Can someone one help me? My homepage has been high jacked
I have tried everything that I know but it won't go away this is my hijack log Logfile of HijackThis v1. 99. 1 Scan saved at 7:54:44 PM, on 3/20/2005 Platform: Windows XP SP1 (WinNT 5. 01. 2600) MSIE: Internet Explorer v6.
I have tried everything that I know but it won't go away
this is my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 7:54:44 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\COMMON~1\AOL\110213~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\COMMON~1\AOL\110213~1\EE\AOLServiceHost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Documents and Settings\Robert wagner\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://congratulations.travelengine.net/rprpromos/1000/winnerb8.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 65.125.226.82 http://yahoo.com
O1 - Hosts: 65.125.226.82 http://google.com
O1 - Hosts: 65.125.226.82 http://lycos.com
O1 - Hosts: 65.125.226.82 http://altavista.com
O1 - Hosts: 65.125.226.82 http://msn.com
O1 - Hosts: 65.125.226.82 http://search.msn.com
O1 - Hosts: 65.125.226.82 http://cnn.com
O1 - Hosts: 65.125.226.82 http://excite.com
O1 - Hosts: 65.125.226.82 http://alltheweb.com
O1 - Hosts: 65.125.226.82 http://looksmart.com
O1 - Hosts: 65.125.226.82 http://northernlight.com
O1 - Hosts: 65.125.226.82 http://alexa.com
O1 - Hosts: 65.125.226.82 http://search.aol.com
O1 - Hosts: 65.125.226.82 http://epilot.com
O1 - Hosts: 65.125.226.82 http://hotbot.com
O1 - Hosts: 65.125.226.82 http://search.netscape.com
O1 - Hosts: 65.125.226.82 http://infospace.com
O1 - Hosts: 65.125.226.82 http://www.epilot.com
O1 - Hosts: 65.125.226.82 http://www.hotbot.com
O1 - Hosts: 65.125.226.82 http://www.infospace.com
O1 - Hosts: 65.125.226.82 http://www.cnn.com
O1 - Hosts: 65.125.226.82 http://www.msn.com
O1 - Hosts: 65.125.226.82 http://www.altavista.com
O1 - Hosts: 65.125.226.82 http://www.lycos.com
O1 - Hosts: 65.125.226.82 http://www.google.com
O1 - Hosts: 65.125.226.82 http://www.yahoo.com
O1 - Hosts: 65.125.226.82 http://www.alexa.com
O1 - Hosts: 65.125.226.82 http://www.excite.com
O1 - Hosts: 65.125.226.82 http://www.alltheweb.com
O1 - Hosts: 65.125.226.82 http://www.looksmart.com
O1 - Hosts: 65.125.226.82 http://www.northernlight.com
O1 - Hosts: 65.125.226.85 http://thehun.com
O1 - Hosts: 65.125.226.85 http://thehun.net
O1 - Hosts: 65.125.226.85 http://world[censored].com
O1 - Hosts: 65.125.226.85 http://al4a.com
O1 - Hosts: 65.125.226.85 http://book-mark.net
O1 - Hosts: 65.125.226.85 http://easypic.com
O1 - Hosts: 65.125.226.85 http://call-kelly.com
O1 - Hosts: 65.125.226.85 http://sleazydream.com
O1 - Hosts: 65.125.226.85 http://amplandmovies.com
O1 - Hosts: 65.125.226.85 http://mature-post.com
O1 - Hosts: 65.125.226.85 http://www.thehun.com
O1 - Hosts: 65.125.226.85 http://www.thehun.net
O1 - Hosts: 65.125.226.85 http://www.world[censored].com
O1 - Hosts: 65.125.226.85 http://www.al4a.com
O1 - Hosts: 65.125.226.85 http://www.book-mark.net
O1 - Hosts: 65.125.226.85 http://www.easypic.com
O1 - Hosts: 65.125.226.85 http://www.call-kelly.com
O1 - Hosts: 65.125.226.85 http://www.sleazydream.com
O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com
O1 - Hosts: 65.125.226.85 http://www.mature-post.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [bearShare] "F:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102136621\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [sPSTEALT] "C:\Documents and Settings\Robert wagner\Desktop\TempToolbox.exe" /stealt
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [urbicqur] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://*.hentaiexposure.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://crackspider.net/crackspider.exe
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O21 - SSODL: eplrr9 - {FFD27454-936F-4174-90E4-0CA8ABF3AE52} - C:\WINDOWS\System32\mspdnx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
please if anyone can help me please let me know thank you
this is my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 7:54:44 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\COMMON~1\AOL\110213~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\COMMON~1\AOL\110213~1\EE\AOLServiceHost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Documents and Settings\Robert wagner\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://congratulations.travelengine.net/rprpromos/1000/winnerb8.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 65.125.226.82 http://yahoo.com
O1 - Hosts: 65.125.226.82 http://google.com
O1 - Hosts: 65.125.226.82 http://lycos.com
O1 - Hosts: 65.125.226.82 http://altavista.com
O1 - Hosts: 65.125.226.82 http://msn.com
O1 - Hosts: 65.125.226.82 http://search.msn.com
O1 - Hosts: 65.125.226.82 http://cnn.com
O1 - Hosts: 65.125.226.82 http://excite.com
O1 - Hosts: 65.125.226.82 http://alltheweb.com
O1 - Hosts: 65.125.226.82 http://looksmart.com
O1 - Hosts: 65.125.226.82 http://northernlight.com
O1 - Hosts: 65.125.226.82 http://alexa.com
O1 - Hosts: 65.125.226.82 http://search.aol.com
O1 - Hosts: 65.125.226.82 http://epilot.com
O1 - Hosts: 65.125.226.82 http://hotbot.com
O1 - Hosts: 65.125.226.82 http://search.netscape.com
O1 - Hosts: 65.125.226.82 http://infospace.com
O1 - Hosts: 65.125.226.82 http://www.epilot.com
O1 - Hosts: 65.125.226.82 http://www.hotbot.com
O1 - Hosts: 65.125.226.82 http://www.infospace.com
O1 - Hosts: 65.125.226.82 http://www.cnn.com
O1 - Hosts: 65.125.226.82 http://www.msn.com
O1 - Hosts: 65.125.226.82 http://www.altavista.com
O1 - Hosts: 65.125.226.82 http://www.lycos.com
O1 - Hosts: 65.125.226.82 http://www.google.com
O1 - Hosts: 65.125.226.82 http://www.yahoo.com
O1 - Hosts: 65.125.226.82 http://www.alexa.com
O1 - Hosts: 65.125.226.82 http://www.excite.com
O1 - Hosts: 65.125.226.82 http://www.alltheweb.com
O1 - Hosts: 65.125.226.82 http://www.looksmart.com
O1 - Hosts: 65.125.226.82 http://www.northernlight.com
O1 - Hosts: 65.125.226.85 http://thehun.com
O1 - Hosts: 65.125.226.85 http://thehun.net
O1 - Hosts: 65.125.226.85 http://world[censored].com
O1 - Hosts: 65.125.226.85 http://al4a.com
O1 - Hosts: 65.125.226.85 http://book-mark.net
O1 - Hosts: 65.125.226.85 http://easypic.com
O1 - Hosts: 65.125.226.85 http://call-kelly.com
O1 - Hosts: 65.125.226.85 http://sleazydream.com
O1 - Hosts: 65.125.226.85 http://amplandmovies.com
O1 - Hosts: 65.125.226.85 http://mature-post.com
O1 - Hosts: 65.125.226.85 http://www.thehun.com
O1 - Hosts: 65.125.226.85 http://www.thehun.net
O1 - Hosts: 65.125.226.85 http://www.world[censored].com
O1 - Hosts: 65.125.226.85 http://www.al4a.com
O1 - Hosts: 65.125.226.85 http://www.book-mark.net
O1 - Hosts: 65.125.226.85 http://www.easypic.com
O1 - Hosts: 65.125.226.85 http://www.call-kelly.com
O1 - Hosts: 65.125.226.85 http://www.sleazydream.com
O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com
O1 - Hosts: 65.125.226.85 http://www.mature-post.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [bearShare] "F:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102136621\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [sPSTEALT] "C:\Documents and Settings\Robert wagner\Desktop\TempToolbox.exe" /stealt
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [urbicqur] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://*.hentaiexposure.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://crackspider.net/crackspider.exe
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O21 - SSODL: eplrr9 - {FFD27454-936F-4174-90E4-0CA8ABF3AE52} - C:\WINDOWS\System32\mspdnx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
please if anyone can help me please let me know thank you
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Update your virus scanner.
Download and install Spybot - Search & Destroy.
Update it.
Download and install StartPage Guard
http://www.pjwalczak.com/spguard/
Reboot and start your XP in safe mode.
SpyBot S&D installed, go to the "Immunize" section.
Start StartPage Guard and use it to change the homepage to desired location.
Start scanning with Spybot and virus scanner, do complete system scan.
Rescan with hijack this.
Fix these with hijack, while scanning.
Originally posted by artemisdarkite:
Quote:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://congratulations.travelengine.net/rprpromos/1000/winnerb8.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 65.125.226.82 http://yahoo.com
O1 - Hosts: 65.125.226.82 http://google.com
O1 - Hosts: 65.125.226.82 http://lycos.com
O1 - Hosts: 65.125.226.82 http://altavista.com
O1 - Hosts: 65.125.226.82 http://msn.com
O1 - Hosts: 65.125.226.82 http://search.msn.com
O1 - Hosts: 65.125.226.82 http://cnn.com
O1 - Hosts: 65.125.226.82 http://excite.com
O1 - Hosts: 65.125.226.82 http://alltheweb.com
O1 - Hosts: 65.125.226.82 http://looksmart.com
O1 - Hosts: 65.125.226.82 http://northernlight.com
O1 - Hosts: 65.125.226.82 http://alexa.com
O1 - Hosts: 65.125.226.82 http://search.aol.com
O1 - Hosts: 65.125.226.82 http://epilot.com
O1 - Hosts: 65.125.226.82 http://hotbot.com
O1 - Hosts: 65.125.226.82 http://search.netscape.com
O1 - Hosts: 65.125.226.82 http://infospace.com
O1 - Hosts: 65.125.226.82 http://www.epilot.com
O1 - Hosts: 65.125.226.82 http://www.hotbot.com
O1 - Hosts: 65.125.226.82 http://www.infospace.com
O1 - Hosts: 65.125.226.82 http://www.cnn.com
O1 - Hosts: 65.125.226.82 http://www.msn.com
O1 - Hosts: 65.125.226.82 http://www.altavista.com
O1 - Hosts: 65.125.226.82 http://www.lycos.com
O1 - Hosts: 65.125.226.82 http://www.google.com
O1 - Hosts: 65.125.226.82 http://www.yahoo.com
O1 - Hosts: 65.125.226.82 http://www.alexa.com
O1 - Hosts: 65.125.226.82 http://www.excite.com
O1 - Hosts: 65.125.226.82 http://www.alltheweb.com
O1 - Hosts: 65.125.226.82 http://www.looksmart.com
O1 - Hosts: 65.125.226.82 http://www.northernlight.com
O1 - Hosts: 65.125.226.85 http://thehun.com
O1 - Hosts: 65.125.226.85 http://thehun.net
O1 - Hosts: 65.125.226.85 http://world[censored].com
O1 - Hosts: 65.125.226.85 http://al4a.com
O1 - Hosts: 65.125.226.85 http://book-mark.net
O1 - Hosts: 65.125.226.85 http://easypic.com
O1 - Hosts: 65.125.226.85 http://call-kelly.com
O1 - Hosts: 65.125.226.85 http://sleazydream.com
O1 - Hosts: 65.125.226.85 http://amplandmovies.com
O1 - Hosts: 65.125.226.85 http://mature-post.com
O1 - Hosts: 65.125.226.85 http://www.thehun.com
O1 - Hosts: 65.125.226.85 http://www.thehun.net
O1 - Hosts: 65.125.226.85 http://www.world[censored].com
O1 - Hosts: 65.125.226.85 http://www.al4a.com
O1 - Hosts: 65.125.226.85 http://www.book-mark.net
O1 - Hosts: 65.125.226.85 http://www.easypic.com
O1 - Hosts: 65.125.226.85 http://www.call-kelly.com
O1 - Hosts: 65.125.226.85 http://www.sleazydream.com
O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com
O1 - Hosts: 65.125.226.85 http://www.mature-post.com
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [urbicqur] C:\WINDOWS\System32\w?nspool.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://*.hentaiexposure.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://crackspider.net/crackspider.exe
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O21 - SSODL: eplrr9 - {FFD27454-936F-4174-90E4-0CA8ABF3AE52} - C:\WINDOWS\System32\mspdnx.dll
In XP, on the Tools menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file type. Uncheck Hide protected operating system files. Then, under the "Hidden files" folder, click Show hidden files and folders.
Delete "C:\WINDOWS\System32\mspdnx.dll" file.
Get a firewall.
And scan your pc at least once per month.
Download and install Spybot - Search & Destroy.
Update it.
Download and install StartPage Guard
http://www.pjwalczak.com/spguard/
Reboot and start your XP in safe mode.
SpyBot S&D installed, go to the "Immunize" section.
Start StartPage Guard and use it to change the homepage to desired location.
Start scanning with Spybot and virus scanner, do complete system scan.
Rescan with hijack this.
Fix these with hijack, while scanning.
Originally posted by artemisdarkite:
Quote:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://congratulations.travelengine.net/rprpromos/1000/winnerb8.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 65.125.226.82 http://yahoo.com
O1 - Hosts: 65.125.226.82 http://google.com
O1 - Hosts: 65.125.226.82 http://lycos.com
O1 - Hosts: 65.125.226.82 http://altavista.com
O1 - Hosts: 65.125.226.82 http://msn.com
O1 - Hosts: 65.125.226.82 http://search.msn.com
O1 - Hosts: 65.125.226.82 http://cnn.com
O1 - Hosts: 65.125.226.82 http://excite.com
O1 - Hosts: 65.125.226.82 http://alltheweb.com
O1 - Hosts: 65.125.226.82 http://looksmart.com
O1 - Hosts: 65.125.226.82 http://northernlight.com
O1 - Hosts: 65.125.226.82 http://alexa.com
O1 - Hosts: 65.125.226.82 http://search.aol.com
O1 - Hosts: 65.125.226.82 http://epilot.com
O1 - Hosts: 65.125.226.82 http://hotbot.com
O1 - Hosts: 65.125.226.82 http://search.netscape.com
O1 - Hosts: 65.125.226.82 http://infospace.com
O1 - Hosts: 65.125.226.82 http://www.epilot.com
O1 - Hosts: 65.125.226.82 http://www.hotbot.com
O1 - Hosts: 65.125.226.82 http://www.infospace.com
O1 - Hosts: 65.125.226.82 http://www.cnn.com
O1 - Hosts: 65.125.226.82 http://www.msn.com
O1 - Hosts: 65.125.226.82 http://www.altavista.com
O1 - Hosts: 65.125.226.82 http://www.lycos.com
O1 - Hosts: 65.125.226.82 http://www.google.com
O1 - Hosts: 65.125.226.82 http://www.yahoo.com
O1 - Hosts: 65.125.226.82 http://www.alexa.com
O1 - Hosts: 65.125.226.82 http://www.excite.com
O1 - Hosts: 65.125.226.82 http://www.alltheweb.com
O1 - Hosts: 65.125.226.82 http://www.looksmart.com
O1 - Hosts: 65.125.226.82 http://www.northernlight.com
O1 - Hosts: 65.125.226.85 http://thehun.com
O1 - Hosts: 65.125.226.85 http://thehun.net
O1 - Hosts: 65.125.226.85 http://world[censored].com
O1 - Hosts: 65.125.226.85 http://al4a.com
O1 - Hosts: 65.125.226.85 http://book-mark.net
O1 - Hosts: 65.125.226.85 http://easypic.com
O1 - Hosts: 65.125.226.85 http://call-kelly.com
O1 - Hosts: 65.125.226.85 http://sleazydream.com
O1 - Hosts: 65.125.226.85 http://amplandmovies.com
O1 - Hosts: 65.125.226.85 http://mature-post.com
O1 - Hosts: 65.125.226.85 http://www.thehun.com
O1 - Hosts: 65.125.226.85 http://www.thehun.net
O1 - Hosts: 65.125.226.85 http://www.world[censored].com
O1 - Hosts: 65.125.226.85 http://www.al4a.com
O1 - Hosts: 65.125.226.85 http://www.book-mark.net
O1 - Hosts: 65.125.226.85 http://www.easypic.com
O1 - Hosts: 65.125.226.85 http://www.call-kelly.com
O1 - Hosts: 65.125.226.85 http://www.sleazydream.com
O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com
O1 - Hosts: 65.125.226.85 http://www.mature-post.com
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [urbicqur] C:\WINDOWS\System32\w?nspool.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O13 - WWW. Prefix: http://
O15 - Trusted Zone: http://*.hentaiexposure.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://crackspider.net/crackspider.exe
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O21 - SSODL: eplrr9 - {FFD27454-936F-4174-90E4-0CA8ABF3AE52} - C:\WINDOWS\System32\mspdnx.dll
In XP, on the Tools menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file type. Uncheck Hide protected operating system files. Then, under the "Hidden files" folder, click Show hidden files and folders.
Delete "C:\WINDOWS\System32\mspdnx.dll" file.
Get a firewall.
And scan your pc at least once per month.