Last Saturday I DLd Kazaa an now when I search incorrectly i get hit with Xnredor (spelling?) an Slotch unsure on what to do but was reading post an it seems you can help DLd HJthis an this is my log Logfile of HijackThis v1.94.0 Scan saved at 12:35:21 AM, on 6/20/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://super-websearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.attbi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://search.xrenoder.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-us4.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.searchv.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.searchv.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-us4.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchv.com/search.php?qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://search.xrenoder.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm O1 - Hosts: 193.125.201.50 msn.com O1 - Hosts: 193.125.201.50 search.msn.com O1 - Hosts: 193.125.201.50 auto.search.msn.com O1 - Hosts: 193.125.201.50 ie.search.msn.com O1 - Hosts: 193.125.201.46 thehun.net O1 - Hosts: 193.125.201.46 www.thehun.net O1 - Hosts: 193.125.201.46 thehun.com O1 - Hosts: 193.125.201.46 www.thehun.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe O4 - HKLM\..\Run: [spool lptt01] "C:\Program Files\spool\spool.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: MktBrowser (HKLM) O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir_nr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab THanks any help is good help Mike
Hi Squaar, Welcome at Wilders. First: download and run RapidBlaster Killer. Info and downloadlink can be found here: http://www.wilderssecurity.net/specialinfo/rapidblaster.html Then check the items listed below in HijackThis, then close all windows except HijackThis and click Fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://super-websearch.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://search.xrenoder.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.searchv.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.searchv.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.searchv.com/search.php?qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://search.xrenoder.com O1 - Hosts: 193.125.201.50 msn.com O1 - Hosts: 193.125.201.50 search.msn.com O1 - Hosts: 193.125.201.50 auto.search.msn.com O1 - Hosts: 193.125.201.50 ie.search.msn.com O1 - Hosts: 193.125.201.46 thehun.net O1 - Hosts: 193.125.201.46 O1 - Hosts: 193.125.201.46 thehun.com O1 - Hosts: 193.125.201.46 O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing) O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [spool lptt01] "C:\Program Files\spool\spool.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - ht tp://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab Reboot after doing so, preferably into safe mode and delete this folder: C:\Program Files\ISTsvc Make a new HijackThis log to check if everything is really gone. Especially the R1 entries tend to take a few tries to get completely rid off. You may want to download either AdAware 6 or Spybot S&D to clean out the remains. Regards, Pieter
Well all smiles an cheers now It worked almost perfectly with the exception of O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe Wouldnt dissappear an after a few moments of checking my Processes I ended the Istvc.exe, ran HJthis an bingo gone an hopefully forever thanks for the help an advice Eternally grateful Mike