Solve : 2 problems :p?

1.	Solve : 2 problems :p?
Answer» Hi, I have 2 problems with teh interweb. firstly, my homepage (www.msn.co.uk) keeps being hijacked by www.search2web.com and I have no idea how to stop this. secondly, I cant get MS Outlook to recognise my web-based hotmail email account. I go on tools..email accounts..Add account... HTTP account...type in all my details inc. password, email address, username and I then chose hotmail as my HTTP service provider..and Voila! 'connection to the server could not be made (www.msn.com/hotmail/blahblahblah/etc.etc :the server is offline mode') censored??! I signed in through www.hotmail.co.uk and suprise suprise, I logged in without incident if we're being honest though, I didn't really know what i was doing... Quote 1. my homepage (www.msn.co.uk) keeps being hijacked by www.search2web.com and I have no idea how to stop this. 2. I cant get MS Outlook to recognise my web-based hotmail email account. I go on tools..email accounts..Add account... HTTP account... Use CWShredder. 1. Anti spy/malware Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. Spybot Search & Destroy -- Anti spyware scanner Adaware SE Personal -- Anti spyware scanner Removal tools The following files are not substitutes for the ones described above. They are either diagnostic tools or removal tools for malware of a certain kind HijackThis -- Manual malware remover. Post the HijackThis log generated only if requested! McAfee Stinger -- Virus removal tool. No substitute for a fully functional virus scanner! CWshredder -- CoolWebSearch removal tool. Widely known and persistant Hijacker. 2. You may need to enable POP forwarding in your Hotmail account or you have not selected the correct ports in Outlook.Both your problems maybe related to someone hi-jacking your home page... See this helps you, to overcome your problem..ok >>http://www.wilderssecurity.net/bhblaster.htmlhi again after trying out all the programmes listed above, the one that worked the best was ad-aware. It detected something called lop, and www.lop.com is the same as www.search2web.com, the page that was hi-jacking my browser...But, a toolbar has appeared. It sits just above the taskbar and right click>>properties shows that it comes from www.lop.com/etc etc.. the CROSS button is just a picture and therefore does nothing. there is no way that I know of to get rid of it, ad-aware says there are no more threats from lop, in fact it says there are no more adware threats on my computer at all...how do I get rid of this toolbar? it obstructs windows and gets in the way and is a real pain.magic plank..... The best tool for removing a browser hijacker is ....hijackthis........ get it at .... http://www.majorgeeks.com/download3155.html Download it to your desktop and then run it and post the scan log it PRODUCES here for us to examine . BTW ...what operating system are you using ? dl65 here is half of the scan...im running xp home edition...the log is V. long, if its too long i'll delete the message Code: [Select]Scan saved at 19:54:43, on 02/09/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\WService.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\pete\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {D1BC4781-B928-AFE5-E5C1-840A50AB8F88} - C:\DOCUME~1\pete\APPLIC~1\PROXYP~1\MathNoun.exe O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Documents and Settings\pete\My Documents\Matthew\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"code part II: Code: [Select]O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Microsoft Application Manager] msapl32.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WService] WService.EXE O4 - HKLM\..\Run: [Save TRAY Flaw Size] C:\Documents and Settings\All Users\Application Data\WAY DEFAULT SAVE TRAY\FileTons.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Driver Manager] mswindrv.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing) (HKCU) O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,76/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,16/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBF0198-E3CC-422E-A178-8935EF9848E9}: NameServer = 194.74.65.68 194.72.0.114 O17 - HKLM\System\CS1\Services\Tcpip\..\{6DBF0198-E3CC-422E-A178-8935EF9848E9}: NameServer = 194.74.65.68 194.72.0.114 O17 - HKLM\System\CS2\Services\Tcpip\..\{6DBF0198-E3CC-422E-A178-8935EF9848E9}: NameServer = 194.74.65.68 194.72.0.114 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exemagic plank.....Ok .....I see a number of entries which may be causing the issue ....... I would shutdown and then boot back up in safe mode . I would mark for removal the following ....... R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {D1BC4781-B928-AFE5-E5C1-840A50AB8F88} - C:\DOCUME~1\pete\APPLIC~1\PROXYP~1\MathNoun.exe O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing) O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab 017 .......all 3 entries click fix marked ..........and then shut down and reboot into normal mode and see how things are ........... if the hijacker is still there post a new scan ..... dl65 O16 is probably valid. That plugin is used to download and print sheet music. Deleteing the entry will likely screw up the plug in.

Answer»

Hi, I have 2 problems with teh interweb.
firstly, my homepage (www.msn.co.uk) keeps being hijacked by www.search2web.com and I have no idea how to stop this.
secondly, I cant get MS Outlook to recognise my web-based hotmail email account. I go on tools..email accounts..Add account... HTTP account...type in all my details inc. password, email address, username and I then chose hotmail as my HTTP service provider..and Voila! 'connection to the server could not be made (www.msn.com/hotmail/blahblahblah/etc.etc :the server is offline mode')
*censored*??!
I signed in through www.hotmail.co.uk and suprise suprise, I logged in without incident
if we're being honest though, I didn't really know what i was doing...
Quote

1. my homepage (www.msn.co.uk) keeps being hijacked by www.search2web.com and I have no idea how to stop this.

2. I cant get MS Outlook to recognise my web-based hotmail email account. I go on tools..email accounts..Add account... HTTP account...

Use CWShredder.

1. Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.

2. You may need to enable POP forwarding in your Hotmail account or you have not selected the correct ports in Outlook.Both your problems maybe related to someone hi-jacking your home page...

See this helps you, to overcome your problem..ok

>>http://www.wilderssecurity.net/bhblaster.htmlhi again
after trying out all the programmes listed above, the one that worked the best was ad-aware. It detected something called lop, and www.lop.com is the same as www.search2web.com, the page that was hi-jacking my browser...But, a toolbar has appeared. It sits just above the taskbar and right click>>properties shows that it comes from www.lop.com/etc etc.. the CROSS button is just a picture and therefore does nothing. there is no way that I know of to get rid of it, ad-aware says there are no more threats from lop, in fact it says there are no more adware threats on my computer at all...how do I get rid of this toolbar? it obstructs windows and gets in the way and is a real pain.magic plank..... The best tool for removing a browser hijacker is ....hijackthis........ get it at .... http://www.majorgeeks.com/download3155.html
Download it to your desktop and then run it and post the scan log it PRODUCES here for us to examine .
BTW ...what operating system are you using ?

dl65 here is half of the scan...im running xp home edition...the log is V. long, if its too long i'll delete the message

Code: [Select]Scan saved at 19:54:43, on 02/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pete\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D1BC4781-B928-AFE5-E5C1-840A50AB8F88} - C:\DOCUME~1\pete\APPLIC~1\PROXYP~1\MathNoun.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Documents and Settings\pete\My Documents\Matthew\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"code part II:

Code: [Select]O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Application Manager] msapl32.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Save TRAY Flaw Size] C:\Documents and Settings\All Users\Application Data\WAY DEFAULT SAVE TRAY\FileTons.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Driver Manager] mswindrv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,76/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,16/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBF0198-E3CC-422E-A178-8935EF9848E9}: NameServer = 194.74.65.68 194.72.0.114
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DBF0198-E3CC-422E-A178-8935EF9848E9}: NameServer = 194.74.65.68 194.72.0.114
O17 - HKLM\System\CS2\Services\Tcpip\..\{6DBF0198-E3CC-422E-A178-8935EF9848E9}: NameServer = 194.74.65.68 194.72.0.114
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exemagic plank.....Ok .....I see a number of entries which may be causing the issue .......

I would shutdown and then boot back up in safe mode .

I would mark for removal the following .......

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D1BC4781-B928-AFE5-E5C1-840A50AB8F88} - C:\DOCUME~1\pete\APPLIC~1\PROXYP~1\MathNoun.exe

O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing)

O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Documents and Settings\pete\My Documents\mattys' doc's\picgrabber\PICGRABBER.EXE (file missing)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

017 .......all 3 entries

click fix marked ..........and then shut down and reboot into normal mode and see how things are ........... if the hijacker is still there post a new scan .....

dl65

O16 is probably valid. That plugin is used to download and print sheet music. Deleteing the entry will likely screw up the plug in.

Solve : 2 problems :p?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment