Aargh Help needed please

Computing.Net > Forums > Security and Virus > Aargh Help needed please

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Aargh Help needed please

Name: Rob
Date: December 14, 2003 at 13:18:44 Pacific
OS: Win XP
CPU/Ram: P4Mob1.8//512Mb

Comment:

I would really apprreciate anyones help with this as adaware and spybotSD aren't finding the problem. I use both these and Hijack this to try and clear all the registry hijacks etc but the crap always comes back. It seems to happen when I open the IE window. Two shortcuts appear on the desktop (diet pills and play online always with different icons), Two porn sites appear on the favourites list and a site is added to the trusted sites list (shown at O15 on the log). Sometimes there is a browser hijack to idgsearch.com and a trojan dialler sometimes appears. Below is the hijack log after I thought I'd cleared it but then opened a window...
Logfile of HijackThis v1.97.6
Scan saved at 21:02:40, on 14/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\EasyBid\EasyBidTool.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft Office\Office\OSA.exe
C:\Program Files\Apoint\Apntex.exe
C:\TURNPIKE\CONNECT.exe
C:\TURNPIKE\Turnctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\Rob\APPLIC~1\MICROS~1\Office\Excel10.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EasyBid Tool] C:\Program Files\EasyBid\EasyBidTool.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFEA894C-3B29-4514-8288-5C864583DE41}: NameServer = 158.152.1.43 158.152.1.58

I would really appreciate any help to get rid of this s--- with step-by-step instructions. Thanks
If you want me to run the programs after opening the window and then repost the log I will gladly do so...

Sponsored Link

Ads by Google

Response Number 1

Name: Kevin The Tech Dude
Date: December 14, 2003 at 13:43:57 Pacific

Reply:

Delete all of this junk...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.idgsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idgsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.idgsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.idgsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.idgsearch.com/iec
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.idgsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.idgsearch.com/
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFEA894C-3B29-4514-8288-5C864583DE41}: NameServer = 158.152.1.43 158.152.1.58
Go and get Cwshredder and run it as well.
That is just a start. I'll look over the log some more.
KTTD

Response Number 2

Name: Kevin The Tech Dude
Date: December 14, 2003 at 14:05:04 Pacific

Reply:

You also appear to be infected with W32.HLLW.Gaobot.EE Both Symantec and Sophos get hits on C:\WINDOWS\System32\nvsvc32.exe I don't see anything else at the moment but I will keep looking.
KTTD

Response Number 3

Name: RobC
Date: December 14, 2003 at 14:13:08 Pacific

Reply:

If that is the trojan I've just got it with AVG. CWS shredder found (and removed) something called googlems. Could be progress, thanks...

Response Number 4

Name: Kevin The Tech Dude
Date: December 14, 2003 at 14:23:10 Pacific

Reply:

You also might want to go and download TDS-3 and make sure you get the latest Radius File
KTTD

Response Number 5

Name: Rob
Date: December 14, 2003 at 14:24:52 Pacific

Reply:

I've also just realised that the O2 excel file which at first glance I thought was genuine is listed as a BHO. Hmm

www.nto.pl/wideo C:\docume~1\Rob\Cookies is corrupt god help me please i need you	god help me please i need you god help me please i need you I Need Your Help Urgently Please !!! virus
See More

Response Number 6

Name: Kevin The Tech Dude
Date: December 14, 2003 at 14:38:03 Pacific

Reply:

Rob,
It is a trojan...
Trojan.Digits
TDS-3 should pick it up and remove it as well. This is why I informed you to download TDS-3 because its sole purpose is to remove trojans.
KTTD

Response Number 7

Name: Kevin The Tech Dude
Date: December 14, 2003 at 14:38:54 Pacific

Reply:

Also, make sure you have disabled System Restore.
KTTD

Response Number 8

Name: Rob
Date: December 14, 2003 at 14:50:13 Pacific

Reply:

KTTD. Thanks for all your help, it looks good at the moment, much appreciated.

Response Number 9

Name: Kevin The Tech Dude
Date: December 14, 2003 at 14:54:00 Pacific

Reply:

Rob,
Re-post another log file after you have done all the scans. Make sure you run TDS-3 it is a great program but again, please re-post another log so we can make sure you are 100% clean.
KTTD
P.S. You are more than welcome for the help and thanks for being responsive to my efforts.

Response Number 10

Name: RobC
Date: December 14, 2003 at 23:37:28 Pacific

Reply:

Several hours later, it still looks good, here is the latest log:
Logfile of HijackThis v1.97.6
Scan saved at 07:33:25, on 15/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\EasyBid\EasyBidTool.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Microsoft Office\Office\OSA.exe
C:\Program Files\Apoint\Apntex.exe
C:\TURNPIKE\CONNECT.exe
C:\TURNPIKE\Turnctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Documents and Settings\Rob\Local Settings\Temp\Temporary Directory 13 for hijackthis.zip\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EasyBid Tool] C:\Program Files\EasyBid\EasyBidTool.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37969.5870833333
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFEA894C-3B29-4514-8288-5C864583DE41}: NameServer = 158.152.1.43 158.152.1.58

Response Number 11

Name: ville
Date: December 17, 2003 at 07:36:40 Pacific

Reply:

Hello.
I have same problem "tits.hardcore4ever.net"
. Adaware, spybotSD, TDS, Trojan aren't finding the problem. When I restart my computer, there will come three shortcuts to my desktop and my Explorers homeside will come "tits.hardcore4ever.net". Help me! Sorry my knowledge of languages...

Response Number 12

Name: RobC
Date: December 19, 2003 at 12:08:43 Pacific

Reply:

Hope someone with more expertise has replied to you but "hijack this" and "cwshredder" worked for me.

Response Number 13

Name: Phace1
Date: January 26, 2004 at 00:57:10 Pacific

Reply:

Hey, I've been having the same sort of problem with all this junk. Stupid shortcuts on the desktop, porn favorites that don'r go away, and they always come back when I run Internet explorer. Here's my HijackThis! thingy, can someone tell me what to remove please? I'm going to try TDS and CWShredder, so hopefully I may not need anymore help. Heh, but never the less, any help would be appreciated. Oh and one other thing, there's a file (svchost.exe with an odd icon) often shows up in the Temp directory, I can delete it fine, but when I don't remove it and open IE, it opens a window that says "Please Selecet Country" and I can't close it or the browser without going ctrl+alt+del...Anyway, does anyone know if this is connected with the shortcuts and favourites? Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 1:41:43 AM, on 26/01/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\RSNet\RSEDNClient.exe
C:\Program Files\Microsoft Hardware\Mouse\POINT32.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\DOCUME~1\Ian\LOCALS~1\Temp\Rar$EX01.469\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O1 - Hosts: 69.56.223.196 just.find-itnow.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 qwertysearch123.biz
O1 - Hosts: 69.56.223.196 www.search-space.com
O1 - Hosts: 69.56.223.196 www.windowws.cc
O1 - Hosts: 69.56.223.196 aifind.info
O1 - Hosts: 69.56.223.196 www.find4u.net
O1 - Hosts: 69.56.223.196 find4u.net
O1 - Hosts: 69.56.223.196 www.lookfor.cc
O1 - Hosts: 69.56.223.196 www.008i.com
O1 - Hosts: 69.56.223.196 www.viewpornkey.com
O1 - Hosts: 69.56.223.196 www.hugesearch.net
O1 - Hosts: 69.56.223.196 www.novaf---.com
O1 - Hosts: 69.56.223.196 www.seznam.cz
O1 - Hosts: 69.56.223.196 aifind.cc
O1 - Hosts: 69.56.223.196 www.onet.pl
O1 - Hosts: 69.56.223.196 teenhqpics.com
O1 - Hosts: 69.56.223.196 www.ttjj.com
O1 - Hosts: 69.56.223.196 www.search-dot.com
O1 - Hosts: 69.56.223.196 www.search-and-go.com
O1 - Hosts: 69.56.223.196 www.slotch.com
O1 - Hosts: 69.56.223.196 www.2fastsearch.net
O1 - Hosts: 69.56.223.196 awebfind.biz
O1 - Hosts: 69.56.223.196 www.power-search.info
O1 - Hosts: 69.56.223.196 www.naver.com
O1 - Hosts: 69.56.223.196 www.daum.net
O1 - Hosts: 69.56.223.196 www.ohcorea.com
O1 - Hosts: 69.56.223.196 www.hao123.com
O1 - Hosts: 69.56.223.196 58q.com
O1 - Hosts: 69.56.223.196 www.hotwebsearch.com
O1 - Hosts: 69.56.223.196 www.startium.com
O1 - Hosts: 69.56.223.196 www.gajai.com
O1 - Hosts: 69.56.223.196 www.wazzupnet.com
O1 - Hosts: 69.56.223.196 freshvideogals.com
O1 - Hosts: 69.56.223.196 www.xgmm.com
O1 - Hosts: 69.56.223.196 searchmyrequest.com
O1 - Hosts: 69.56.223.196 yourbookmarks.ws
O1 - Hosts: 69.56.223.196 wmmse.com
O1 - Hosts: 69.56.223.196 link.startmake.com
O1 - Hosts: 69.56.223.196 www.boredlife.com
O1 - Hosts: 69.56.223.196 approvedlinks.com
O1 - Hosts: 69.56.223.196 www.nkvd.us
O1 - Hosts: 69.56.223.196 www.8095.com
O1 - Hosts: 69.56.223.196 www.dreamwiz.com
O1 - Hosts: 69.56.223.196 ie-search.com
O1 - Hosts: 69.56.223.196 auto.ie.searchforge.com
O1 - Hosts: 69.56.223.196 search.psn.cn
O1 - Hosts: 69.56.223.196 www.couldnotfind.com
O1 - Hosts: 69.56.223.196 www.iquicksearch.com
O1 - Hosts: 69.56.223.196 1-se.com
O1 - Hosts: 69.56.223.196 www.spidersearch.com
O1 - Hosts: 69.56.223.196 search.ieplugin.com
O1 - Hosts: 69.56.223.196 itseasy.us
O1 - Hosts: 69.56.223.196 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 69.56.223.196 www.searchxl.com
O1 - Hosts: 69.56.223.196 www.hotsearchbox.com
O1 - Hosts: 69.56.223.196 www.searchforge.com
O1 - Hosts: 69.56.223.196 www.omega-search.com
O1 - Hosts: 69.56.223.196 searchcentrix.com
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\Ian\APPLIC~1\MICROS~1\Office\Excel10.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - Startup: Microsoft Mouse.lnk = C:\Program Files\Microsoft Hardware\Mouse\dplaunch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/TTT_E/lotrttt_e.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab

Sponsored Link

Ads by Google

Turn off AVG from loading...

Lots of viruses!

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Aargh Help needed please

Dialer help needed please

Summary

www.computing.net/answers/security/dialer-help-needed-please/10673.html

DSO exploit..help needed.

Summary

www.computing.net/answers/security/dso-exploithelp-needed/16408.html

Urgent help needed with virus!

Summary

www.computing.net/answers/security/urgent-help-needed-with-virus/16661.html

From the Geek Dictionary
Chicago Ted - A fictional character from the Valve game Left 4 Dead that has gained cult ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Mwave errors?

Toshiba Satellite A200 - Black Screen

Logical: I can dir but cannot set def to it

Sony SXRD TV & My Computer

google links redirecting

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

iPhone Consumes 50% World's Mobile Data Traffic

TV Market to Launch Cross-Platform App Store

Microsoft Working on XBL Help, FAQ System?

Used ATM Machines for Sale on Craigslist

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE