Warning! your computer might be infected with spyware or adware!
Strange homepage, popups, loss of important data and unstable functionning are the sure sign ofthat you are infected
Click here to get the latest removal software
Your computer is still vulnerable to attack !!!
Also my home page is now http://www.bestwebslinks.com/
I've tried to scan in safe mode with adaware, ewido, and hijack this, i eliminated almost all the files but there's two registry value that are reinstalling themself.
i checked the other threads but i still cant clean my computer, please help me, i cant reinstall window cuz my cdrom doesnt seem to boot
anyway here's my hijack this file
Logfile of HijackThis v1.99.1
Scan saved at 15:43:59, on 2005-08-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\shnlog.exe
G:\WINDOWS\system32\msole32.exe
G:\Program Files\Winamp\winampa.exe
G:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\system32\intmon.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - G:\WINDOWS\system32\hp4D16.tmp
O4 - HKLM\..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMAXPnP] G:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "G:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RegSvr32] G:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [PSGuard] G:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [intell32.exe] G:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B58C40E-BC60-41E1-BDC4-819CD3501C03}: NameServer = 206.47.244.78 206.47.244.137
O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Thanks in advance!