HI, somebody Help ME~!!!!!!!!!!!!!!
Everytime I type in a homepage address, the internet address is always preset with http://freednshost.info/page followed by the webpage name.
So for example, if I type in www.yahoo.com, the homepage reverts to
http://freednshost.info/page/www.yahoo.com this happens to every website. It doesn't seem to hijack the homepage, the homepage looks same under Tools=>Internet Option=> Homepage
but if I type in a new website addres, it always puts this prefix and the red banner. I really want to get rid of it.
The yahoo page does come up but I get a read banner for some free poker. I try to remove it and downloaded cwshredder, adware, and spyware but none of them fixed it and on top of that I can't seem to uninstall spyware. HOw can I remove spyware program and get rid of this annoying program?
Here is copy of my hijackthis.log file
Logfile of HijackThis v1.97.7
Scan saved at 5:03:10 PM, on 4/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\waoler.exe
C:\WINDOWS\System32\winipcfge.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RUND11.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\syste.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\cdauto.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\allison\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [McAffe Anti-Virus] winipcfge.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kaspersky Antivirus] C:\WINDOWS\RUND11.EXE
O4 - HKLM\..\Run: [Aoler] waoler.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [McAffe Anti-Virus] winipcfge.exe
O4 - HKLM\..\RunServices: [Aoler] waoler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\FcConnect.exe" PathFileguri /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Syste] C:\WINDOWS\system32\syste.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
O9 - Extra 'Tools' menuitem: Debt Solutions (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O13 - DefaultPrefix: http://freednshost.info/page/
O13 - WWW Prefix: http://freednshost.info/page/
O15 - Trusted Zone: *.yahoo.com
O15 - Trusted Zone: http://*.yahoo.com
O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\e1189.exe
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {3694F19D-ED4D-4DA8-BECD-26FB830753D1} (DCLinker Class) - http://www.norazo.com/dcdownload/dreamlinker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/150c825b718c51a97d00/netzip/RdxIE601.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl200.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38059.8613078704
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{875B9F6F-21E5-4647-9F3F-A4997F1CD919}: NameServer = 151.164.1.8 151.164.11.201
Please help me~!!!!!!!!!!!!!!!!
Everytime I type in a homepage address, the internet address is always preset with http://freednshost.info/page followed by the webpage name.
So for example, if I type in www.yahoo.com, the homepage reverts to
http://freednshost.info/page/www.yahoo.com this happens to every website. It doesn't seem to hijack the homepage, the homepage looks same under Tools=>Internet Option=> Homepage
but if I type in a new website addres, it always puts this prefix and the red banner. I really want to get rid of it.
The yahoo page does come up but I get a read banner for some free poker. I try to remove it and downloaded cwshredder, adware, and spyware but none of them fixed it and on top of that I can't seem to uninstall spyware. HOw can I remove spyware program and get rid of this annoying program?
Here is copy of my hijackthis.log file
Logfile of HijackThis v1.97.7
Scan saved at 5:03:10 PM, on 4/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\waoler.exe
C:\WINDOWS\System32\winipcfge.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RUND11.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\syste.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
D:\cdauto.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\allison\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [McAffe Anti-Virus] winipcfge.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kaspersky Antivirus] C:\WINDOWS\RUND11.EXE
O4 - HKLM\..\Run: [Aoler] waoler.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [McAffe Anti-Virus] winipcfge.exe
O4 - HKLM\..\RunServices: [Aoler] waoler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\FcConnect.exe" PathFileguri /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Syste] C:\WINDOWS\system32\syste.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
O9 - Extra 'Tools' menuitem: Debt Solutions (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O13 - DefaultPrefix: http://freednshost.info/page/
O13 - WWW Prefix: http://freednshost.info/page/
O15 - Trusted Zone: *.yahoo.com
O15 - Trusted Zone: http://*.yahoo.com
O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\e1189.exe
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {3694F19D-ED4D-4DA8-BECD-26FB830753D1} (DCLinker Class) - http://www.norazo.com/dcdownload/dreamlinker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/150c825b718c51a97d00/netzip/RdxIE601.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl200.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38059.8613078704
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{875B9F6F-21E5-4647-9F3F-A4997F1CD919}: NameServer = 151.164.1.8 151.164.11.201
Please help me~!!!!!!!!!!!!!!!!