Just finished cleaning my PC...

Discussion in 'adware, spyware & hijack cleaning' started by Micharus, Mar 13, 2004.

Thread Status:
Not open for further replies.
  1. Micharus

    Micharus Registered Member

    Joined:
    Mar 13, 2004
    Posts:
    5
    Hey all. I just finished cleaning my PC, I hope I got rid of everything.
    One mistake and I got loaded up with *heaps* of spyware/malware ect.

    Anyway, I discovered a nasty that I couldn't move so I went looking for a solution and found this place. I've d/l'd "Hijackthis" and I already have both "AdAware" and "Spybot S&D", so after following the instructions as posted, here is my "Hijackthis" log for you wonderfull peeps to have a look at and tell me if there is anything that just *has* to go!

    Logfile of HijackThis v1.97.5
    Scan saved at 2:47:44 AM, on 3/14/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\PROGRAM FILES\COMPUTER ASSOCIATES\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SETI@HOME\SETI@HOME.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\VETMSG9X.EXE
    C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE
    C:\WINDOWS\POWERS.EXE
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
    C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXMEM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pcworld.idg.com.au
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.iinet.net.au/
    O1 - Hosts: 208.181.61.118 iplounge
    O2 - BHO: (no name) - {4F376EDF-E183-43A5-80F7-C46C52F7CA57} - C:\WINDOWS\AJ3L6UPR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VETTRAY.EXE
    O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [RadBoot] C:\PROGRAM FILES\RADLINKER\RadBoot.exe
    O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE"
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\Powers.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [xKcSjn3P1] C:\WINDOWS\a0Y113.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
    O4 - Startup: Shortcut to maxmem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
    O4 - User Startup: Start GetRight.lnk = C:\Program Files\GetRight\getright.exe
    O4 - User Startup: Shortcut to maxmem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .vdo: C:\PROGRA~1\INTERN~1\plugins\npvdo32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://pcworld.idg.com.au
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10fe318e1dd50d841905/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.3412731482
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/ieplugin.CAB
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iinet.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iinet.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 203.0.178.191



    Thanks in advance for any help :D
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Micharus,

    Welcome to Wilders.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {4F376EDF-E183-43A5-80F7-C46C52F7CA57} - C:\WINDOWS\AJ3L6UPR.DLL

    O4 - HKLM\..\Run: [xKcSjn3P1] C:\WINDOWS\a0Y113.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10fe318e1dd50d841905/netzip/RdxIE601.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/ieplugin.CAB
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

    Then reboot into safe mode, and zip the following files before deletion and e-mail them to Pieter at the address in his profile. Please include a link to this thread.
    C:\WINDOWS\a0Y113.exe

    Then delete the following:

    C:\WINDOWS\AJ3L6UPR.DLL
    C:\WINDOWS\a0Y113.exe

    Reboot and then post a fresh HijackThis log.

    Is http://www.iinet.net.au/ your ISP?

    Also I would recommend getting rid of GetRight. "GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs". There are better Download Managers and you can find some here. Scroll down near the bottom under the misc category.

    Regards,
    Kent
     
  3. Micharus

    Micharus Registered Member

    Joined:
    Mar 13, 2004
    Posts:
    5
    Ok here is the next "HijackThis" log, made after I followed the instructions given. That file (zipped of course) will be sent to Pieter shortly.

    Logfile of HijackThis v1.97.5
    Scan saved at 10:56:36 AM, on 3/14/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMPUTER ASSOCIATES\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
    C:\PROGRAM FILES\SETI@HOME\SETI@HOME.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\VETMSG9X.EXE
    C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE
    C:\WINDOWS\POWERS.EXE
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXMEM.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pcworld.idg.com.au
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.iinet.net.au/
    O1 - Hosts: 208.181.61.118 iplounge
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VETTRAY.EXE
    O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
    O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [RadBoot] C:\PROGRAM FILES\RADLINKER\RadBoot.exe
    O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE"
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\Powers.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
    O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
    O4 - Startup: Shortcut to maxmem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
    O4 - User Startup: Shortcut to maxmem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .vdo: C:\PROGRA~1\INTERN~1\plugins\npvdo32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://pcworld.idg.com.au
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37874.3412731482
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iinet.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iinet.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 203.0.178.191

    Yes, iinet.net.au is my ISP, any particular reason?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Micharus,

    Thanks for the file. It is this malware:
    http://www.wilderssecurity.com/showthread.php?t=15983;start=15#msg128586
    Your log is clean now. :)

    Regards,

    Pieter
     
  5. Micharus

    Micharus Registered Member

    Joined:
    Mar 13, 2004
    Posts:
    5
    Many thanks to Pieter and Puff-m-d, I was quietly going mad trying to get rid of the roings 'bug'.

    I would use Ad-Aware to get rid of the reg keys and then reboot, re-run Ad-Aware and they would be back again!

    I've seen this sort of thing before, but I didn't know which file was reloading them and didn't know enough to know where to start looking.

    Thanks for the help :)
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Micharus,

    I am glad that Pieter and myself was able to help....

    I asked about your ISP because of these entries in your HJT log:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.iinet.net.au/
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = iinet.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = iinet.net.au

    There is one more entry I have a question about.
    O1 - Hosts: 208.181.61.118 iplounge
    Do you recognize it?
    If you do not, then remove it with HJT....
    If you do, what is it?

    Regards,
    Kent
     
  7. Micharus

    Micharus Registered Member

    Joined:
    Mar 13, 2004
    Posts:
    5
    Yes, I do know what that is and to answer your question, that would be a setting for a program I have called "IPLounge" which is used to race Porsche 2000/Unlimited on-line, since the servers that EA was running were shut down.

    It's 3rd party, non-commercial software that is available for free and as far as I know it's not spyware or adware ;)
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Micharus,

    It is OK to leave that enty as long as you know what it is. Your log looks good now.

    Regards,
    Kent
     
Thread Status:
Not open for further replies.