Help Me Kaolin!!!!11!11 : )Follow

I foolishly tried looking for a Nero Burning Rom crack for someone, when I noticed one of those damn pages said it was "installing cab" so I closed it right away.


Now every 5 minutes something puts files on my desktop, start menu, and favorites folder. It changes my Homepage too.

I've run Lavasoft Ad-Aware and AVG Anti-virus, cleared out all cookies and temp files, but it keeps coming back.

I'm thinking I need to delete something in the registry? Any advice?


thanks. you've earned a

wow, thanks for the quick response.

It set it to http://freednshost.info/

Ok, I ran Hijackthis, and here's the log file I got:

 
Logfile of HijackThis v1.97.7 
Scan saved at 3:43:07 PM, on 4/22/2004 
Platform: Windows XP  (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 (6.00.2600.0000) 
 
Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\System32\Ati2evxx.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\Ati2evxx.exe 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
C:\Program Files\Grisoft\AVG6\avgcc32.exe 
C:\Program Files\Microsoft IntelliPoint\point32.exe 
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe 
C:\WINDOWS\System32\CTHELPER.EXE 
C:\Program Files\D-Tools\daemon.exe 
C:\Program Files\Winamp\winampa.exe 
C:\WINDOWS\svchost.exe 
C:\Program Files\AIM95\aim.exe 
C:\WINDOWS\System32\devldr32.exe 
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe 
C:\Documents and Settings\Administrator\Desktop\Program Installs\hijackthis\HijackThis.exe 
 
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/ 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/ 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/ 
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://freednshost.info/page/ 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freednshost.info/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freednshost.info/page/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freednshost.info/page/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freednshost.info/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freednshost.info/page/ 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *r5.attbi.com;<local> 
O1 - Hosts: 213.159.118.226 collections.inhost.info 
O1 - Hosts: 213.159.118.226 collections.inhost2.info 
O1 - Hosts: 213.159.118.226 1-se.com 
O1 - Hosts: 213.159.118.226 58q.com 
O1 - Hosts: 213.159.118.226 aifind.cc 
O1 - Hosts: 213.159.118.226 aifind.info 
O1 - Hosts: 213.159.118.226 allneedsearch.com 
O1 - Hosts: 213.159.118.226 approvedlinks.com 
O1 - Hosts: 213.159.118.226 auto.ie.searchforge.com 
O1 - Hosts: 213.159.118.226 awebfind.biz 
O1 - Hosts: 213.159.118.226 best.royalsearch.net 
O1 - Hosts: 213.159.118.226 cracks.am 
O1 - Hosts: 213.159.118.226 default-homepage-network.com 
O1 - Hosts: 213.159.118.226 find.microgirls.com 
O1 - Hosts: 213.159.118.226 find4u.net 
O1 - Hosts: 213.159.118.226 freshvideogals.com 
O1 - Hosts: 213.159.118.226 i-lookup.com 
O1 - Hosts: 213.159.118.226 ie-search.com 
O1 - Hosts: 213.159.118.226 in.webcounter.cc 
O1 - Hosts: 213.159.118.226 itseasy.us 
O1 - Hosts: 213.159.118.226 just.find-itnow.com 
O1 - Hosts: 213.159.118.226 link.startmake.com 
O1 - Hosts: 213.159.118.226 mysearchnow.com 
O1 - Hosts: 213.159.118.226 nativehardcore.com 
O1 - Hosts: 213.159.118.226 qwertysearch123.biz 
O1 - Hosts: 213.159.118.226 search.ieplugin.com 
O1 - Hosts: 213.159.118.226 search.psn.cn 
O1 - Hosts: 213.159.118.226 searchbar.findthewebsiteyouneed.com 
O1 - Hosts: 213.159.118.226 searchcentrix.com 
O1 - Hosts: 213.159.118.226 searchmyrequest.com 
O1 - Hosts: 213.159.118.226 super-spider.com 
O1 - Hosts: 81.211.105.49 greatsearch.biz 
O1 - Hosts: 81.211.105.49 www.greatsearch.biz 
O1 - Hosts: 81.211.105.49 cashsearch.biz 
O1 - Hosts: 81.211.105.49 www.cashsearch.biz 
O1 - Hosts: 213.159.118.226 t.rack.cc 
O1 - Hosts: 213.159.118.226 teen-biz.com 
O1 - Hosts: 213.159.118.226 teenhqpics.com 
O1 - Hosts: 213.159.118.226 tits.hardcore4ever.net 
O1 - Hosts: 213.159.118.226 webcoolsearch.com 
O1 - Hosts: 213.159.118.226 wmmse.com 
O1 - Hosts: 213.159.118.226 www.008i.com 
O1 - Hosts: 213.159.118.226 www.2fastsearch.net 
O1 - Hosts: 213.159.118.226 www.8095.com 
O1 - Hosts: 213.159.118.226 www.alfa-search.com 
O1 - Hosts: 213.159.118.226 www.boredlife.com 
O1 - Hosts: 213.159.118.226 www.couldnotfind.com 
O1 - Hosts: 213.159.118.226 www.cracks.am 
O1 - Hosts: 213.159.118.226 www.daum.net 
O1 - Hosts: 213.159.118.226 www.dreamwiz.com 
O1 - Hosts: 213.159.118.226 www.find-itnow.com 
O1 - Hosts: 213.159.118.226 www.find-itnow.com 
O1 - Hosts: 213.159.118.226 www.find4u.net 
O1 - Hosts: 213.159.118.226 www.firstbookmark.com 
O1 - Hosts: 213.159.118.226 www.gajai.com 
O1 - Hosts: 213.159.118.226 www.hand-book.com 
O1 - Hosts: 213.159.118.226 www.hao123.com 
O1 - Hosts: 213.159.118.226 www.hotsearchbox.com 
O1 - Hosts: 213.159.118.226 www.hotwebsearch.com 
O1 - Hosts: 213.159.118.226 www.hugesearch.net 
O1 - Hosts: 213.159.118.226 www.iquicksearch.com 
O1 - Hosts: 213.159.118.226 www.lookfor.cc 
O1 - Hosts: 213.159.118.226 www.maxxxhosters.com 
O1 - Hosts: 213.159.118.226 www.naver.com 
O1 - Hosts: 213.159.118.226 www.nkvd.us 
O1 - Hosts: 213.159.118.226 **************** 
O1 - Hosts: 213.159.118.226 www.ohcorea.com 
O1 - Hosts: 213.159.118.226 www.omega-search.com 
O1 - Hosts: 213.159.118.226 www.onet.pl 
O1 - Hosts: 213.159.118.226 www.power-search.info 
O1 - Hosts: 213.159.118.226 www.rightfinder.net 
O1 - Hosts: 213.159.118.226 www.search-1.net 
O1 - Hosts: 213.159.118.226 www.search-and-go.com 
O1 - Hosts: 213.159.118.226 www.search-dot.com 
O1 - Hosts: 213.159.118.226 www.search-space.com 
O1 - Hosts: 213.159.118.226 www.searchforge.com 
O1 - Hosts: 213.159.118.226 www.searching-the-net.com 
O1 - Hosts: 213.159.118.226 www.searchv.com 
O1 - Hosts: 213.159.118.226 www.searchxl.com 
O1 - Hosts: 213.159.118.226 www.seznam.cz 
O1 - Hosts: 213.159.118.226 www.slotch.com 
O1 - Hosts: 213.159.118.226 www.spidersearch.com 
O1 - Hosts: 213.159.118.226 www.startium.com 
O1 - Hosts: 213.159.118.226 www.therealsearch.com 
O1 - Hosts: 213.159.118.226 www.ttjj.com 
O1 - Hosts: 213.159.118.226 www.viewpornkey.com 
O1 - Hosts: 213.159.118.226 www.wazzupnet.com 
O1 - Hosts: 213.159.118.226 www.websearch.com 
O1 - Hosts: 213.159.118.226 www.windowws.cc 
O1 - Hosts: 213.159.118.226 www.xgmm.com 
O1 - Hosts: 213.159.118.226 xwebsearch.biz 
O1 - Hosts: 213.159.118.226 yourbookmarks.ws 
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll 
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll 
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup 
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" 
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe 
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE 
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE 
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033 
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" 
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1 
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl 
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -1 
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE 
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html 
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html 
O8 - Extra context menu item: Brain Injury Lawyer - http://213.159.118.226/tools.php?qq=Brain+Injury+Lawyer 
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html 
O8 - Extra context menu item: Sell Future Payment - http://213.159.118.226/tools.php?qq=Sell+Future+Payment 
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html 
O8 - Extra context menu item: Time Clock - http://213.159.118.226/tools.php?qq=Time+Clock 
O8 - Extra context menu item: Tramadol - http://213.159.118.226/tools.php?qq=Tramadol 
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html 
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) 
O9 - Extra 'Tools' menuitem: Brain Injury Lawyer (HKLM) 
O9 - Extra 'Tools' menuitem: Tramadol (HKLM) 
O9 - Extra button: AIM (HKLM) 
O9 - Extra 'Tools' menuitem: Sell Future Payment (HKLM) 
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll 
 
O13 - DefaultPrefix: http://freednshost.info/page/ 
O13 - WWW Prefix: http://freednshost.info/page/  
 [white] 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab 
O16 - DPF: {11111111-1111-1111-1111-111111111147} - file://C:\Program Files\Internet Explorer\1189.exe 
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab 
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe 
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37927.3865856482 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab 
O19 - User stylesheet: C:\WINDOWS\system32\y9.72g 

Edited, Thu Apr 22 23:21:12 2004 by trickybeck

Ok, I ran Spybot S&D. It found a lot of stuff relating to my problem, and supposedly "Fixed" it, but it still comes back.


If you refer to my previous post, I highlited in yellow all the items I deleted through Hijackthis, but it still came back anyway.


I don't know how to do the "host" thing. Some online research told me I might have a fake "svchost.exe" but the solutions were fuzzy.


Any advice?


Thanks again to all who responded.

Glad you got it fixed!