0

Hi, first of thanks for this site, I am new and you are great . I was told to post this thread in this section :The problem started in the afternoon when I tried to check hotmail it was fine in the morning. Now I can't access hotmail from MSN explorer or Internet Explorer or Outlook. I did everyrthing I could fine that was recommended to do, clearing history, deleting cookies, removed IE and MSN and reloaded it etc. Anyway I downloaded another web browser OPERA yesterday and hotmail works fine although it hasn't solved the problem in IE. Also I did hijack this today and this is what came up, it is the first time I've run it :
Logfile of HijackThis v1.99.0
Scan saved at 12:27:11 PM, on 12/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
E:\Program Files\Webshots\webshots.scr
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1031.dll,InstantAccess
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D2CAF1-161D-44D7-92A7-530B40F57461}: NameServer = 192.168.20.1 192.168.20.3
O19 - User stylesheet: (file missing)
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

And I didn't delete anything because I'm not sure what it all means but if you have any help I will love you for it, I have spent 3 days on the web trying to find the solution with no avail except for the OPERA option.
Thanks and Merry Christmas to you,
Danielle.

5
Contributors
16
Replies
17
Views
12 Years
Discussion Span
Last Post by Danielle
0

You may wish to wait for someone else to confirm these instructions before you follow them.

Download and run the standalaone version of CWShredder: http://www.intermute.com/spysubtract/cwshredder_download.html

Next tick the following entries:
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1031.dll,InstantAccess
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
O19 - User stylesheet: (file missing)

Next reboot in safe mode by pressing f8 during bootup and delete the folder searchupgrader located in D:\Program Files\Common files\.

edit: empty recycle bin

Then reboot and post a new log.

0

D'oh! Dave beat me to it!

Go to Add/Remove Programs in your Control Panel and remove these if they are there:
SearchUpgrader
Webshots

Close all browser windows (IE, Opera, and any others you may have), scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [SearchUpgrader] D:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
(More info on this one here: http://www.liutilities.com/products/wintaskspro/processlibrary/SearchUpgrader/)
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
(More info: http://www.liutilities.com/products/wintaskspro/processlibrary/launcher/)
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
(DialerPlatform Dialer)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
(Netster)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O19 - User stylesheet: (file missing)

Reboot into Safe Mode

Go to D:\Program Files\Common files and delete this folder: SearchUpgrader

Reboot normally

Click on Start, Programs, Startup and if Webshots is there, delete it

Let us know if you know what these are:
D:\WINDOWS\SYSTEM32\Mounter.exe
NameServer = 192.168.20.1 192.168.20.3 <--- Is this your ISP?

Make sure all browser windows are closed, scan with HJT, and post a new log please.

Merry Christmas!!! :)

0

Thankyou for your time, I will try it and get back to you, I really appreciate you taking the time and giving your attention,
Greetings, Danielle :)

0

Hi there,
I followed your instructions.
1) I did the CW shredder and it said that I was clean and none of thhe things it looked for were present.
2) I ran HJT and removed the items that you recommended from the list and re booted in safe and tried to delete the Search upgrader file and when I pressed delete this is the message I recieved :
CANNOT DELETE SEARCH UPGRADER, ACCESS IS DENIED, MAKE SURE DISK IS NOT FULL OR WRITE PROTECTED AND THAT THE FILE IS NOT CURRENTLY INUSE.
This is while I was in safe mode.
I did not try to delete the file in normal mode, should I?
Here is the new HJT log :
Logfile of HijackThis v1.99.0
Scan saved at 6:28:09 PM, on 12/24/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea779957350a59606/netzip/RdxIE601.cab
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

As for the d:\WINDOES\SYSTEM32\Mounter.exe yes I do have a Mustek digital camera but I also typed it into the internet search and saw that other people had it in relationship to Netscape? I tried to download Netscape yesterday but the download was unsuceesful and I went for OPERA instead??
Also i tried to open Hotmail on IE and it still comes up blank.
Thanks for your attention and have a goodie :)

0

By the way I didn't delete the :
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/261ea77...ip/RdxIE601.cab
as recommended by dlh6213 as I wanted to ask yo if it would affect the operation of REAL player which I have installed on the system first plus, it wasn't on Dave's list of things to fix so I thought I'd reconfirm it with you :)

0

Hi there good people :)
I removed it from the list and this is my new log :
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D2CAF1-161D-44D7-92A7-530B40F57461}: NameServer = 192.168.20.1 192.168.20.3
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

By the way do you have any advice about how to delete the searchupgrader from D:/ I tried to do it in safemode as per your instructions but it said Access denied make sure that the disk isn't full or write protected and the file is not currently in use.
Shall I try to delete the files in normal op. mode?
I really hope I'll beable to access hotmail again on IE and MSN Thanks for your attention and time :))

0

it looks clean to me, but you still need to tick the R3 URLSearchHook entry.
Open Hijackthis, choose 'misc. tools', select 'delete a file on reboot' navigate to searchupgrader.exe file and select it. Then reboot and try to delete the folder.

Happy Christmas btw!

0

Danielle,

This entry in you HijackThis log indicates that you have at least 1 instance of Internet Explorer open when you ran HijackThis. HJT cannot fully perform all of its fixes while any instances of your web browser(s) are running, so you need to make sure all browsers are completely closed before having HJT fix anything. That said though, your latest log shows no signs of infection.

As for deleting the SearchUpgrader folder, you may have to go in to the folder and individually delete any files and sub-folders within the SearchUpgrader folder before you can delete the main folder itself. Try that, and if you find that you can't delete a certain file for some reason, tell us the name of that file.

--> Note- an odd quirk about Windows:

When you are viewing files/folders in Windows Explorer using the mode where Explorer displays the folder tree structure in a pane on the left and the contents of any selected folder in a pane on the right, it will sometimes not allow you to delete folders if you try to do it in the left-hand pane. If that's the case, go up one level in the left-hand folder tree so that the folder you want to delete is showing in the right-hand pane and try to delete it from there.

0

--> Note- an odd quirk about Windows:

When you are viewing files/folders in Windows Explorer using the mode where Explorer displays the folder tree structure in a pane on the left and the contents of any selected folder in a pane on the right, it will sometimes not allow you to delete folders if you try to do it in the left-hand pane. If that's the case, go up one level in the left-hand folder tree so that the folder you want to delete is showing in the right-hand pane and try to delete it from there.

I never knew that! Thanks for this tidbit. Reading all the posts pays off in the end. :)

0

I never knew that! Thanks for this tidbit...

Yeah, it's a weird thing which I haven't been able to quite nail down yet. It doesn't happen with all/any folders displayed in the left Explorer pane, but I know I've experienced the exact behaviour in both Win 2000 and XP. I'm not sure if I've had it happen in Win 9x or ME though; I don't deal with those version much anymore. :?::?:

0

Hi there and I trust you are enjoying your good selves :)
Please take a look at my newest HJT log :
Logfile of HijackThis v1.99.0
Scan saved at 12:26:46 PM, on 12/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

I managed to delete the Searchupgrader files too thanks for the advice.
Unfortuneately I cannot open Hotmail on IE or MSN at all still a blank page with done on the bottom left corner works fine with OPERA. I have cleared out all my Temp files and Interenet files too so I am really beginning to lose hope.
I was suggested to use Mozilla and forget about IE but that seems so defeatist to me and I am sure there is a solution to this Hotmail problem.
Thanks for all your time and attention and enjoy the festivities :)

0

Your log looks okay to me -- don't know what to do about your Hotmail & MSN, hopefully someone else will have some ideas.

Since you already have Opera, you don't need Mozilla -- unless you don't like Opera for some reason.

***Merry Christmas!***

1

Hi there,
I am sooooooo happy to say that I have hotmail on IE and MSN again.
I followed all the steps from the good people on this forum to clean out my computer but the hotmail problem wasn't solved until this afternoon so I think it was some isolated hotmail weirdness, I recieved this email from MSN support and followed it and voila hotmail is back in action so I have posted it for one and all :
I hope you have good fortune too :

By the way thanks to you guys at daniweb who really took the time and care to follow my thread, you rock :)

Danielle, please follow the steps below to address issues where MSN Hotmail does not properly load.
I. Check for firewall or filtering software interference
Look for an icon in the notification area on the right side of the taskbar (near the clock) for firewall or filtering software. If there is one, right click on it to check its properties.

If you are encountering difficulties signing in to MSN when you have the firewall enabled, we suggest that you contact the software manufacturer for assistance with configuring it to function with MSN.

Here are some of the most popular firewall programs and their contact information:

1. McAfee Personal Firewall - 1-900-454-6223
2. Norton Internet Security - 1-800-441-7234
3. Black Ice Defender - http://blackice.iss.net/customer_support.php
4. Zone Alarm - http://www.zonelabs.com/store/content/company/contact.jsp;jsessionid
II. Optimize Internet Explorer settings:

1. Click ‘Start’, ‘Run’ then type: ‘iexplore’ (without apostrophes)
2. Click ‘Tools’, ‘Internet Options’
3. Under General, click:

a. ‘Delete Cookies’, ‘OK’
b. ‘Delete Files’, ‘Delete all offline contents’, ‘OK’
c. ‘Clear History’, ‘Yes’
d. ‘Settings’, Adjust the amount to 300 MB, ‘OK’

4. Under Security, click ‘Internet’, ‘Default Level’, then ‘Apply’
5. Click ‘Privacy’, ‘Default’, then Apply
6. Under Content, click ‘AutoComplete’, ‘Clear Forms’, ‘Clear Passwords’ then ‘OK’
7. Under Connections, do the following: (skip these if you are using DSL)

a. Select the connection in the Dial-up and Virtual Private Network settings
b. Click ‘Settings’, uncheck all of the checkboxes, ‘OK’
c. Click ‘LAN Settings’, uncheck all of the checkboxes, ‘OK’

8. Under Advanced, click ‘Restore Default’, ‘Apply’, then ‘OK’
III. If the issue persists, please update Internet Explorer.

1. Connect to the Internet
2. Click ‘Start’, ‘Run’, then type: ‘iexplore’ (without apostrophes)
3. Download the updated version of Internet Explorer by going to http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en
4. Click ‘Download’

OPTION 2:

1. Connect to the Internet
2. Click ‘Start’, ‘Run’, then type: ‘iexplore’ (without apostrophes)
3. Go to http://www.microsoft.com/downloads/
4. Click on 'Internet Explorer 6 Service Pack 1' then click 'Download' button

The above information should help address your issue. If you have other concerns, please contact us again and we would be glad to assist you further.

Thank you for writing to MSN Internet Access Technical Support.

Votes + Comments
Thanks for sharing, Danielle, you rock! -- dlh
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.