removed. We are using Adaware and Spybot S&D and Hijack This but it keeps reinstalling.

    Everything goes through a url freednshost.info and then it has the page we are trying to access. Also, a page pops up every now and then saying stupid stuff about an fbi warning and it's from this same site.

    It has put itself on the tools tab or the ie toolbar as well and we can't seem to get it off there either.

    Anyone ever hear of it?

    Jen1
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Yes....it sound familiar(y) Welcome to TSG by the way:)

    Do this:
    go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
    Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

    ;)
     
  3. Eric882

    Eric882

    Joined:
    Apr 8, 2004
    Messages:
    17
    Alright, this is the son that she was talking about and this is the log:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:45:10 PM, on 4/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\svchost.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://213.159.118.226/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 213.159.118.226 1-se.com
    O1 - Hosts: 213.159.118.226 58q.com
    O1 - Hosts: 213.159.118.226 aifind.cc
    O1 - Hosts: 213.159.118.226 aifind.info
    O1 - Hosts: 213.159.118.226 allneedsearch.com
    O1 - Hosts: 213.159.118.226 approvedlinks.com
    O1 - Hosts: 213.159.118.226 auto.ie.searchforge.com
    O1 - Hosts: 213.159.118.226 awebfind.biz
    O1 - Hosts: 213.159.118.226 best.royalsearch.net
    O1 - Hosts: 213.159.118.226 cracks.am
    O1 - Hosts: 213.159.118.226 default-homepage-network.com
    O1 - Hosts: 213.159.118.226 find.microgirls.com
    O1 - Hosts: 213.159.118.226 find4u.net
    O1 - Hosts: 213.159.118.226 freshvideogals.com
    O1 - Hosts: 213.159.118.226 i-lookup.com
    O1 - Hosts: 213.159.118.226 ie-search.com
    O1 - Hosts: 213.159.118.226 in.webcounter.cc
    O1 - Hosts: 213.159.118.226 itseasy.us
    O1 - Hosts: 213.159.118.226 just.find-itnow.com
    O1 - Hosts: 213.159.118.226 link.startmake.com
    O1 - Hosts: 213.159.118.226 mysearchnow.com
    O1 - Hosts: 213.159.118.226 nativehardcore.com
    O1 - Hosts: 213.159.118.226 qwertysearch123.biz
    O1 - Hosts: 213.159.118.226 search.ieplugin.com
    O1 - Hosts: 213.159.118.226 search.psn.cn
    O1 - Hosts: 213.159.118.226 searchbar.findthewebsiteyouneed.com
    O1 - Hosts: 213.159.118.226 searchcentrix.com
    O1 - Hosts: 213.159.118.226 searchmyrequest.com
    O1 - Hosts: 213.159.118.226 super-spider.com
    O1 - Hosts: 213.159.118.226 t.rack.cc
    O1 - Hosts: 213.159.118.226 teen-biz.com
    O1 - Hosts: 213.159.118.226 teenhqpics.com
    O1 - Hosts: 213.159.118.226 tits.hardcore4ever.net
    O1 - Hosts: 213.159.118.226 webcoolsearch.com
    O1 - Hosts: 213.159.118.226 wmmse.com
    O1 - Hosts: 213.159.118.226 www.008i.com
    O1 - Hosts: 213.159.118.226 www.2fastsearch.net
    O1 - Hosts: 213.159.118.226 www.8095.com
    O1 - Hosts: 213.159.118.226 www.alfa-search.com
    O1 - Hosts: 213.159.118.226 www.boredlife.com
    O1 - Hosts: 213.159.118.226 www.couldnotfind.com
    O1 - Hosts: 213.159.118.226 www.cracks.am
    O1 - Hosts: 213.159.118.226 www.daum.net
    O1 - Hosts: 213.159.118.226 www.dreamwiz.com
    O1 - Hosts: 213.159.118.226 www.find-itnow.com
    O1 - Hosts: 213.159.118.226 www.find-itnow.com
    O1 - Hosts: 213.159.118.226 www.find4u.net
    O1 - Hosts: 213.159.118.226 www.firstbookmark.com
    O1 - Hosts: 213.159.118.226 www.gajai.com
    O1 - Hosts: 213.159.118.226 www.hand-book.com
    O1 - Hosts: 213.159.118.226 www.hao123.com
    O1 - Hosts: 213.159.118.226 www.hotsearchbox.com
    O1 - Hosts: 213.159.118.226 www.hotwebsearch.com
    O1 - Hosts: 213.159.118.226 www.hugesearch.net
    O1 - Hosts: 213.159.118.226 www.iquicksearch.com
    O1 - Hosts: 213.159.118.226 www.lookfor.cc
    O1 - Hosts: 213.159.118.226 www.maxxxhosters.com
    O1 - Hosts: 213.159.118.226 www.naver.com
    O1 - Hosts: 213.159.118.226 www.nkvd.us
    O1 - Hosts: 213.159.118.226 www.nova****.com
    O1 - Hosts: 213.159.118.226 www.ohcorea.com
    O1 - Hosts: 213.159.118.226 www.omega-search.com
    O1 - Hosts: 213.159.118.226 www.onet.pl
    O1 - Hosts: 213.159.118.226 www.power-search.info
    O1 - Hosts: 213.159.118.226 www.rightfinder.net
    O1 - Hosts: 213.159.118.226 www.search-1.net
    O1 - Hosts: 213.159.118.226 www.search-and-go.com
    O1 - Hosts: 213.159.118.226 www.search-dot.com
    O1 - Hosts: 213.159.118.226 www.search-space.com
    O1 - Hosts: 213.159.118.226 www.searchforge.com
    O1 - Hosts: 213.159.118.226 www.searching-the-net.com
    O1 - Hosts: 213.159.118.226 www.searchv.com
    O1 - Hosts: 213.159.118.226 www.searchxl.com
    O1 - Hosts: 213.159.118.226 www.seznam.cz
    O1 - Hosts: 213.159.118.226 www.slotch.com
    O1 - Hosts: 213.159.118.226 www.spidersearch.com
    O1 - Hosts: 213.159.118.226 www.startium.com
    O1 - Hosts: 213.159.118.226 www.therealsearch.com
    O1 - Hosts: 213.159.118.226 www.ttjj.com
    O1 - Hosts: 213.159.118.226 www.viewpornkey.com
    O1 - Hosts: 213.159.118.226 www.wazzupnet.com
    O1 - Hosts: 213.159.118.226 www.websearch.com
    O1 - Hosts: 213.159.118.226 www.windowws.cc
    O1 - Hosts: 213.159.118.226 www.xgmm.com
    O1 - Hosts: 213.159.118.226 xwebsearch.biz
    O1 - Hosts: 213.159.118.226 yourbookmarks.ws
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [KBD MediaCenter] C:\Progra~1\Medias~1\Airboa~1\MediaCtr.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe
    O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
    O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
    O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
    O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
    O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
    O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra 'Tools' menuitem: Debt Solutions (HKLM)
    O13 - DefaultPrefix: http://freednshost.info/page/
    O13 - WWW Prefix: http://freednshost.info/page/
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.6879282407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O19 - User stylesheet: C:\WINDOWS\system32\d1.pwv

    btw, i only got the hijack this program yesterday, so most of the stuff on that I never heard of. Please help, this thing is getting on my nerves.


    EDIT:That thing that keeps popping up on my computer is there now, it says
    DANGER! You're in trouble!
    Warning: You have visited an illeagl Pedo site!
    Have you visited an illegal Pedo site by chance or deliberately? What is your supposed answer in the court? Maybe, at this very moment FBI, INTERPOL OR POLICE spy software installed in your computer is registering the addresses of the sites you visited or sending via Internet the photos depicted on your computer now. After the very big guys have taken your home by storm and switched your computer on, you will face very big problems. Have you ever thought what you'll answer in the court to the following question: " Have you visited an illegal PEDO site by chance or deliberately?" To avoid answering this question and facing very big problems use the package of professional software and services Privacy Out Post. Protect your privacy now!
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Yes............it would get on mine too:)

    Download and run CWshredder from http://www.thespykiller.co.uk/
    And remember to click "Fix" (Not "Scan only")

    Re-boot after.

    Then....

    Run hijackthis again and put a checkmark against what is left of these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows and "fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://213.159.118.226/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 213.159.118.226 1-se.com
    O1 - Hosts: 213.159.118.226 58q.com
    O1 - Hosts: 213.159.118.226 aifind.cc
    O1 - Hosts: 213.159.118.226 aifind.info
    O1 - Hosts: 213.159.118.226 allneedsearch.com
    O1 - Hosts: 213.159.118.226 approvedlinks.com
    O1 - Hosts: 213.159.118.226 auto.ie.searchforge.com
    O1 - Hosts: 213.159.118.226 awebfind.biz
    O1 - Hosts: 213.159.118.226 best.royalsearch.net
    O1 - Hosts: 213.159.118.226 cracks.am
    O1 - Hosts: 213.159.118.226 default-homepage-network.com
    O1 - Hosts: 213.159.118.226 find.microgirls.com
    O1 - Hosts: 213.159.118.226 find4u.net
    O1 - Hosts: 213.159.118.226 freshvideogals.com
    O1 - Hosts: 213.159.118.226 i-lookup.com
    O1 - Hosts: 213.159.118.226 ie-search.com
    O1 - Hosts: 213.159.118.226 in.webcounter.cc
    O1 - Hosts: 213.159.118.226 itseasy.us
    O1 - Hosts: 213.159.118.226 just.find-itnow.com
    O1 - Hosts: 213.159.118.226 link.startmake.com
    O1 - Hosts: 213.159.118.226 mysearchnow.com
    O1 - Hosts: 213.159.118.226 nativehardcore.com
    O1 - Hosts: 213.159.118.226 qwertysearch123.biz
    O1 - Hosts: 213.159.118.226 search.ieplugin.com
    O1 - Hosts: 213.159.118.226 search.psn.cn
    O1 - Hosts: 213.159.118.226 searchbar.findthewebsiteyouneed.com
    O1 - Hosts: 213.159.118.226 searchcentrix.com
    O1 - Hosts: 213.159.118.226 searchmyrequest.com
    O1 - Hosts: 213.159.118.226 super-spider.com
    O1 - Hosts: 213.159.118.226 t.rack.cc
    O1 - Hosts: 213.159.118.226 teen-biz.com
    O1 - Hosts: 213.159.118.226 teenhqpics.com
    O1 - Hosts: 213.159.118.226 tits.hardcore4ever.net
    O1 - Hosts: 213.159.118.226 webcoolsearch.com
    O1 - Hosts: 213.159.118.226 wmmse.com
    O1 - Hosts: 213.159.118.226 www.008i.com
    O1 - Hosts: 213.159.118.226 www.2fastsearch.net
    O1 - Hosts: 213.159.118.226 www.8095.com
    O1 - Hosts: 213.159.118.226 www.alfa-search.com
    O1 - Hosts: 213.159.118.226 www.boredlife.com
    O1 - Hosts: 213.159.118.226 www.couldnotfind.com
    O1 - Hosts: 213.159.118.226 www.cracks.am
    O1 - Hosts: 213.159.118.226 www.daum.net
    O1 - Hosts: 213.159.118.226 www.dreamwiz.com
    O1 - Hosts: 213.159.118.226 www.find-itnow.com
    O1 - Hosts: 213.159.118.226 www.find-itnow.com
    O1 - Hosts: 213.159.118.226 www.find4u.net
    O1 - Hosts: 213.159.118.226 www.firstbookmark.com
    O1 - Hosts: 213.159.118.226 www.gajai.com
    O1 - Hosts: 213.159.118.226 www.hand-book.com
    O1 - Hosts: 213.159.118.226 www.hao123.com
    O1 - Hosts: 213.159.118.226 www.hotsearchbox.com
    O1 - Hosts: 213.159.118.226 www.hotwebsearch.com
    O1 - Hosts: 213.159.118.226 www.hugesearch.net
    O1 - Hosts: 213.159.118.226 www.iquicksearch.com
    O1 - Hosts: 213.159.118.226 www.lookfor.cc
    O1 - Hosts: 213.159.118.226 www.maxxxhosters.com
    O1 - Hosts: 213.159.118.226 www.naver.com
    O1 - Hosts: 213.159.118.226 www.nkvd.us
    O1 - Hosts: 213.159.118.226 www.nova****.com
    O1 - Hosts: 213.159.118.226 www.ohcorea.com
    O1 - Hosts: 213.159.118.226 www.omega-search.com
    O1 - Hosts: 213.159.118.226 www.onet.pl
    O1 - Hosts: 213.159.118.226 www.power-search.info
    O1 - Hosts: 213.159.118.226 www.rightfinder.net
    O1 - Hosts: 213.159.118.226 www.search-1.net
    O1 - Hosts: 213.159.118.226 www.search-and-go.com
    O1 - Hosts: 213.159.118.226 www.search-dot.com
    O1 - Hosts: 213.159.118.226 www.search-space.com
    O1 - Hosts: 213.159.118.226 www.searchforge.com
    O1 - Hosts: 213.159.118.226 www.searching-the-net.com
    O1 - Hosts: 213.159.118.226 www.searchv.com
    O1 - Hosts: 213.159.118.226 www.searchxl.com
    O1 - Hosts: 213.159.118.226 www.seznam.cz
    O1 - Hosts: 213.159.118.226 www.slotch.com
    O1 - Hosts: 213.159.118.226 www.spidersearch.com
    O1 - Hosts: 213.159.118.226 www.startium.com
    O1 - Hosts: 213.159.118.226 www.therealsearch.com
    O1 - Hosts: 213.159.118.226 www.ttjj.com
    O1 - Hosts: 213.159.118.226 www.viewpornkey.com
    O1 - Hosts: 213.159.118.226 www.wazzupnet.com
    O1 - Hosts: 213.159.118.226 www.websearch.com
    O1 - Hosts: 213.159.118.226 www.windowws.cc
    O1 - Hosts: 213.159.118.226 www.xgmm.com
    O1 - Hosts: 213.159.118.226 xwebsearch.biz
    O1 - Hosts: 213.159.118.226 yourbookmarks.ws
    O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe
    O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
    O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1
    O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
    O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
    O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
    O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
    O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
    O13 - DefaultPrefix: http://freednshost.info/page/
    O13 - WWW Prefix: http://freednshost.info/page/
    O19 - User stylesheet: C:\WINDOWS\system32\d1.pwv

    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Locate and delete:
    C:\WINDOWS\svchost.exe [IN THAT EXACT LOCATION!]
    C:\WINDOWS\System32\internetfeatures.exe


    Post another log when done.
    ;)
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    The message is a scam........which person with a brain would fall for it????
    You would be surprised:D
    It should be gone after all the above is carried out.
    ;)
     
  6. Eric882

    Eric882

    Joined:
    Apr 8, 2004
    Messages:
    17
    Alright, though the two things you told me to delete were not there
    C:\WINDOWS\svchost.exe [IN THAT EXACT LOCATION!]
    C:\WINDOWS\System32\internetfeatures.exe
    rather that or I couldn't find them
    also some of the stuff that you told me to check when I run Hijack this wasn't there ether.
    And now my icons on my desktop and the start menu are not showing up (it just shows my bg and nothing else)
    EDIT:nevrmind, they showed up
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Ok....in HijackThis,hit the "config" tab and then "backups"......."restore".re-boot and see what happens....post another log and we will see what it puts back.
    ;)
     
  8. Eric882

    Eric882

    Joined:
    Apr 8, 2004
    Messages:
    17
    There's the new log file:

    Logfile of HijackThis v1.97.7
    Scan saved at 1:26:06 PM, on 4/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\HijackThis.exe

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [KBD MediaCenter] C:\Progra~1\Medias~1\Airboa~1\MediaCtr.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.6879282407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

    sorry for the trouble, if there was any

    EDIT:I didn't do the restore in hijack this
     
  9. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    No trouble at all.............thats a clean log..but how is your desktop and icons?

    CWShredder will have taken out the worst of the pests,so if you want to try a backup restore and see if your icons are back you can.
    ;)
     
  10. Eric882

    Eric882

    Joined:
    Apr 8, 2004
    Messages:
    17
    My desktop and icons are fine (all I did was restart my pc and the showed up). Thank you for the help. :)
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Your very welcome.........glad to help(y)
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218297

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice