Virus help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

calvin183

Thread Starter
Joined
Oct 4, 2003
Messages
41
I have a SPYBOT.B virus on my comp. and I dont know how to get rid of it. I downloaded HJT and here is the log.


Logfile of HijackThis v1.97.2
Scan saved at 7:51:37 AM, on 10/4/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\TESTING.EXE
C:\WINDOWS\System32\SCANREGWIN.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\ClearSearch\Loader.exe
C:\WINDOWS\webassist.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derrick\Desktop\procexp.exe
C:\Documents and Settings\Derrick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201056637731389
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://stopxxxpics.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://stopxxxpics.com
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 66.159.20.80 www1.ndhosting.com
O1 - Hosts: 66.159.20.80 www3.ndhosting.com
O1 - Hosts: 66.159.20.80 www2.ndhosting.com
O1 - Hosts: 66.159.20.80 www.ndhosting.com
O1 - Hosts: 66.159.20.80 www.kinghost.com
O1 - Hosts: 66.159.20.80 kinghost.com
O1 - Hosts: 66.159.20.80 www1.kinghost.com
O1 - Hosts: 66.159.20.80 www2.kinghost.com
O1 - Hosts: 66.159.20.80 www3.kinghost.com
O1 - Hosts: 66.159.20.80 www4.kinghost.com
O1 - Hosts: 66.159.20.80 www5.kinghost.com
O1 - Hosts: 66.159.20.80 www6.kinghost.com
O1 - Hosts: 66.159.20.80 www7.kinghost.com
O1 - Hosts: 66.159.20.80 www8.kinghost.com
O1 - Hosts: 66.159.20.80 www9.kinghost.com
O1 - Hosts: 66.159.20.80 www10.kinghost.com
O1 - Hosts: 66.159.20.80 www.smutserver.com
O1 - Hosts: 66.159.20.80 smutserver.com
O1 - Hosts: 66.159.20.80 www1.smutserver.com
O1 - Hosts: 66.159.20.80 www2.smutserver.com
O1 - Hosts: 66.159.20.80 www16.smutserver.com
O1 - Hosts: 66.159.20.80 www3.smutserver.com
O1 - Hosts: 66.159.20.80 www4.smutserver.com
O1 - Hosts: 66.159.20.80 www5.smutserver.com
O1 - Hosts: 66.159.20.80 www6.smutserver.com
O1 - Hosts: 66.159.20.80 www7.smutserver.com
O1 - Hosts: 66.159.20.80 www8.smutserver.com
O1 - Hosts: 66.159.20.80 www9.smutserver.com
O1 - Hosts: 66.159.20.80 www10.smutserver.com
O1 - Hosts: 66.159.20.80 www11.smutserver.com
O1 - Hosts: 66.159.20.80 www12.smutserver.com
O1 - Hosts: 66.159.20.80 www13.smutserver.com
O1 - Hosts: 66.159.20.80 www14.smutserver.com
O1 - Hosts: 66.159.20.80 www15.smutserver.com
O1 - Hosts: 66.159.20.80 www17.smutserver.com
O1 - Hosts: 66.159.20.80 www18.smutserver.com
O1 - Hosts: 66.159.20.80 www19.smutserver.com
O1 - Hosts: 66.159.20.80 www20.smutserver.com
O1 - Hosts: 66.159.20.80 www21.smutserver.com
O1 - Hosts: 66.159.20.80 www22.smutserver.com
O1 - Hosts: 66.159.20.80 www23.smutserver.com
O1 - Hosts: 66.159.20.80 www24.smutserver.com
O1 - Hosts: 66.159.20.80 www25.smutserver.com
O1 - Hosts: 66.159.20.80 www26.smutserver.com
O1 - Hosts: 66.159.20.80 www27.smutserver.com
O1 - Hosts: 66.159.20.80 www28.smutserver.com
O1 - Hosts: 66.159.20.80 www29.smutserver.com
O1 - Hosts: 66.159.20.80 www30.smutserver.com
O1 - Hosts: 66.159.20.80 www31.smutserver.com
O1 - Hosts: 66.159.20.80 www32.smutserver.com
O1 - Hosts: 66.159.20.80 agreathost.net
O1 - Hosts: 66.159.20.80 www.agreathost.net
O1 - Hosts: 66.159.20.80 hotfreehost.com
O1 - Hosts: 66.159.20.80 www.hotfreehost.com
O1 - Hosts: 66.159.20.80 greatfreehost.com
O1 - Hosts: 66.159.20.80 www.greatfreehost.com
O1 - Hosts: 66.159.20.80 freesmutpages.com
O1 - Hosts: 66.159.20.80 www.freesmutpages.com
O1 - Hosts: 66.159.20.80 apornhost.com
O1 - Hosts: 66.159.20.80 www.apornhost.com
O1 - Hosts: 66.159.20.80 nasty-pages.com
O1 - Hosts: 66.159.20.80 www.nasty-pages.com
O1 - Hosts: 66.159.20.80 sexyfreehost.com
O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
O1 - Hosts: 66.159.20.80 x4web.com
O1 - Hosts: 66.159.20.80 www.x4web.com
O1 - Hosts: 66.159.20.80 sexplanets.com
O1 - Hosts: 66.159.20.80 www.sexplanets.com
O1 - Hosts: 66.159.20.80 maxismut.com
O1 - Hosts: 66.159.20.80 www.maxismut.com
O1 - Hosts: 66.159.20.80 tgpfriendly.com
O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
O1 - Hosts: 66.159.20.80 tgp-server.com
O1 - Hosts: 66.159.20.80 www.tgp-server.com
O1 - Hosts: 66.159.20.80 magnaplza.com
O1 - Hosts: 66.159.20.80 www.magnaplza.com
O1 - Hosts: 66.159.20.80 free-xxx-server.com
O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
O1 - Hosts: 66.159.20.80 libereco.net
O1 - Hosts: 66.159.20.80 www.libereco.net
O1 - Hosts: 66.159.20.80 0190-dialer.com
O1 - Hosts: 66.159.20.80 www.0190-dialer.com
O1 - Hosts: 66.159.20.80 xxxod.net
O1 - Hosts: 66.159.20.80 www.xxxod.net
O1 - Hosts: 66.159.20.80 altsights.com
O1 - Hosts: 66.159.20.80 www.altsights.com
O1 - Hosts: 66.159.20.80 adulthosting.com
O1 - Hosts: 66.159.20.80 www.adulthosting.com
O1 - Hosts: 66.159.20.80 superhova.com
O1 - Hosts: 66.159.20.80 www.superhova.com
O1 - Hosts: 66.159.20.80 bestpornhost.com
O1 - Hosts: 66.159.20.80 www.bestpornhost.com
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Derrick\Application Data\winshow\winshow.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [SysPnP] rundll32 setupapi,InstallHinfSection OemIdePnP 128 oemsyspnp.inf
O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopupKiller] C:\Program Files\PopupKiller\NoPopup.exe
O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKCU\..\RunOnce: [Winsock32 driver] TESTING.EXE
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19106/flash.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53FDAC3A-E717-47D0-9752-E04B588CF153}: NameServer = 206.141.193.55 66.73.20.40





Thank you guys for taking a peek.
 
Joined
Oct 9, 2001
Messages
9,396
You have some real crap in there my friend:rolleyes:

Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows and "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201056637731389
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://stopxxxpics.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allhyperlinks.com/redir?lang={SUB_RFC1766}&id=170201059399752442
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://stopxxxpics.com
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.xupiter.com/toolbar2"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 64.135.204.60
O1 - Hosts: 66.159.20.80 www1.ndhosting.com
O1 - Hosts: 66.159.20.80 www3.ndhosting.com
O1 - Hosts: 66.159.20.80 www2.ndhosting.com
O1 - Hosts: 66.159.20.80 www.ndhosting.com
O1 - Hosts: 66.159.20.80 www.kinghost.com
O1 - Hosts: 66.159.20.80 kinghost.com
O1 - Hosts: 66.159.20.80 www1.kinghost.com
O1 - Hosts: 66.159.20.80 www2.kinghost.com
O1 - Hosts: 66.159.20.80 www3.kinghost.com
O1 - Hosts: 66.159.20.80 www4.kinghost.com
O1 - Hosts: 66.159.20.80 www5.kinghost.com
O1 - Hosts: 66.159.20.80 www6.kinghost.com
O1 - Hosts: 66.159.20.80 www7.kinghost.com
O1 - Hosts: 66.159.20.80 www8.kinghost.com
O1 - Hosts: 66.159.20.80 www9.kinghost.com
O1 - Hosts: 66.159.20.80 www10.kinghost.com
O1 - Hosts: 66.159.20.80 www.smutserver.com
O1 - Hosts: 66.159.20.80 smutserver.com
O1 - Hosts: 66.159.20.80 www1.smutserver.com
O1 - Hosts: 66.159.20.80 www2.smutserver.com
O1 - Hosts: 66.159.20.80 www16.smutserver.com
O1 - Hosts: 66.159.20.80 www3.smutserver.com
O1 - Hosts: 66.159.20.80 www4.smutserver.com
O1 - Hosts: 66.159.20.80 www5.smutserver.com
O1 - Hosts: 66.159.20.80 www6.smutserver.com
O1 - Hosts: 66.159.20.80 www7.smutserver.com
O1 - Hosts: 66.159.20.80 www8.smutserver.com
O1 - Hosts: 66.159.20.80 www9.smutserver.com
O1 - Hosts: 66.159.20.80 www10.smutserver.com
O1 - Hosts: 66.159.20.80 www11.smutserver.com
O1 - Hosts: 66.159.20.80 www12.smutserver.com
O1 - Hosts: 66.159.20.80 www13.smutserver.com
O1 - Hosts: 66.159.20.80 www14.smutserver.com
O1 - Hosts: 66.159.20.80 www15.smutserver.com
O1 - Hosts: 66.159.20.80 www17.smutserver.com
O1 - Hosts: 66.159.20.80 www18.smutserver.com
O1 - Hosts: 66.159.20.80 www19.smutserver.com
O1 - Hosts: 66.159.20.80 www20.smutserver.com
O1 - Hosts: 66.159.20.80 www21.smutserver.com
O1 - Hosts: 66.159.20.80 www22.smutserver.com
O1 - Hosts: 66.159.20.80 www23.smutserver.com
O1 - Hosts: 66.159.20.80 www24.smutserver.com
O1 - Hosts: 66.159.20.80 www25.smutserver.com
O1 - Hosts: 66.159.20.80 www26.smutserver.com
O1 - Hosts: 66.159.20.80 www27.smutserver.com
O1 - Hosts: 66.159.20.80 www28.smutserver.com
O1 - Hosts: 66.159.20.80 www29.smutserver.com
O1 - Hosts: 66.159.20.80 www30.smutserver.com
O1 - Hosts: 66.159.20.80 www31.smutserver.com
O1 - Hosts: 66.159.20.80 www32.smutserver.com
O1 - Hosts: 66.159.20.80 agreathost.net
O1 - Hosts: 66.159.20.80 www.agreathost.net
O1 - Hosts: 66.159.20.80 hotfreehost.com
O1 - Hosts: 66.159.20.80 www.hotfreehost.com
O1 - Hosts: 66.159.20.80 greatfreehost.com
O1 - Hosts: 66.159.20.80 www.greatfreehost.com
O1 - Hosts: 66.159.20.80 freesmutpages.com
O1 - Hosts: 66.159.20.80 www.freesmutpages.com
O1 - Hosts: 66.159.20.80 apornhost.com
O1 - Hosts: 66.159.20.80 www.apornhost.com
O1 - Hosts: 66.159.20.80 nasty-pages.com
O1 - Hosts: 66.159.20.80 www.nasty-pages.com
O1 - Hosts: 66.159.20.80 sexyfreehost.com
O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
O1 - Hosts: 66.159.20.80 x4web.com
O1 - Hosts: 66.159.20.80 www.x4web.com
O1 - Hosts: 66.159.20.80 sexplanets.com
O1 - Hosts: 66.159.20.80 www.sexplanets.com
O1 - Hosts: 66.159.20.80 maxismut.com
O1 - Hosts: 66.159.20.80 www.maxismut.com
O1 - Hosts: 66.159.20.80 tgpfriendly.com
O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
O1 - Hosts: 66.159.20.80 tgp-server.com
O1 - Hosts: 66.159.20.80 www.tgp-server.com
O1 - Hosts: 66.159.20.80 magnaplza.com
O1 - Hosts: 66.159.20.80 www.magnaplza.com
O1 - Hosts: 66.159.20.80 free-xxx-server.com
O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
O1 - Hosts: 66.159.20.80 libereco.net
O1 - Hosts: 66.159.20.80 www.libereco.net
O1 - Hosts: 66.159.20.80 0190-dialer.com
O1 - Hosts: 66.159.20.80 www.0190-dialer.com
O1 - Hosts: 66.159.20.80 xxxod.net
O1 - Hosts: 66.159.20.80 www.xxxod.net
O1 - Hosts: 66.159.20.80 altsights.com
O1 - Hosts: 66.159.20.80 www.altsights.com
O1 - Hosts: 66.159.20.80 adulthosting.com
O1 - Hosts: 66.159.20.80 www.adulthosting.com
O1 - Hosts: 66.159.20.80 superhova.com
O1 - Hosts: 66.159.20.80 www.superhova.com
O1 - Hosts: 66.159.20.80 bestpornhost.com
O1 - Hosts: 66.159.20.80 www.bestpornhost.com
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\host.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\Derrick\Application Data\winshow\winshow.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
O4 - HKLM\..\Run: [SysPnP] rundll32 setupapi,InstallHinfSection OemIdePnP 128 oemsyspnp.inf
O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKLM\..\Run: [IST Service] \istsvc.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SysService32] C:\WINDOWS\systask32l.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\RunOnce: [SysService32] C:\WINDOWS\System32\ln32k.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKCU\..\RunOnce: [Winsock32 driver] TESTING.EXE
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...B8108/turbo.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.co...19106/flash.cab


Re- boot into safe mode and delete any of these that are around:
C:\Program Files\ISTsvc [FOLDER]
C:\Program Files\ClearSearch [FOLDER]
C:\WINDOWS\webassist.exe
C:\WINDOWS\System32\TESTING.EXE
C:\WINDOWS\System32\SCANREGWIN.EXE

After that scan online here:http://housecall.trendmicro.com/

Then...Then download Spybot - Search & Destroy http://beam.to/spybotsd
After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all IE windows, hit 'Check for Problems', and have SpyBot remove all it marks in red and re-boot.

AND.... download Ad-Aware at http://www.majorgeek.com/index2.html
After installing A/W,and before running the program, update by using the Globe icon.
Shut down and restart Ad-Aware.
Now press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Rightclick in that pane and choose "select all and click 'next'.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, reboot and post another Hijackthis logfile.

;)
 

calvin183

Thread Starter
Joined
Oct 4, 2003
Messages
41
Thanks!........Now Trend Micro is saying I have a Virus called "Kindal.A" Can anyone give me some info on this virus and how to stop it...........Thanks alot

P.S. Here is my current HT log

Logfile of HijackThis v1.97.2
Scan saved at 9:32:48 AM, on 10/4/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\SCANREGWIN.EXE
C:\WINDOWS\System32\TESTING.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derrick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 66.159.18.75 www.astalavista.com
O1 - Hosts: 66.159.18.75 astalavista.com
O1 - Hosts: 64.200.25.145 gator.com #cooklop
O1 - Hosts: 64.200.25.145 www.gator.com #cooklop
O1 - Hosts: 64.200.25.145 doubleclick.net #cooklop
O1 - Hosts: 64.200.25.145 www.doubleclick.net #cooklop
O1 - Hosts: 64.200.25.145 tripod.com #cooklop
O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 cj.com #cooklop
O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 free6.com #cooklop
O1 - Hosts: 64.200.25.145 www.free6.com #cooklop
O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopupKiller] C:\Program Files\PopupKiller\NoPopup.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKCU\..\RunOnce: [Winsock32 driver] TESTING.EXE
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53FDAC3A-E717-47D0-9752-E04B588CF153}: NameServer = 206.141.193.55 66.73.20.40
 
Joined
Oct 9, 2001
Messages
9,396
Theres a few entries that are still in there.....

1st thing.....click "my computer" hit the "tools"/"folder options"/"view"tabs and make sure "show hidden files and folders" is checked.

Then Click Start.
Right-click My Computer, and then click Properties.
Click the System Restore tab.
Select "Turn off System Restore" or "Turn off System Restore on all drives"

boot into safe mode(by tapping the F8 key as windows starts to boot)

Run hijackthis and put a checkmark against these entries and have hijackthis "fix" them all.

O1 - Hosts: 66.159.18.75 www.astalavista.com
O1 - Hosts: 66.159.18.75 astalavista.com
O1 - Hosts: 64.200.25.145 gator.com #cooklop
O1 - Hosts: 64.200.25.145 www.gator.com #cooklop
O1 - Hosts: 64.200.25.145 doubleclick.net #cooklop
O1 - Hosts: 64.200.25.145 www.doubleclick.net #cooklop
O1 - Hosts: 64.200.25.145 tripod.com #cooklop
O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 cj.com #cooklop
O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 free6.com #cooklop
O1 - Hosts: 64.200.25.145 www.free6.com #cooklop
O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Winsock2 driver] SCANREGWIN.EXE
O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx

Now find and delete:
C:\WINDOWS\System32\SCANREGWIN.EXE
C:\WINDOWS\System32\TESTING.EXE

Next, click Start/Run and type in "explorer" without the quotes Navigate to c:\windows\system32 and delete the files SCANREGWIN.EXE and TESTING.EXE

Go to Start/Run and type in "regedit" [without the quotes] and navigate to:

Hkey_Current_User
Software
Microsoft
Windows
CurrentVersion
RunOnce

if there is anything in the Right hand pane but 'default', right click and delete it.

Turn system restore back on again.
Reboot back to normal and verify that all is well.

Good luck;)
 

calvin183

Thread Starter
Joined
Oct 4, 2003
Messages
41
SOLVED! Thank you so much for helping me :D :D :D

Here is my HT log:

Logfile of HijackThis v1.97.2
Scan saved at 5:15:37 PM, on 10/4/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derrick\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopupKiller] C:\Program Files\PopupKiller\NoPopup.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone by A1Tech.com\adsgone.exe
O8 - Extra context menu item: Translate Page with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
O8 - Extra context menu item: Translate Selection with Worldlingo.com - http://www.worldlingo.com/UP62768/P5001/l/scripts/btool.js?btool=s&uname=btool48&pword=lingocnet
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: Translate Page (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtj_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53FDAC3A-E717-47D0-9752-E04B588CF153}: NameServer = 206.141.193.55 66.73.20.40
 
Joined
Oct 9, 2001
Messages
9,396
Calvin......
A clean machine!!
Now then............lets keep it that way......Ill give you some "homework":D

Get a firewall(Xp firewall is not much good)
www.zonelabs.com Download Zonealarm
www.grisoft.com AVG Antivirus (Free edition)
http://www.javacoolsoftware.com/spywareblaster.html
2 programs that will help keep this stuff from being stealth
installed.....spywareguard and spywareblaster.
Keep everything updated and scan weekly with spybot and adaware.
Tell your friends about T.S.G.

;)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top