1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus help

Discussion in 'Virus & Other Malware Removal' started by calvin183, Oct 4, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. calvin183

    calvin183 Thread Starter

    Joined:
    Oct 4, 2003
    Messages:
    41
    I have a SPYBOT.B virus on my comp. and I dont know how to get rid of it. I downloaded HJT and here is the log.


    Logfile of HijackThis v1.97.2
    Scan saved at 7:51:37 AM, on 10/4/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\TESTING.EXE
    C:\WINDOWS\System32\SCANREGWIN.EXE
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\ClearSearch\Loader.exe
    C:\WINDOWS\webassist.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SBC\Connection Manager\CManager.exe
    C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Derrick\Desktop\procexp.exe
    C:\Documents and Settings\Derrick\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201056637731389
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://stopxxxpics.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://stopxxxpics.com
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 66.159.20.80 www1.ndhosting.com
    O1 - Hosts: 66.159.20.80 www3.ndhosting.com
    O1 - Hosts: 66.159.20.80 www2.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.kinghost.com
    O1 - Hosts: 66.159.20.80 kinghost.com
    O1 - Hosts: 66.159.20.80 www1.kinghost.com
    O1 - Hosts: 66.159.20.80 www2.kinghost.com
    O1 - Hosts: 66.159.20.80 www3.kinghost.com
    O1 - Hosts: 66.159.20.80 www4.kinghost.com
    O1 - Hosts: 66.159.20.80 www5.kinghost.com
    O1 - Hosts: 66.159.20.80 www6.kinghost.com
    O1 - Hosts: 66.159.20.80 www7.kinghost.com
    O1 - Hosts: 66.159.20.80 www8.kinghost.com
    O1 - Hosts: 66.159.20.80 www9.kinghost.com
    O1 - Hosts: 66.159.20.80 www10.kinghost.com
    O1 - Hosts: 66.159.20.80 www.smutserver.com
    O1 - Hosts: 66.159.20.80 smutserver.com
    O1 - Hosts: 66.159.20.80 www1.smutserver.com
    O1 - Hosts: 66.159.20.80 www2.smutserver.com
    O1 - Hosts: 66.159.20.80 www16.smutserver.com
    O1 - Hosts: 66.159.20.80 www3.smutserver.com
    O1 - Hosts: 66.159.20.80 www4.smutserver.com
    O1 - Hosts: 66.159.20.80 www5.smutserver.com
    O1 - Hosts: 66.159.20.80 www6.smutserver.com
    O1 - Hosts: 66.159.20.80 www7.smutserver.com
    O1 - Hosts: 66.159.20.80 www8.smutserver.com
    O1 - Hosts: 66.159.20.80 www9.smutserver.com
    O1 - Hosts: 66.159.20.80 www10.smutserver.com
    O1 - Hosts: 66.159.20.80 www11.smutserver.com
    O1 - Hosts: 66.159.20.80 www12.smutserver.com
    O1 - Hosts: 66.159.20.80 www13.smutserver.com
    O1 - Hosts: 66.159.20.80 www14.smutserver.com
    O1 - Hosts: 66.159.20.80 www15.smutserver.com
    O1 - Hosts: 66.159.20.80 www17.smutserver.com
    O1 - Hosts: 66.159.20.80 www18.smutserver.com
    O1 - Hosts: 66.159.20.80 www19.smutserver.com
    O1 - Hosts: 66.159.20.80 www20.smutserver.com
    O1 - Hosts: 66.159.20.80 www21.smutserver.com
    O1 - Hosts: 66.159.20.80 www22.smutserver.com
    O1 - Hosts: 66.159.20.80 www23.smutserver.com
    O1 - Hosts: 66.159.20.80 www24.smutserver.com
    O1 - Hosts: 66.159.20.80 www25.smutserver.com
    O1 - Hosts: 66.159.20.80 www26.smutserver.com
    O1 - Hosts: 66.159.20.80 www27.smutserver.com
    O1 - Hosts: 66.159.20.80 www28.smutserver.com
    O1 - Hosts: 66.159.20.80 www29.smutserver.com
    O1 - Hosts: 66.159.20.80 www30.smutserver.com
    O1 - Hosts: 66.159.20.80 www31.smutserver.com
    O1 - Hosts: 66.159.20.80 www32.smutserver.com
    O1 - Hosts: 66.159.20.80 agreathost.net
    O1 - Hosts: 66.159.20.80 www.agreathost.net
    O1 - Hosts: 66.159.20.80 hotfreehost.com
    O1 - Hosts: 66.159.20.80 www.hotfreehost.com
    O1 - Hosts: 66.159.20.80 greatfreehost.com
    O1 - Hosts: 66.159.20.80 www.greatfreehost.com
    O1 - Hosts: 66.159.20.80 freesmutpages.com
    O1 - Hosts: 66.159.20.80 www.freesmutpages.com
    O1 - Hosts: 66.159.20.80 apornhost.com
    O1 - Hosts: 66.159.20.80 www.apornhost.com
    O1 - Hosts: 66.159.20.80 nasty-pages.com
    O1 - Hosts: 66.159.20.80 www.nasty-pages.com
    O1 - Hosts: 66.159.20.80 sexyfreehost.com
    O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
    O1 - Hosts: 66.159.20.80 x4web.com
    O1 - Hosts: 66.159.20.80 www.x4web.com
    O1 - Hosts: 66.159.20.80 sexplanets.com
    O1 - Hosts: 66.159.20.80 www.sexplanets.com
    O1 - Hosts: 66.159.20.80 maxismut.com
    O1 - Hosts: 66.159.20.80 www.maxismut.com
    O1 - Hosts: 66.159.20.80 tgpfriendly.com
    O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
    O1 - Hosts: 66.159.20.80 tgp-server.com
    O1 - Hosts: 66.159.20.80 www.tgp-server.com
    O1 - Hosts: 66.159.20.80 magnaplza.com
    O1 - Hosts: 66.159.20.80 www.magnaplza.com
    O1 - Hosts: 66.159.20.80 free-xxx-server.com
    O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
    O1 - Hosts: 66.159.20.80 libereco.net
    O1 - Hosts: 66.159.20.80 www.libereco.net
    O1 - Hosts: 66.159.20.80 0190-dialer.com
    O1 - Hosts: 66.159.20.80 www.0190-dialer.com
    O1 - Hosts: 66.159.20.80 xxxod.net
    O1 - Hosts: 66.159.20.80 www.xxxod.net
    O1 - Hosts: 66.159.20.80 altsights.com
    O1 - Hosts: 66.159.20.80 www.altsights.com
    O1 - Hosts: 66.159.20.80 adulthosting.com
    O1 - Hosts: 66.159.20.80 www.adulthosting.com
    O1 - Hosts: 66.159.20.80 superhova.com
    O1 - Hosts: 66.159.20.80 www.superhova.com
    O1 - Hosts: 66.159.20.80 bestpornhost.com
    O1 - Hosts: 66.159.20.80 www.bestpornhost.com
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Derrick\Application Data\winshow\winshow.dll
    O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
    O4 - HKLM\..\Run: [RDLL] RunDll16.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
    O4 - HKLM\..\Run: [SysPnP] rundll32 setupapi,InstallHinfSection OemIdePnP 128 oemsyspnp.inf
    O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
    O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopupKiller] C:\Program Files\PopupKiller\NoPopup.exe
    O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKCU\..\RunOnce: [Winsock32 driver] TESTING.EXE
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
    O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
    O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19106/flash.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53FDAC3A-E717-47D0-9752-E04B588CF153}: NameServer = 206.141.193.55 66.73.20.40





    Thank you guys for taking a peek.
     
  2. calvin183

    calvin183 Thread Starter

    Joined:
    Oct 4, 2003
    Messages:
    41
    P.S. I've already ran antivirus, but to no avail :mad:
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Hi...give me 5 mins to check it over
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    You have some real crap in there my friend:rolleyes:

    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows and "fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201056637731389
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://stopxxxpics.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://stopxxxpics.com
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 64.135.204.60
    O1 - Hosts: 66.159.20.80 www1.ndhosting.com
    O1 - Hosts: 66.159.20.80 www3.ndhosting.com
    O1 - Hosts: 66.159.20.80 www2.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.kinghost.com
    O1 - Hosts: 66.159.20.80 kinghost.com
    O1 - Hosts: 66.159.20.80 www1.kinghost.com
    O1 - Hosts: 66.159.20.80 www2.kinghost.com
    O1 - Hosts: 66.159.20.80 www3.kinghost.com
    O1 - Hosts: 66.159.20.80 www4.kinghost.com
    O1 - Hosts: 66.159.20.80 www5.kinghost.com
    O1 - Hosts: 66.159.20.80 www6.kinghost.com
    O1 - Hosts: 66.159.20.80 www7.kinghost.com
    O1 - Hosts: 66.159.20.80 www8.kinghost.com
    O1 - Hosts: 66.159.20.80 www9.kinghost.com
    O1 - Hosts: 66.159.20.80 www10.kinghost.com
    O1 - Hosts: 66.159.20.80 www.smutserver.com
    O1 - Hosts: 66.159.20.80 smutserver.com
    O1 - Hosts: 66.159.20.80 www1.smutserver.com
    O1 - Hosts: 66.159.20.80 www2.smutserver.com
    O1 - Hosts: 66.159.20.80 www16.smutserver.com
    O1 - Hosts: 66.159.20.80 www3.smutserver.com
    O1 - Hosts: 66.159.20.80 www4.smutserver.com
    O1 - Hosts: 66.159.20.80 www5.smutserver.com
    O1 - Hosts: 66.159.20.80 www6.smutserver.com
    O1 - Hosts: 66.159.20.80 www7.smutserver.com
    O1 - Hosts: 66.159.20.80 www8.smutserver.com
    O1 - Hosts: 66.159.20.80 www9.smutserver.com
    O1 - Hosts: 66.159.20.80 www10.smutserver.com
    O1 - Hosts: 66.159.20.80 www11.smutserver.com
    O1 - Hosts: 66.159.20.80 www12.smutserver.com
    O1 - Hosts: 66.159.20.80 www13.smutserver.com
    O1 - Hosts: 66.159.20.80 www14.smutserver.com
    O1 - Hosts: 66.159.20.80 www15.smutserver.com
    O1 - Hosts: 66.159.20.80 www17.smutserver.com
    O1 - Hosts: 66.159.20.80 www18.smutserver.com
    O1 - Hosts: 66.159.20.80 www19.smutserver.com
    O1 - Hosts: 66.159.20.80 www20.smutserver.com
    O1 - Hosts: 66.159.20.80 www21.smutserver.com
    O1 - Hosts: 66.159.20.80 www22.smutserver.com
    O1 - Hosts: 66.159.20.80 www23.smutserver.com
    O1 - Hosts: 66.159.20.80 www24.smutserver.com
    O1 - Hosts: 66.159.20.80 www25.smutserver.com
    O1 - Hosts: 66.159.20.80 www26.smutserver.com
    O1 - Hosts: 66.159.20.80 www27.smutserver.com
    O1 - Hosts: 66.159.20.80 www28.smutserver.com
    O1 - Hosts: 66.159.20.80 www29.smutserver.com
    O1 - Hosts: 66.159.20.80 www30.smutserver.com
    O1 - Hosts: 66.159.20.80 www31.smutserver.com
    O1 - Hosts: 66.159.20.80 www32.smutserver.com
    O1 - Hosts: 66.159.20.80 agreathost.net
    O1 - Hosts: 66.159.20.80 www.agreathost.net
    O1 - Hosts: 66.159.20.80 hotfreehost.com
    O1 - Hosts: 66.159.20.80 www.hotfreehost.com
    O1 - Hosts: 66.159.20.80 greatfreehost.com
    O1 - Hosts: 66.159.20.80 www.greatfreehost.com
    O1 - Hosts: 66.159.20.80 freesmutpages.com
    O1 - Hosts: 66.159.20.80 www.freesmutpages.com
    O1 - Hosts: 66.159.20.80 apornhost.com
    O1 - Hosts: 66.159.20.80 www.apornhost.com
    O1 - Hosts: 66.159.20.80 nasty-pages.com
    O1 - Hosts: 66.159.20.80 www.nasty-pages.com
    O1 - Hosts: 66.159.20.80 sexyfreehost.com
    O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
    O1 - Hosts: 66.159.20.80 x4web.com
    O1 - Hosts: 66.159.20.80 www.x4web.com
    O1 - Hosts: 66.159.20.80 sexplanets.com
    O1 - Hosts: 66.159.20.80 www.sexplanets.com
    O1 - Hosts: 66.159.20.80 maxismut.com
    O1 - Hosts: 66.159.20.80 www.maxismut.com
    O1 - Hosts: 66.159.20.80 tgpfriendly.com
    O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
    O1 - Hosts: 66.159.20.80 tgp-server.com
    O1 - Hosts: 66.159.20.80 www.tgp-server.com
    O1 - Hosts: 66.159.20.80 magnaplza.com
    O1 - Hosts: 66.159.20.80 www.magnaplza.com
    O1 - Hosts: 66.159.20.80 free-xxx-server.com
    O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
    O1 - Hosts: 66.159.20.80 libereco.net
    O1 - Hosts: 66.159.20.80 www.libereco.net
    O1 - Hosts: 66.159.20.80 0190-dialer.com
    O1 - Hosts: 66.159.20.80 www.0190-dialer.com
    O1 - Hosts: 66.159.20.80 xxxod.net
    O1 - Hosts: 66.159.20.80 www.xxxod.net
    O1 - Hosts: 66.159.20.80 altsights.com
    O1 - Hosts: 66.159.20.80 www.altsights.com
    O1 - Hosts: 66.159.20.80 adulthosting.com
    O1 - Hosts: 66.159.20.80 www.adulthosting.com
    O1 - Hosts: 66.159.20.80 superhova.com
    O1 - Hosts: 66.159.20.80 www.superhova.com
    O1 - Hosts: 66.159.20.80 bestpornhost.com
    O1 - Hosts: 66.159.20.80 www.bestpornhost.com
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch.dll
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Derrick\Application Data\winshow\winshow.dll
    O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O4 - HKLM\..\Run: [RDLL] RunDll16.exe
    O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
    O4 - HKLM\..\Run: [SysPnP] rundll32 setupapi,InstallHinfSection OemIdePnP 128 oemsyspnp.inf
    O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKLM\..\Run: [IST Service] \istsvc.exe
    O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
    O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
    O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
    O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKCU\..\RunOnce: [Winsock32 driver] TESTING.EXE
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...B8108/turbo.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.co...19106/flash.cab


    Re- boot into safe mode and delete any of these that are around:
    C:\Program Files\ISTsvc [FOLDER]
    C:\Program Files\ClearSearch [FOLDER]
    C:\WINDOWS\webassist.exe
    C:\WINDOWS\System32\TESTING.EXE
    C:\WINDOWS\System32\SCANREGWIN.EXE

    After that scan online here:http://housecall.trendmicro.com/

    Then...Then download Spybot - Search & Destroy http://beam.to/spybotsd
    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all IE windows, hit 'Check for Problems', and have SpyBot remove all it marks in red and re-boot.

    AND.... download Ad-Aware at http://www.majorgeek.com/index2.html
    After installing A/W,and before running the program, update by using the Globe icon.
    Shut down and restart Ad-Aware.
    Now press "Scan Now", then 'next', and let Ad-Aware scan your drives.
    It will find a number of "bad" files and registry keys. Click 'Next' again.
    Rightclick in that pane and choose "select all and click 'next'.
    It will ask you whether you'd like to remove all checked items. Click OK.
    Finally, close Ad-Aware, reboot and post another Hijackthis logfile.

    ;)
     
  5. calvin183

    calvin183 Thread Starter

    Joined:
    Oct 4, 2003
    Messages:
    41
    Thanks!........Now Trend Micro is saying I have a Virus called "Kindal.A" Can anyone give me some info on this virus and how to stop it...........Thanks alot

    P.S. Here is my current HT log

    Logfile of HijackThis v1.97.2
    Scan saved at 9:32:48 AM, on 10/4/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\SCANREGWIN.EXE
    C:\WINDOWS\System32\TESTING.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SBC\Connection Manager\CManager.exe
    C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Derrick\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O1 - Hosts: 66.159.18.75 www.astalavista.com
    O1 - Hosts: 66.159.18.75 astalavista.com
    O1 - Hosts: 64.200.25.145 gator.com #cooklop
    O1 - Hosts: 64.200.25.145 www.gator.com #cooklop
    O1 - Hosts: 64.200.25.145 doubleclick.net #cooklop
    O1 - Hosts: 64.200.25.145 www.doubleclick.net #cooklop
    O1 - Hosts: 64.200.25.145 tripod.com #cooklop
    O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
    O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
    O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
    O1 - Hosts: 64.200.25.145 cj.com #cooklop
    O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
    O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
    O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
    O1 - Hosts: 64.200.25.145 worldsex.com #cooklop
    O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
    O1 - Hosts: 64.200.25.145 free6.com #cooklop
    O1 - Hosts: 64.200.25.145 www.free6.com #cooklop
    O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
    O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopupKiller] C:\Program Files\PopupKiller\NoPopup.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKCU\..\RunOnce: [Winsock32 driver] TESTING.EXE
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
    O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
    O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
    O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53FDAC3A-E717-47D0-9752-E04B588CF153}: NameServer = 206.141.193.55 66.73.20.40
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Theres a few entries that are still in there.....

    1st thing.....click "my computer" hit the "tools"/"folder options"/"view"tabs and make sure "show hidden files and folders" is checked.

    Then Click Start.
    Right-click My Computer, and then click Properties.
    Click the System Restore tab.
    Select "Turn off System Restore" or "Turn off System Restore on all drives"

    boot into safe mode(by tapping the F8 key as windows starts to boot)

    Run hijackthis and put a checkmark against these entries and have hijackthis "fix" them all.

    O1 - Hosts: 66.159.18.75 www.astalavista.com
    O1 - Hosts: 66.159.18.75 astalavista.com
    O1 - Hosts: 64.200.25.145 gator.com #cooklop
    O1 - Hosts: 64.200.25.145 www.gator.com #cooklop
    O1 - Hosts: 64.200.25.145 doubleclick.net #cooklop
    O1 - Hosts: 64.200.25.145 www.doubleclick.net #cooklop
    O1 - Hosts: 64.200.25.145 tripod.com #cooklop
    O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
    O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
    O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
    O1 - Hosts: 64.200.25.145 cj.com #cooklop
    O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
    O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
    O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
    O1 - Hosts: 64.200.25.145 worldsex.com #cooklop
    O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
    O1 - Hosts: 64.200.25.145 free6.com #cooklop
    O1 - Hosts: 64.200.25.145 www.free6.com #cooklop
    O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
    O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
    O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
    O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx

    Now find and delete:
    C:\WINDOWS\System32\SCANREGWIN.EXE
    C:\WINDOWS\System32\TESTING.EXE

    Next, click Start/Run and type in "explorer" without the quotes Navigate to c:\windows\system32 and delete the files SCANREGWIN.EXE and TESTING.EXE

    Go to Start/Run and type in "regedit" [without the quotes] and navigate to:

    Hkey_Current_User
    Software
    Microsoft
    Windows
    CurrentVersion
    RunOnce

    if there is anything in the Right hand pane but 'default', right click and delete it.

    Turn system restore back on again.
    Reboot back to normal and verify that all is well.

    Good luck;)
     
  7. calvin183

    calvin183 Thread Starter

    Joined:
    Oct 4, 2003
    Messages:
    41
    SOLVED! Thank you so much for helping me :D :D :D

    Here is my HT log:

    Logfile of HijackThis v1.97.2
    Scan saved at 5:15:37 PM, on 10/4/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SBC\Connection Manager\CManager.exe
    C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Derrick\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopupKiller] C:\Program Files\PopupKiller\NoPopup.exe
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
    O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
    O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53FDAC3A-E717-47D0-9752-E04B588CF153}: NameServer = 206.141.193.55 66.73.20.40
     
  8. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Calvin......
    A clean machine!!
    Now then............lets keep it that way......Ill give you some "homework":D

    Get a firewall(Xp firewall is not much good)
    www.zonelabs.com Download Zonealarm
    www.grisoft.com AVG Antivirus (Free edition)
    http://www.javacoolsoftware.com/spywareblaster.html
    2 programs that will help keep this stuff from being stealth
    installed.....spywareguard and spywareblaster.
    Keep everything updated and scan weekly with spybot and adaware.
    Tell your friends about T.S.G.

    ;)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169451

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice