Hijacked... http://v73.us/

  1. 19-02-2005  #1
    teile
    teile is offline Newbie

    Hijacked... http://v73.us/

    Ok here is the deal apparently i have some sort of psywhere on my computr that keep my home page as this stupid http://v73.us/ site. I have tried everything i can think of to fix this problem. ran multiple spyware program ect.. any idea's how i can get rid of this. Ive read through some of the other post about this problem and the resolutios on them did not work for me.

    here is my hijackthis log


    Logfile of HijackThis v1.99.1
    Scan saved at 4:04:04 PM, on 2/19/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\System32\nvsvc32.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User1\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us
    O1 - Hosts: 65.125.226.82 http://yahoo.com
    O1 - Hosts: 65.125.226.82 http://google.com
    O1 - Hosts: 65.125.226.82 http://lycos.com
    O1 - Hosts: 65.125.226.82 http://altavista.com
    O1 - Hosts: 65.125.226.82 http://msn.com
    O1 - Hosts: 65.125.226.82 http://search.msn.com
    O1 - Hosts: 65.125.226.82 http://cnn.com
    O1 - Hosts: 65.125.226.82 http://excite.com
    O1 - Hosts: 65.125.226.82 http://alltheweb.com
    O1 - Hosts: 65.125.226.82 http://looksmart.com
    O1 - Hosts: 65.125.226.82 http://northernlight.com
    O1 - Hosts: 65.125.226.82 http://alexa.com
    O1 - Hosts: 65.125.226.82 http://search.aol.com
    O1 - Hosts: 65.125.226.82 http://epilot.com
    O1 - Hosts: 65.125.226.82 http://hotbot.com
    O1 - Hosts: 65.125.226.82 http://search.netscape.com
    O1 - Hosts: 65.125.226.82 http://infospace.com
    O1 - Hosts: 65.125.226.82 http://www.epilot.com
    O1 - Hosts: 65.125.226.82 http://www.hotbot.com
    O1 - Hosts: 65.125.226.82 http://www.infospace.com
    O1 - Hosts: 65.125.226.82 http://www.cnn.com
    O1 - Hosts: 65.125.226.82 http://www.msn.com
    O1 - Hosts: 65.125.226.82 http://www.altavista.com
    O1 - Hosts: 65.125.226.82 http://www.lycos.com
    O1 - Hosts: 65.125.226.82 http://www.google.com
    O1 - Hosts: 65.125.226.82 http://www.yahoo.com
    O1 - Hosts: 65.125.226.82 http://www.alexa.com
    O1 - Hosts: 65.125.226.82 http://www.excite.com
    O1 - Hosts: 65.125.226.82 http://www.alltheweb.com
    O1 - Hosts: 65.125.226.82 http://www.looksmart.com
    O1 - Hosts: 65.125.226.82 http://www.northernlight.com
    O1 - Hosts: 65.125.226.85 http://thehun.com
    O1 - Hosts: 65.125.226.85 http://thehun.net
    O1 - Hosts: 65.125.226.85 http://worldsex.com
    O1 - Hosts: 65.125.226.85 http://al4a.com
    O1 - Hosts: 65.125.226.85 http://book-mark.net
    O1 - Hosts: 65.125.226.85 http://easypic.com
    O1 - Hosts: 65.125.226.85 http://call-kelly.com
    O1 - Hosts: 65.125.226.85 http://sleazydream.com
    O1 - Hosts: 65.125.226.85 http://amplandmovies.com
    O1 - Hosts: 65.125.226.85 http://mature-post.com
    O1 - Hosts: 65.125.226.85 http://www.thehun.com
    O1 - Hosts: 65.125.226.85 http://www.thehun.net
    O1 - Hosts: 65.125.226.85 http://www.worldsex.com
    O1 - Hosts: 65.125.226.85 http://www.al4a.com
    O1 - Hosts: 65.125.226.85 http://www.book-mark.net
    O1 - Hosts: 65.125.226.85 http://www.easypic.com
    O1 - Hosts: 65.125.226.85 http://www.call-kelly.com
    O1 - Hosts: 65.125.226.85 http://www.sleazydream.com
    O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com
    O1 - Hosts: 65.125.226.85 http://www.mature-post.com
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [winpipe] C:\windows\notepade.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) - http://4.40.128.96:8180/007/hhctrl.ocx
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/080ed15e...p/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102386803125
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O21 - SSODL: eplrr9 - {94BD13FF-A2A3-4439-895A-994AB8B64D3E} - C:\WINDOWS\System32\mspdnx.dll
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

  3. 24-02-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Sorry about the response time.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us
    O1 - Hosts: 65.125.226.82 http://yahoo.com
    O1 - Hosts: 65.125.226.82 http://google.com
    O1 - Hosts: 65.125.226.82 http://lycos.com
    O1 - Hosts: 65.125.226.82 http://altavista.com
    O1 - Hosts: 65.125.226.82 http://msn.com
    O1 - Hosts: 65.125.226.82 http://search.msn.com
    O1 - Hosts: 65.125.226.82 http://cnn.com
    O1 - Hosts: 65.125.226.82 http://excite.com
    O1 - Hosts: 65.125.226.82 http://alltheweb.com
    O1 - Hosts: 65.125.226.82 http://looksmart.com
    O1 - Hosts: 65.125.226.82 http://northernlight.com
    O1 - Hosts: 65.125.226.82 http://alexa.com
    O1 - Hosts: 65.125.226.82 http://search.aol.com
    O1 - Hosts: 65.125.226.82 http://epilot.com
    O1 - Hosts: 65.125.226.82 http://hotbot.com
    O1 - Hosts: 65.125.226.82 http://search.netscape.com
    O1 - Hosts: 65.125.226.82 http://infospace.com
    O1 - Hosts: 65.125.226.82 http://www.epilot.com
    O1 - Hosts: 65.125.226.82 http://www.hotbot.com
    O1 - Hosts: 65.125.226.82 http://www.infospace.com
    O1 - Hosts: 65.125.226.82 http://www.cnn.com
    O1 - Hosts: 65.125.226.82 http://www.msn.com
    O1 - Hosts: 65.125.226.82 http://www.altavista.com
    O1 - Hosts: 65.125.226.82 http://www.lycos.com
    O1 - Hosts: 65.125.226.82 http://www.google.com
    O1 - Hosts: 65.125.226.82 http://www.yahoo.com
    O1 - Hosts: 65.125.226.82 http://www.alexa.com
    O1 - Hosts: 65.125.226.82 http://www.excite.com
    O1 - Hosts: 65.125.226.82 http://www.alltheweb.com
    O1 - Hosts: 65.125.226.82 http://www.looksmart.com
    O1 - Hosts: 65.125.226.82 http://www.northernlight.com
    O1 - Hosts: 65.125.226.85 http://thehun.com
    O1 - Hosts: 65.125.226.85 http://thehun.net
    O1 - Hosts: 65.125.226.85 http://worldsex.com
    O1 - Hosts: 65.125.226.85 http://al4a.com
    O1 - Hosts: 65.125.226.85 http://book-mark.net
    O1 - Hosts: 65.125.226.85 http://easypic.com
    O1 - Hosts: 65.125.226.85 http://call-kelly.com
    O1 - Hosts: 65.125.226.85 http://sleazydream.com
    O1 - Hosts: 65.125.226.85 http://amplandmovies.com
    O1 - Hosts: 65.125.226.85 http://mature-post.com
    O1 - Hosts: 65.125.226.85 http://www.thehun.com
    O1 - Hosts: 65.125.226.85 http://www.thehun.net
    O1 - Hosts: 65.125.226.85 http://www.worldsex.com
    O1 - Hosts: 65.125.226.85 http://www.al4a.com
    O1 - Hosts: 65.125.226.85 http://www.book-mark.net
    O1 - Hosts: 65.125.226.85 http://www.easypic.com
    O1 - Hosts: 65.125.226.85 http://www.call-kelly.com
    O1 - Hosts: 65.125.226.85 http://www.sleazydream.com
    O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com
    O1 - Hosts: 65.125.226.85 http://www.mature-post.com
    O4 - HKLM\..\Run: [winpipe] C:\windows\notepade.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/080ed15...ip/RdxIE601.cab
    O21 - SSODL: eplrr9 - {94BD13FF-A2A3-4439-895A-994AB8B64D3E} - C:\WINDOWS\System32\mspdnx.dll

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files and folders:
    C:\windows\notepade.exe
    C:\WINDOWS\System32\mspdnx.dll

    Reboot and post a fresh log
+ Reply to Thread
« Hijacked this Log | Hijack This log to analyze »