0

Logfile of HijackThis v1.99.0
Scan saved at 9:56:31 PM, on 2/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inetg\services.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\steven\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://v73.us
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10013/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v73.us/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.v73.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.157.225.36:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - c:\windows\20040818\SERCH_~1.DLL
F3 - REG:win.ini: run=C:\WINDOWS\inetg\services.exe
O1 - Hosts: 65.125.226.82 www.lycos.com
O1 - Hosts: 65.125.226.82 www.altavista.com
O1 - Hosts: 65.125.226.82 www.cnn.com
O1 - Hosts: 65.125.226.82 www.infospace.com
O1 - Hosts: 65.125.226.82 www.mail.com
O1 - Hosts: 65.125.226.82 www.hotmail.com
O1 - Hosts: 65.125.226.82 www.yahoo.com
O1 - Hosts: 65.125.226.82 www.gg.com
O1 - Hosts: 65.125.226.82 www.gmail.com
O1 - Hosts: 65.125.226.82 www.google.com
O1 - Hosts: 65.125.226.82 www.icq.com
O1 - Hosts: 65.125.226.82 www.norton.com
O1 - Hosts: 65.125.226.82 www.microsoft.com
O1 - Hosts: 65.125.226.82 www.msn.com
O1 - Hosts: 65.125.226.85 www.thehun.com
O1 - Hosts: 65.125.226.85 www.thehun.net
O1 - Hosts: 65.125.226.85 www.worldsex.com
O1 - Hosts: 65.125.226.85 www.al4a.com
O1 - Hosts: 65.125.226.85 www.book-mark.net
O1 - Hosts: 65.125.226.85 www.easypic.com
O1 - Hosts: 65.125.226.85 www.call-kelly.com
O1 - Hosts: 65.125.226.85 www.sleazydream.com
O1 - Hosts: 65.125.226.85 www.amplandmovies.com
O1 - Hosts: 65.125.226.85 www.mature-post.com
O1 - Hosts: 65.125.226.82 lycos.com
O1 - Hosts: 65.125.226.82 altavista.com
O1 - Hosts: 65.125.226.82 cnn.com
O1 - Hosts: 65.125.226.82 infospace.com
O1 - Hosts: 65.125.226.82 mail.com
O1 - Hosts: 65.125.226.82 hotmail.com
O1 - Hosts: 65.125.226.82 yahoo.com
O1 - Hosts: 65.125.226.82 gg.com
O1 - Hosts: 65.125.226.82 gmail.com
O1 - Hosts: 65.125.226.82 google.com
O1 - Hosts: 65.125.226.82 icq.com
O1 - Hosts: 65.125.226.82 norton.com
O1 - Hosts: 65.125.226.82 microsoft.com
O1 - Hosts: 65.125.226.82 msn.com
O1 - Hosts: 65.125.226.85 thehun.com
O1 - Hosts: 65.125.226.85 thehun.net
O1 - Hosts: 65.125.226.85 worldsex.com
O1 - Hosts: 65.125.226.85 al4a.com
O1 - Hosts: 65.125.226.85 book-mark.net
O1 - Hosts: 65.125.226.85 easypic.com
O1 - Hosts: 65.125.226.85 call-kelly.com
O1 - Hosts: 65.125.226.85 sleazydream.com
O1 - Hosts: 65.125.226.85 amplandmovies.com
O1 - Hosts: 65.125.226.85 mature-post.com
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: Popup Blocker - {815A82AE-CDEF-11D8-BA48-A6D245798277} - c:\windows\20040818\TOOLBA~1.DLL
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetg\services.exe
O4 - HKLM\..\RunOnce: [*winset16] C:\WINDOWS\System32\winset32.exe
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetg\services.exe
O4 - HKCU\..\RunOnce: [*winset16] C:\WINDOWS\System32\winset32.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

2
Contributors
1
Reply
2
Views
12 Years
Discussion Span
Last Post by crunchie
0

Split your post to your own thread. Please do not tag on to the end of other members posts, even though it may appear that they no longer require assistance. You may be missed completely and not get the help you need :).

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "calsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

Follow these steps to download and run the removal tool:

1. Download the FixVundo.exe file from: http://securityresponse.symantec.com/avcenter/FixVundo.exe
2. Save the file to a convenient location, such as your Windows desktop.
3. Close all the running programs.
4. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
5. If you are running Windows Me or XP, turn off System Restore. Do Start->Control Panel->System, System restore. Check "Turn off System Restore" and reboot.
6. Locate the file that you just downloaded.
7. Double-click the FixVundo.exe file to start the removal tool.
8. Click Start to begin the process, and then allow the tool to run.

Important: Do not launch any new applications while the tool is running.

9. Restart the computer.
10. Run the removal tool again to ensure that the system is clean.
11. If you are running Windows Me/XP, then re-enable System Restore.(Check the box)
12. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.

Post a new hijackthis log when done.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.