943,981 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Hijack log attached :Cannot access hotmail on IE or MSN explorer
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Dec 24th, 2004
0

Hijack log attached :Cannot access hotmail on IE or MSN explorer

Expand Post »
Hi, first of thanks for this site, I am new and you are great . I was told to post this thread in this section :The problem started in the afternoon when I tried to check hotmail it was fine in the morning. Now I can't access hotmail from MSN explorer or Internet Explorer or Outlook. I did everyrthing I could fine that was recommended to do, clearing history, deleting cookies, removed IE and MSN and reloaded it etc. Anyway I downloaded another web browser OPERA yesterday and hotmail works fine although it hasn't solved the problem in IE. Also I did hijack this today and this is what came up, it is the first time I've run it :
Logfile of HijackThis v1.99.0
Scan saved at 12:27:11 PM, on 12/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
E:\Program Files\Webshots\webshots.scr
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1031.dll,InstantAccess
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D2CAF1-161D-44D7-92A7-530B40F57461}: NameServer = 192.168.20.1 192.168.20.3
O19 - User stylesheet: (file missing)
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

And I didn't delete anything because I'm not sure what it all means but if you have any help I will love you for it, I have spent 3 days on the web trying to find the solution with no avail except for the OPERA option.
Thanks and Merry Christmas to you,
Danielle.
Similar Threads
Reputation Points: 11
Solved Threads: 0
Junior Poster in Training
Danielle is offline Offline
58 posts
since Dec 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

You may wish to wait for someone else to confirm these instructions before you follow them.

Download and run the standalaone version of CWShredder: http://www.intermute.com/spysubtract..._download.html

Next tick the following entries:
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1031.dll,InstantAccess
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
O19 - User stylesheet: (file missing)

Next reboot in safe mode by pressing f8 during bootup and delete the folder searchupgrader located in D:\Program Files\Common files\.

edit: empty recycle bin

Then reboot and post a new log.
Last edited by DaveSW; Dec 24th, 2004 at 6:42 am. Reason: broken link
Reputation Points: 54
Solved Threads: 20
Master Poster
DaveSW is offline Offline
765 posts
since Jul 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

D'oh! Dave beat me to it!

Go to Add/Remove Programs in your Control Panel and remove these if they are there:
SearchUpgrader
Webshots

Close all browser windows (IE, Opera, and any others you may have), scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
(More info on this one here: http://www.liutilities.com/products/...earchUpgrader/)
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
(More info: http://www.liutilities.com/products/...rary/launcher/)
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
(DialerPlatform Dialer)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
(Netster)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O19 - User stylesheet: (file missing)

Reboot into Safe Mode

Go to D:\Program Files\Common files and delete this folder: SearchUpgrader

Reboot normally

Click on Start, Programs, Startup and if Webshots is there, delete it

Let us know if you know what these are:
D:\WINDOWS\SYSTEM32\Mounter.exe
NameServer = 192.168.20.1 192.168.20.3 <--- Is this your ISP?

Make sure all browser windows are closed, scan with HJT, and post a new log please.

Merry Christmas!!!
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

I think mounter.exe may be related to a Mustek digital camera - the description on the 04 entry corresponds to http://www.ciao.co.uk/Mustek_MDC_3000__5303302
Reputation Points: 54
Solved Threads: 20
Master Poster
DaveSW is offline Offline
765 posts
since Jul 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

Thankyou for your time, I will try it and get back to you, I really appreciate you taking the time and giving your attention,
Greetings, Danielle
Reputation Points: 11
Solved Threads: 0
Junior Poster in Training
Danielle is offline Offline
58 posts
since Dec 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

Hi there,
I followed your instructions.
1) I did the CW shredder and it said that I was clean and none of thhe things it looked for were present.
2) I ran HJT and removed the items that you recommended from the list and re booted in safe and tried to delete the Search upgrader file and when I pressed delete this is the message I recieved :
CANNOT DELETE SEARCH UPGRADER, ACCESS IS DENIED, MAKE SURE DISK IS NOT FULL OR WRITE PROTECTED AND THAT THE FILE IS NOT CURRENTLY INUSE.
This is while I was in safe mode.
I did not try to delete the file in normal mode, should I?
Here is the new HJT log :
Logfile of HijackThis v1.99.0
Scan saved at 6:28:09 PM, on 12/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea779...p/RdxIE601.cab
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

As for the d:\WINDOES\SYSTEM32\Mounter.exe yes I do have a Mustek digital camera but I also typed it into the internet search and saw that other people had it in relationship to Netscape? I tried to download Netscape yesterday but the download was unsuceesful and I went for OPERA instead??
Also i tried to open Hotmail on IE and it still comes up blank.
Thanks for your attention and have a goodie
Reputation Points: 11
Solved Threads: 0
Junior Poster in Training
Danielle is offline Offline
58 posts
since Dec 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

By the way I didn't delete the :
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
as recommended by dlh6213 as I wanted to ask yo if it would affect the operation of REAL player which I have installed on the system first plus, it wasn't on Dave's list of things to fix so I thought I'd reconfirm it with you
Reputation Points: 11
Solved Threads: 0
Junior Poster in Training
Danielle is offline Offline
58 posts
since Dec 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

it is on my list... I think... In any case it's netster spyware that needs to go
Reputation Points: 54
Solved Threads: 20
Master Poster
DaveSW is offline Offline
765 posts
since Jul 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

Hi there good people
I removed it from the list and this is my new log :
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D2CAF1-161D-44D7-92A7-530B40F57461}: NameServer = 192.168.20.1 192.168.20.3
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

By the way do you have any advice about how to delete the searchupgrader from D:/ I tried to do it in safemode as per your instructions but it said Access denied make sure that the disk isn't full or write protected and the file is not currently in use.
Shall I try to delete the files in normal op. mode?
I really hope I'll beable to access hotmail again on IE and MSN Thanks for your attention and time )
Last edited by Danielle; Dec 24th, 2004 at 3:00 pm. Reason: made a mistake
Reputation Points: 11
Solved Threads: 0
Junior Poster in Training
Danielle is offline Offline
58 posts
since Dec 2004
Permalink
Dec 24th, 2004
0

Re: Hijack log attached :Cannot access hotmail on IE or MSN explorer

it looks clean to me, but you still need to tick the R3 URLSearchHook entry.
Open Hijackthis, choose 'misc. tools', select 'delete a file on reboot' navigate to searchupgrader.exe file and select it. Then reboot and try to delete the folder.

Happy Christmas btw!
Reputation Points: 54
Solved Threads: 20
Master Poster
DaveSW is offline Offline
765 posts
since Jul 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: extreme problems!
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: I've tried everything, now what?





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC