Can someone one help me? My homepage has been high jacked

[artemisdarkite 0]

I have tried everything that I know but it won't go away

 

this is my hijack log

 

Logfile of HijackThis v1.99.1

Scan saved at 7:54:44 PM, on 3/20/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\PROGRA~1\COMMON~1\AOL\110213~1\EE\AOLHOS~1.EXE

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\PROGRA~1\COMMON~1\AOL\110213~1\EE\AOLServiceHost.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\America Online 9.0d\waol.exe

C:\Program Files\America Online 9.0d\shellmon.exe

C:\Documents and Settings\Robert wagner\Desktop\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://congratulations.travelengine.net/rprpromos/1000/winnerb8.html

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O1 - Hosts: 65.125.226.82 http://yahoo.com

O1 - Hosts: 65.125.226.82 http://google.com

O1 - Hosts: 65.125.226.82 http://lycos.com

O1 - Hosts: 65.125.226.82 http://altavista.com

O1 - Hosts: 65.125.226.82 http://msn.com

O1 - Hosts: 65.125.226.82 http://search.msn.com

O1 - Hosts: 65.125.226.82 http://cnn.com

O1 - Hosts: 65.125.226.82 http://excite.com

O1 - Hosts: 65.125.226.82 http://alltheweb.com

O1 - Hosts: 65.125.226.82 http://looksmart.com

O1 - Hosts: 65.125.226.82 http://northernlight.com

O1 - Hosts: 65.125.226.82 http://alexa.com

O1 - Hosts: 65.125.226.82 http://search.aol.com

O1 - Hosts: 65.125.226.82 http://epilot.com

O1 - Hosts: 65.125.226.82 http://hotbot.com

O1 - Hosts: 65.125.226.82 http://search.netscape.com

O1 - Hosts: 65.125.226.82 http://infospace.com

O1 - Hosts: 65.125.226.82 http://www.epilot.com

O1 - Hosts: 65.125.226.82 http://www.hotbot.com

O1 - Hosts: 65.125.226.82 http://www.infospace.com

O1 - Hosts: 65.125.226.82 http://www.cnn.com

O1 - Hosts: 65.125.226.82 http://www.msn.com

O1 - Hosts: 65.125.226.82 http://www.altavista.com

O1 - Hosts: 65.125.226.82 http://www.lycos.com

O1 - Hosts: 65.125.226.82 http://www.google.com

O1 - Hosts: 65.125.226.82 http://www.yahoo.com

O1 - Hosts: 65.125.226.82 http://www.alexa.com

O1 - Hosts: 65.125.226.82 http://www.excite.com

O1 - Hosts: 65.125.226.82 http://www.alltheweb.com

O1 - Hosts: 65.125.226.82 http://www.looksmart.com

O1 - Hosts: 65.125.226.82 http://www.northernlight.com

O1 - Hosts: 65.125.226.85 http://thehun.com

O1 - Hosts: 65.125.226.85 http://thehun.net

O1 - Hosts: 65.125.226.85 http://world[censored].com

O1 - Hosts: 65.125.226.85 http://al4a.com

O1 - Hosts: 65.125.226.85 http://book-mark.net

O1 - Hosts: 65.125.226.85 http://easypic.com

O1 - Hosts: 65.125.226.85 http://call-kelly.com

O1 - Hosts: 65.125.226.85 http://sleazydream.com

O1 - Hosts: 65.125.226.85 http://amplandmovies.com

O1 - Hosts: 65.125.226.85 http://mature-post.com

O1 - Hosts: 65.125.226.85 http://www.thehun.com

O1 - Hosts: 65.125.226.85 http://www.thehun.net

O1 - Hosts: 65.125.226.85 http://www.world[censored].com

O1 - Hosts: 65.125.226.85 http://www.al4a.com

O1 - Hosts: 65.125.226.85 http://www.book-mark.net

O1 - Hosts: 65.125.226.85 http://www.easypic.com

O1 - Hosts: 65.125.226.85 http://www.call-kelly.com

O1 - Hosts: 65.125.226.85 http://www.sleazydream.com

O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com

O1 - Hosts: 65.125.226.85 http://www.mature-post.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [bearShare] "F:\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102136621\EE\AOLHostManager.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [sPSTEALT] "C:\Documents and Settings\Robert wagner\Desktop\TempToolbox.exe" /stealt

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [urbicqur] C:\WINDOWS\System32\w?nspool.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b

O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - WWW. Prefix: http://

O15 - Trusted Zone: http://*.hentaiexposure.com

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab

O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://crackspider.net/crackspider.exe

O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx

O21 - SSODL: eplrr9 - {FFD27454-936F-4174-90E4-0CA8ABF3AE52} - C:\WINDOWS\System32\mspdnx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

 

please if anyone can help me please let me know thank you

 

[Wilhelmus 1]

Update your virus scanner.

Download and install Spybot - Search & Destroy.

Update it.

Download and install StartPage Guard

http://www.pjwalczak.com/spguard/

 

Reboot and start your XP in safe mode.

SpyBot S&D installed, go to the "Immunize" section.

Start StartPage Guard and use it to change the homepage to desired location.

 

Start scanning with Spybot and virus scanner, do complete system scan.

Rescan with hijack this.

 

Fix these with hijack, while scanning.

Originally posted by artemisdarkite:

Quote:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://congratulations.travelengine.net/rprpromos/1000/winnerb8.html

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O1 - Hosts: 65.125.226.82 http://yahoo.com

O1 - Hosts: 65.125.226.82 http://google.com

O1 - Hosts: 65.125.226.82 http://lycos.com

O1 - Hosts: 65.125.226.82 http://altavista.com

O1 - Hosts: 65.125.226.82 http://msn.com

O1 - Hosts: 65.125.226.82 http://search.msn.com

O1 - Hosts: 65.125.226.82 http://cnn.com

O1 - Hosts: 65.125.226.82 http://excite.com

O1 - Hosts: 65.125.226.82 http://alltheweb.com

O1 - Hosts: 65.125.226.82 http://looksmart.com

O1 - Hosts: 65.125.226.82 http://northernlight.com

O1 - Hosts: 65.125.226.82 http://alexa.com

O1 - Hosts: 65.125.226.82 http://search.aol.com

O1 - Hosts: 65.125.226.82 http://epilot.com

O1 - Hosts: 65.125.226.82 http://hotbot.com

O1 - Hosts: 65.125.226.82 http://search.netscape.com

O1 - Hosts: 65.125.226.82 http://infospace.com

O1 - Hosts: 65.125.226.82 http://www.epilot.com

O1 - Hosts: 65.125.226.82 http://www.hotbot.com

O1 - Hosts: 65.125.226.82 http://www.infospace.com

O1 - Hosts: 65.125.226.82 http://www.cnn.com

O1 - Hosts: 65.125.226.82 http://www.msn.com

O1 - Hosts: 65.125.226.82 http://www.altavista.com

O1 - Hosts: 65.125.226.82 http://www.lycos.com

O1 - Hosts: 65.125.226.82 http://www.google.com

O1 - Hosts: 65.125.226.82 http://www.yahoo.com

O1 - Hosts: 65.125.226.82 http://www.alexa.com

O1 - Hosts: 65.125.226.82 http://www.excite.com

O1 - Hosts: 65.125.226.82 http://www.alltheweb.com

O1 - Hosts: 65.125.226.82 http://www.looksmart.com

O1 - Hosts: 65.125.226.82 http://www.northernlight.com

O1 - Hosts: 65.125.226.85 http://thehun.com

O1 - Hosts: 65.125.226.85 http://thehun.net

O1 - Hosts: 65.125.226.85 http://world[censored].com

O1 - Hosts: 65.125.226.85 http://al4a.com

O1 - Hosts: 65.125.226.85 http://book-mark.net

O1 - Hosts: 65.125.226.85 http://easypic.com

O1 - Hosts: 65.125.226.85 http://call-kelly.com

O1 - Hosts: 65.125.226.85 http://sleazydream.com

O1 - Hosts: 65.125.226.85 http://amplandmovies.com

O1 - Hosts: 65.125.226.85 http://mature-post.com

O1 - Hosts: 65.125.226.85 http://www.thehun.com

O1 - Hosts: 65.125.226.85 http://www.thehun.net

O1 - Hosts: 65.125.226.85 http://www.world[censored].com

O1 - Hosts: 65.125.226.85 http://www.al4a.com

O1 - Hosts: 65.125.226.85 http://www.book-mark.net

O1 - Hosts: 65.125.226.85 http://www.easypic.com

O1 - Hosts: 65.125.226.85 http://www.call-kelly.com

O1 - Hosts: 65.125.226.85 http://www.sleazydream.com

O1 - Hosts: 65.125.226.85 http://www.amplandmovies.com

O1 - Hosts: 65.125.226.85 http://www.mature-post.com

 

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [urbicqur] C:\WINDOWS\System32\w?nspool.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O13 - WWW. Prefix: http://

O15 - Trusted Zone: http://*.hentaiexposure.com

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab

O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://crackspider.net/crackspider.exe

O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab

 

O21 - SSODL: eplrr9 - {FFD27454-936F-4174-90E4-0CA8ABF3AE52} - C:\WINDOWS\System32\mspdnx.dll

 

In XP, on the Tools menu, click Folder Options.

On the View tab, uncheck Hide file extensions for known file type. Uncheck Hide protected operating system files. Then, under the "Hidden files" folder, click Show hidden files and folders.

 

Delete "C:\WINDOWS\System32\mspdnx.dll" file.

 

Get a firewall.

And scan your pc at least once per month.