casino pallazzo

I keep gettin a dialer that pops up closes my connection and tries to dial its connection. When I go to properties and then find target it comes up in desktop as casino pallazzo when I delete it it comes back.
Thank you for your help

 

Go to the Quicklinks down below in my signature. Download Ad-Aware and Spybot Search & Destroy. Get HijackThis from the below link.
http://www.richardthelionhearted.com/?url=merijn.richardthelionhearted.com
After installing Ad-Aware and Spybot, update both of them. Run Ad-Aware with a Custom Full Scan. Let it fix what if finds. Reboot. Then when you use Spybot, let it remove everything already checked off, reboot again.
Then unzip HJT into it's own folder, click on the Scan button. When it is done, the Scan button will say Save Log, click on it and it will open in Notepad. Post the entire log onto here. Do not do anything with HJT, yet. Advice will be given for what to do.

 

hijack log

Thank you for your reply I have done what you said and here is the log

Logfile of HijackThis v1.97.7
Scan saved at 6:52:54 PM, on 12/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inetsrv\services.exe
C:\windows\symantec32.exe
C:\WINDOWS\system32\wintime.exe
C:\WINDOWS\simple1.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\dllhlp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Rossi\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://youriskalka.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://youriskalka.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://youriskalka.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Rossi\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Rossi\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Rossi\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://youriskalka.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://youriskalka.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\inetsrv\services.exe
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {DCE8D121-2CE7-40A1-A63C-D8C314F00988} - C:\WINDOWS\System32\epill.dll
O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\System32\iihiha.dll
O4 - HKLM\..\Run: [regeditt] C:\windows\symantec32.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKLM\..\Run: [ist service uninstall x] C:\WINDOWS\simple1.exe /u
O4 - HKLM\..\RunServices: [regeditt] C:\windows\symantec32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: www.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

This will take several steps, to start lets go at it this way
Download cwsredder.exe dont use it yet. Link below.also download the newer version HijackThis v1.98.2 same link.

Download "delete scagent.zip" a zipped VBS file which will stop and disable then delete the service for that file.
by Mosaic1 and expert member
http://www.computercops.biz/modules.php?name=Forums&file=download&id=2236

(It Might help to print this out)
Unzip "delete scagent.vbs" and run it.

Make a new folder for example C:\Antospyware and PUT hijackthis there, this is important.
Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders) Then Hit fix checked.

Fix any unwanted R1's and R0's and any with aboutblank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\inetsrv\services.exe
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {DCE8D121-2CE7-40A1-A63C-D8C314F00988} - C:\WINDOWS\System32\epill.dll
O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\System32\iihiha.dll
O4 - HKLM\..\Run: [regeditt] C:\windows\symantec32.exe
O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKLM\..\Run: [ist service uninstall x] C:\WINDOWS\simple1.exe /u
O4 - HKLM\..\RunServices: [regeditt] C:\windows\symantec32.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: www.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
==============
run CWShredder.exe 1.59.1
http://radiosplace.com/ <<from there
Click Fix, don't just scan. You have several CoolWebSearch components which it should remove.
If you already have it, just download another copy and overwrite the old one..To ensure its the latest version.

Then restart the PC
Important Clear IE's cache via control panel internet options [delete files] button and mark the popup to also delete offline content
Provided you have just restarted, delete the contents of all your
temp folders, as in. Open C:\ then >
C:\documents and settings\(all your pc users)\local settings\temp
and the contents of the C:\windows\temp folder

Then post a new Log.

 

Thank you for your reply I have done exactly what you said step by step and here is my new log

Logfile of HijackThis v1.98.2
Scan saved at 9:39:32 PM, on 13/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inetsrv\services.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\windows\dllhlp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Rossi\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://youriskalka.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://youriskalka.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://youriskalka.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://youriskalka.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
F0 - system.ini: Shell=Explorer.exe C:\windows\symantec32.exe
F3 - REG:win.ini: run=C:\WINDOWS\inetsrv\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\digfilt.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdcpbn.dll
O21 - SSODL: System - {8A113EB3-18EB-49D9-B13E-1CD2846FADE7} - C:\WINDOWS\system32\system32.dll

 

You missed the last step. I reluctant to propose any fixs untill you do.

which brings up a question , did you run cwsredder and click fix, was it unziped if you downloaded the zipped package ?

In internet options >settings > view objects right click and chose remove these two activex controls
v2cab
MediaTicketsInstaller Control
these are new, so I have to also suggest to you to please do not visit any site that are not completlely safe atleast untill we get things cleaned up.

so post a new log from Hijackthis when it is not in a temp folder.

Make a new Folder for example C:\Dllconpare
Download Option^Explitics tool "Hidden Cws Scanner "
to that folder then run DllCompare.exe
http://download.broadbandmedic.com/DllCompare.exe
start it change from C:\windows\system32 to C:\windows then >
Click the >Run Locate.com< wait til finish's
then click compair wait for it to finish, then make log of what was found and post it please



also since a fix is going to involve using both Ad-Aware's latest version that has the latest updates and SpyBot to. we need to know what version you currently have ?