please help, for the love all that is good.

Discussion in 'adware, spyware & hijack cleaning' started by jammie, May 23, 2004.

Thread Status:
Not open for further replies.
  1. jammie
    Offline

    jammie Registered Member

    I ran spybot s&d, but still not positive it fully worked.
    My computer is being overan by pop ups, and selective target word advertising in all explorer pages now, and also my homepage is now a defaulted search engine although its set to be about:blank, and regardless of changing it, it stays that way.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:08:18 PM, on 5/23/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\2Wire\2PortalMon.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\dhsvr.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\unzipped\hijackthis1977[1]\HijackThis.exe
    C:\WINDOWS\sysupd.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freehqmovies.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freehqmovies.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
    O1 - Hosts: 209.8.161.233 worldsex.com
    O1 - Hosts: 209.8.161.233 voyeurweb.com
    O1 - Hosts: 209.8.161.233 sleazydream.com
    O1 - Hosts: 209.8.161.233 easypic.com
    O1 - Hosts: 209.8.161.233 mmm100.com
    O1 - Hosts: 209.8.161.233 thumbzilla.com
    O1 - Hosts: 209.8.161.233 video-post.com
    O1 - Hosts: 209.8.161.233 absolut-series.com
    O1 - Hosts: 209.8.161.233 mature-post.com
    O1 - Hosts: 209.8.161.233 call-kelly.com
    O1 - Hosts: 209.8.161.233 cowlist.com
    O1 - Hosts: 209.8.161.233 pornno.com
    O1 - Hosts: 209.8.161.233 *****.org
    O1 - Hosts: 209.8.161.233 pinkworld.com
    O1 - Hosts: 209.8.161.233 vidsvidsvids.com
    O1 - Hosts: 209.8.161.233 catlist.com
    O1 - Hosts: 209.8.161.233 teenax.com
    O1 - Hosts: 209.8.161.233 projectvoyeur.com
    O1 - Hosts: 209.8.161.233 buldog.com
    O1 - Hosts: 209.8.161.233 bunnyteens.com
    O1 - Hosts: 209.8.161.233 sugarnow.com
    O1 - Hosts: 209.8.161.233 freeones.com
    O1 - Hosts: 209.8.161.233 jennysbookmarks.com
    O1 - Hosts: 209.8.161.233 ****ingfreemovies.com
    O1 - Hosts: 209.8.161.233 jizzhut.com
    O1 - Hosts: 209.8.161.233 auntpolly.com
    O1 - Hosts: 209.8.161.233 zadina.com
    O1 - Hosts: 209.8.161.233 boneprone.com
    O1 - Hosts: 209.8.161.233 alexmovies.com
    O1 - Hosts: 209.8.161.233 grannypictures.com
    O1 - Hosts: 209.8.161.233 rawpussy.com
    O1 - Hosts: 209.8.161.233 stickyhole.com
    O1 - Hosts: 209.8.161.233 amsterdamsexxx.com
    O1 - Hosts: 209.8.161.233 babes4free.com
    O1 - Hosts: 209.8.161.233 ultradonkey.com
    O1 - Hosts: 209.8.161.233 persiankitty.com
    O1 - Hosts: 209.8.161.233 ah-me.com
    O1 - Hosts: 209.8.161.233 bangthumbs.com
    O1 - Hosts: 209.8.161.233 freeheaven.com
    O1 - Hosts: 209.8.161.233 freebigmovies.com
    O1 - Hosts: 209.8.161.233 voyeurzine.com
    O1 - Hosts: 209.8.161.233 hanksgalleries.com
    O1 - Hosts: 209.8.161.233 smashingthumbs.com
    O1 - Hosts: 209.8.161.233 adult-series.com
    O1 - Hosts: 209.8.161.233 smokinmovies.com
    O1 - Hosts: 209.8.161.233 hammervideo.com
    O1 - Hosts: 209.8.161.233 gallview.com
    O1 - Hosts: 209.8.161.233 ramis-movies.com
    O1 - Hosts: 209.8.161.233 www.worldsex.com
    O1 - Hosts: 209.8.161.233 www.voyeurweb.com
    O1 - Hosts: 209.8.161.233 www.sleazydream.com
    O1 - Hosts: 209.8.161.233 www.mmm100.com
    O1 - Hosts: 209.8.161.233 www.thumbzilla.com
    O1 - Hosts: 209.8.161.233 www.video-post.com
    O1 - Hosts: 209.8.161.233 www.absolut-series.com
    O1 - Hosts: 209.8.161.233 www.mature-post.com
    O1 - Hosts: 209.8.161.233 www.call-kelly.com
    O1 - Hosts: 209.8.161.233 www.cowlist.com
    O1 - Hosts: 209.8.161.233 www.pornno.com
    O1 - Hosts: 209.8.161.233 www.*****.org
    O1 - Hosts: 209.8.161.233 www.pinkworld.com
    O1 - Hosts: 209.8.161.233 www.vidsvidsvids.com
    O1 - Hosts: 209.8.161.233 www.catlist.com
    O1 - Hosts: 209.8.161.233 www.teenax.com
    O1 - Hosts: 209.8.161.233 www.projectvoyeur.com
    O1 - Hosts: 209.8.161.233 www.buldog.com
    O1 - Hosts: 209.8.161.233 www.bunnyteens.com
    O1 - Hosts: 209.8.161.233 www.sugarnow.com
    O1 - Hosts: 209.8.161.233 www.freeones.com
    O1 - Hosts: 209.8.161.233 www.jennysbookmarks.com
    O1 - Hosts: 209.8.161.233 www.****ingfreemovies.com
    O1 - Hosts: 209.8.161.233 www.jizzhut.com
    O1 - Hosts: 209.8.161.233 www.auntpolly.com
    O1 - Hosts: 209.8.161.233 www.zadina.com
    O1 - Hosts: 209.8.161.233 www.boneprone.com
    O1 - Hosts: 209.8.161.233 www.alexmovies.com
    O1 - Hosts: 209.8.161.233 www.grannypictures.com
    O1 - Hosts: 209.8.161.233 www.rawpussy.com
    O1 - Hosts: 209.8.161.233 www.stickyhole.com
    O1 - Hosts: 209.8.161.233 www.amsterdamsexxx.com
    O1 - Hosts: 209.8.161.233 www.babes4free.com
    O1 - Hosts: 209.8.161.233 www.ultradonkey.com
    O1 - Hosts: 209.8.161.233 www.persiankitty.com
    O1 - Hosts: 209.8.161.233 www.ah-me.com
    O1 - Hosts: 209.8.161.233 www.bangthumbs.com
    O1 - Hosts: 209.8.161.233 www.freeheaven.com
    O1 - Hosts: 209.8.161.233 www.freebigmovies.com
    O1 - Hosts: 209.8.161.233 www.voyeurzine.com
    O1 - Hosts: 209.8.161.233 www.hanksgalleries.com
    O1 - Hosts: 209.8.161.233 www.smashingthumbs.com
    O1 - Hosts: 209.8.161.233 www.adult-series.com
    O1 - Hosts: 209.8.161.233 www.smokinmovies.com
    O1 - Hosts: 209.8.161.233 www.hammervideo.com
    O1 - Hosts: 209.8.161.233 www.gallview.com
    O1 - Hosts: 209.8.161.233 www.ramis-movies.com
    O1 - Hosts: 209.8.161.233 lovetgp.com
    O1 - Hosts: 209.8.161.233 photos-de-cul.com
    O1 - Hosts: 209.8.161.233 vidsvidsvids.com
    O1 - Hosts: 209.8.161.233 gimmeporn.net
    O1 - Hosts: 209.8.161.233 teenvideos.tv
    O1 - Hosts: 209.8.161.233 bizarre-rituals.com
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
    O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdaim.dll
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mskpkc.dll
    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {6FE9E563-AF4C-4B91-86CC-D74E3674DD6E} - C:\WINDOWS\System32\jekcloo.dll
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
    O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
    O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
  2. Pieter_Arntz
    Offline

    Pieter_Arntz Spyware Veteran

    Hi jammie,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freehqmovies.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freehqmovies.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\jekcloo.dll/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
    O1 - Hosts: 209.8.161.233 worldsex.com
    O1 - Hosts: 209.8.161.233 voyeurweb.com
    O1 - Hosts: 209.8.161.233 sleazydream.com
    O1 - Hosts: 209.8.161.233 easypic.com
    O1 - Hosts: 209.8.161.233 mmm100.com
    O1 - Hosts: 209.8.161.233 thumbzilla.com
    O1 - Hosts: 209.8.161.233 video-post.com
    O1 - Hosts: 209.8.161.233 absolut-series.com
    O1 - Hosts: 209.8.161.233 mature-post.com
    O1 - Hosts: 209.8.161.233 call-kelly.com
    O1 - Hosts: 209.8.161.233 cowlist.com
    O1 - Hosts: 209.8.161.233 pornno.com
    O1 - Hosts: 209.8.161.233 *****.org
    O1 - Hosts: 209.8.161.233 pinkworld.com
    O1 - Hosts: 209.8.161.233 vidsvidsvids.com
    O1 - Hosts: 209.8.161.233 catlist.com
    O1 - Hosts: 209.8.161.233 teenax.com
    O1 - Hosts: 209.8.161.233 projectvoyeur.com
    O1 - Hosts: 209.8.161.233 buldog.com
    O1 - Hosts: 209.8.161.233 bunnyteens.com
    O1 - Hosts: 209.8.161.233 sugarnow.com
    O1 - Hosts: 209.8.161.233 freeones.com
    O1 - Hosts: 209.8.161.233 jennysbookmarks.com
    O1 - Hosts: 209.8.161.233 ****ingfreemovies.com
    O1 - Hosts: 209.8.161.233 jizzhut.com
    O1 - Hosts: 209.8.161.233 auntpolly.com
    O1 - Hosts: 209.8.161.233 zadina.com
    O1 - Hosts: 209.8.161.233 boneprone.com
    O1 - Hosts: 209.8.161.233 alexmovies.com
    O1 - Hosts: 209.8.161.233 grannypictures.com
    O1 - Hosts: 209.8.161.233 rawpussy.com
    O1 - Hosts: 209.8.161.233 stickyhole.com
    O1 - Hosts: 209.8.161.233 amsterdamsexxx.com
    O1 - Hosts: 209.8.161.233 babes4free.com
    O1 - Hosts: 209.8.161.233 ultradonkey.com
    O1 - Hosts: 209.8.161.233 persiankitty.com
    O1 - Hosts: 209.8.161.233 ah-me.com
    O1 - Hosts: 209.8.161.233 bangthumbs.com
    O1 - Hosts: 209.8.161.233 freeheaven.com
    O1 - Hosts: 209.8.161.233 freebigmovies.com
    O1 - Hosts: 209.8.161.233 voyeurzine.com
    O1 - Hosts: 209.8.161.233 hanksgalleries.com
    O1 - Hosts: 209.8.161.233 smashingthumbs.com
    O1 - Hosts: 209.8.161.233 adult-series.com
    O1 - Hosts: 209.8.161.233 smokinmovies.com
    O1 - Hosts: 209.8.161.233 hammervideo.com
    O1 - Hosts: 209.8.161.233 gallview.com
    O1 - Hosts: 209.8.161.233 ramis-movies.com
    O1 - Hosts: 209.8.161.233 www.worldsex.com
    O1 - Hosts: 209.8.161.233 www.voyeurweb.com
    O1 - Hosts: 209.8.161.233 www.sleazydream.com
    O1 - Hosts: 209.8.161.233 www.mmm100.com
    O1 - Hosts: 209.8.161.233 www.thumbzilla.com
    O1 - Hosts: 209.8.161.233 www.video-post.com
    O1 - Hosts: 209.8.161.233 www.absolut-series.com
    O1 - Hosts: 209.8.161.233 www.mature-post.com
    O1 - Hosts: 209.8.161.233 www.call-kelly.com
    O1 - Hosts: 209.8.161.233 www.cowlist.com
    O1 - Hosts: 209.8.161.233 www.pornno.com
    O1 - Hosts: 209.8.161.233 www.*****.org
    O1 - Hosts: 209.8.161.233 www.pinkworld.com
    O1 - Hosts: 209.8.161.233 www.vidsvidsvids.com
    O1 - Hosts: 209.8.161.233 www.catlist.com
    O1 - Hosts: 209.8.161.233 www.teenax.com
    O1 - Hosts: 209.8.161.233 www.projectvoyeur.com
    O1 - Hosts: 209.8.161.233 www.buldog.com
    O1 - Hosts: 209.8.161.233 www.bunnyteens.com
    O1 - Hosts: 209.8.161.233 www.sugarnow.com
    O1 - Hosts: 209.8.161.233 www.freeones.com
    O1 - Hosts: 209.8.161.233 www.jennysbookmarks.com
    O1 - Hosts: 209.8.161.233 www.****ingfreemovies.com
    O1 - Hosts: 209.8.161.233 www.jizzhut.com
    O1 - Hosts: 209.8.161.233 www.auntpolly.com
    O1 - Hosts: 209.8.161.233 www.zadina.com
    O1 - Hosts: 209.8.161.233 www.boneprone.com
    O1 - Hosts: 209.8.161.233 www.alexmovies.com
    O1 - Hosts: 209.8.161.233 www.grannypictures.com
    O1 - Hosts: 209.8.161.233 www.rawpussy.com
    O1 - Hosts: 209.8.161.233 www.stickyhole.com
    O1 - Hosts: 209.8.161.233 www.amsterdamsexxx.com
    O1 - Hosts: 209.8.161.233 www.babes4free.com
    O1 - Hosts: 209.8.161.233 www.ultradonkey.com
    O1 - Hosts: 209.8.161.233 www.persiankitty.com
    O1 - Hosts: 209.8.161.233 www.ah-me.com
    O1 - Hosts: 209.8.161.233 www.bangthumbs.com
    O1 - Hosts: 209.8.161.233 www.freeheaven.com
    O1 - Hosts: 209.8.161.233 www.freebigmovies.com
    O1 - Hosts: 209.8.161.233 www.voyeurzine.com
    O1 - Hosts: 209.8.161.233 www.hanksgalleries.com
    O1 - Hosts: 209.8.161.233 www.smashingthumbs.com
    O1 - Hosts: 209.8.161.233 www.adult-series.com
    O1 - Hosts: 209.8.161.233 www.smokinmovies.com
    O1 - Hosts: 209.8.161.233 www.hammervideo.com
    O1 - Hosts: 209.8.161.233 www.gallview.com
    O1 - Hosts: 209.8.161.233 www.ramis-movies.com
    O1 - Hosts: 209.8.161.233 lovetgp.com
    O1 - Hosts: 209.8.161.233 photos-de-cul.com
    O1 - Hosts: 209.8.161.233 vidsvidsvids.com
    O1 - Hosts: 209.8.161.233 gimmeporn.net
    O1 - Hosts: 209.8.161.233 teenvideos.tv
    O1 - Hosts: 209.8.161.233 bizarre-rituals.com
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll

    O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
    O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msdaim.dll
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mskpkc.dll
    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll

    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
    O2 - BHO: (no name) - {6FE9E563-AF4C-4B91-86CC-D74E3674DD6E} - C:\WINDOWS\System32\jekcloo.dll
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll
    O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
    O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
    O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

    O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
    O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

    Then reboot into safe mode and delete:
    C:\Program Files\TV Media <= entire folder
    C:\Program Files\couponsandoffers
    C:\WINDOWS\sysupd.exe
    c:\windows\msbb.exe
    C:\Program Files\zSearch
    C:\Program Files\Common files\updater\wupdater.exe
    C:\WINDOWS\System32\msgked.exe

    Update Windows and IE as soon as possible.
    Then follow instructions here:
    http://www.wilderssecurity.com/showpost.php?p=162440&postcount=4

    Regards,

    Pieter
Thread Status:
Not open for further replies.