persistent IE hijacker.... need help to eliminate!
 

i've picked a disease that just won't go away.... i 've tried spybot, spyware, spyguad, CWshredder and the damn thing just won't go away

everytime i try to open this ur:
res://wzszd.dll/index.html#96676

tries to become the home page. a varient of the url tries to become ie's search page

any ideas on how to get rid of this sucker?

thanks

What page is it taking you to?

http://www.spychecker.com/program/hijackthis.html
Try this it should do the trick for you. Hijackthis!

Ad-aware 6.0 :thumbsup

:thumbsup

noadware.net finds things adaware and spysweeper dont, and theres this thing called "bazooka" that finds the problem, but only tells you how to get rid of it manually.

adaware ive found doesnt find as much stuff as spysweeper and noadware. spysweeper also takes forever to run, whereas adaware runs extremely fast.

i've tried adware, spybot, spycatcher.. cwshredder.... edited the registry...

nothing's working so far. :(

Hijackthis would not remove it?

If it's the same shit i had...You need to get rid of it with Norton in safe mode. This is surely an EPS system software. Read this, you will need hijackthis:

http://forum.gladiator-antivirus.com...howtopic=14946

http://forums.thetechguys.com/showth...?t=5322&page=2

It would have install a couple of files with cax filename in it, like cax.dll , msrtcax.exe, and a cax plugin in downloadedprogram folder in Windows folder.

hijackthis is what you need bro

google engineers will help if you send them the hijackthis output. Hint, make google you're home page 1st or try anyway. At least tell it was.....

prob with regedit is they prolly use some IP addresses or other sneaky tricks.


Other than that reformat the harddrive and start over.

check your hosts file to make sure your real homepage is not
redirected.

Get Mozilla firefox. I know I know. You have heard it before. The latest release of Firfox is sweet though and doesn't fuck up pages. Added bonus... NO FUCKING HIJACKS. I recently switched to it a few weeks ago and fucking love it. I was a huge IE advocate until then. Tab browsing rules. No hijacked shit rules even more. No constant patches due to ever increasing exploits rules even more. I will never go back to IE.

Install this....and post the results and we wil help you.


http://www.spywareinfo.com/~merijn/files/HijackThis.exe

wow ive got the exact same problem!:feels-hot

here's the hijackthis log as requested:

Logfile of HijackThis v1.97.7
Scan saved at 1:28:26 PM, on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\system32\msme.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\WINDOWS\apist32.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\junk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wzszd.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\wzszd.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wzszd.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\wzszd.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://news.bbc.co.uk/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Aryeh Meir\Application Data\Mozilla\Profiles\default\nslohror.slt\prefs.j s)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FE085492-8FA7-A758-02DC-5ACA50A28BEB} - C:\WINDOWS\apist32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [apist32.exe] C:\WINDOWS\apist32.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [msme.exe] C:\WINDOWS\system32\msme.exe
O4 - HKLM\..\RunOnce: [ipio32.exe] C:\WINDOWS\ipio32.exe
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-sp.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-sp.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Pop-Up Blocker (HKLM)
O9 - Extra 'Tools' menuitem: Pop-Up Blocker (HKLM)
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

______________

now... what to make of it?