Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:42, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Darren Denton\Local Settings\Temporary Internet Files\Content.IE5\O20FTKVE\WinRAR[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Darren Denton\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 204.16.197.121 http://www.yahoo.com
O1 - Hosts: 204.16.197.121 http://www.google.com
O1 - Hosts: 204.16.197.121 http://www.myspace.com
O1 - Hosts: 204.16.197.121 http://www.youtube.com
O1 - Hosts: 204.16.197.121 http://www.facebook.com
O1 - Hosts: 204.16.197.121 http://www.live.com
O1 - Hosts: 204.16.197.121 http://www.msn.com
O1 - Hosts: 204.16.197.121 http://www.wikipedia.org
O1 - Hosts: 204.16.197.121 http://www.ebay.com
O1 - Hosts: 204.16.197.121 http://www.aol.com
O1 - Hosts: 204.16.197.121 http://www.craigslist.org
O1 - Hosts: 204.16.197.121 http://www.blogger.com
O1 - Hosts: 204.16.197.121 http://www.go.com
O1 - Hosts: 204.16.197.121 http://www.amazon.com
O1 - Hosts: 204.16.197.121 http://www.cnn.com
O1 - Hosts: 204.16.197.121 espn.go.com
O1 - Hosts: 204.16.197.121 http://www.espn.com
O1 - Hosts: 204.16.197.121 http://www.photobucket.com
O1 - Hosts: 204.16.197.121 http://www.microsoft.com
O1 - Hosts: 204.16.197.121 http://www.comcast.net
O1 - Hosts: 204.16.197.121 http://www.imdb.com
O1 - Hosts: 204.16.197.121 http://www.wordpress.com
O1 - Hosts: 204.16.197.121 http://www.nytimes.com
O1 - Hosts: 204.16.197.121 http://www.weather.com
O1 - Hosts: 204.16.197.121 http://www.ask.com
O1 - Hosts: 204.16.197.121 http://www.aim.com
O1 - Hosts: 204.16.197.121 http://www.apple.com
O1 - Hosts: 204.16.197.121 http://www.mapquest.com
O1 - Hosts: 204.16.197.121 http://www.youporn.com
O1 - Hosts: 204.16.197.121 http://www.fastclick.com
O1 - Hosts: 204.16.197.121 http://www.pornhub.com
O1 - Hosts: 204.16.197.121 http://www.rapidshare.com
O1 - Hosts: 204.16.197.121 http://www.pogo.com
O1 - Hosts: 204.16.197.121 http://www.redtube.com
O1 - Hosts: 204.16.197.121 http://www.doubleclick.com
O1 - Hosts: 204.16.197.121 http://www.att.com
O1 - Hosts: 204.16.197.121 http://www.adobe.com
O1 - Hosts: 204.16.197.121 http://www.vnn.com
O1 - Hosts: 204.16.197.121 http://www.sportsline.com
O1 - Hosts: 204.16.197.121 http://www.netflix.com
O1 - Hosts: 204.16.197.121 http://www.dell.com
O1 - Hosts: 204.16.197.121 http://www.google.co.uk
O1 - Hosts: 204.16.197.121 http://www.bbc.co.uk
O1 - Hosts: 204.16.197.121 http://www.ebay.co.uk
O1 - Hosts: 204.16.197.121 http://www.bebo.com
O1 - Hosts: 204.16.197.121 http://www.amazon.co.uk
O1 - Hosts: 204.16.197.121 http://www.sky.com
O1 - Hosts: 204.16.197.121 http://www.virginmedia.com
O1 - Hosts: 204.16.197.121 http://www.aol.co.uk
O1 - Hosts: 204.16.197.121 http://www.hsbc.co.uk
O1 - Hosts: 204.16.197.121 http://www.antispyware.com
O1 - Hosts: 204.16.197.121 http://www.antispy.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [explore] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DARREN~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5633434751
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6440 bytes
Sum1 please help me i am in need of it
edit.
i follow ur little guide thingy and i have the internet pages back where they used to say that i had to pay 40$ to download sumats to get rid of completetala. But the checkbox saying 'hehehehehehehehh' still comes up.
and i have also noticed that whenever i restart my laptop then the internet shows the 40$ pages again
plz help me again
edit/Shaba: Created own topic. Please DON'T post to someone else's topic.