Tech Support Forum - View Single Post

PPGB · 12-04-2005, 01:18 AM

Im sorry I shouldve added some more details.

The wallpaper has been changed to a pic that says I am infected with spyware. My browsers home page has been changed to "About : Blank" and it is some crappy search engine that always comes up with pills or other stuff. I cannot change it back to what I want with any of the anti spyware programs. I was just watching my computer and MS Anti spyware keeps on putting up an orange screen saying a BHO has been blocked. I seen too much was happening so I yanked the network card and stopped it from getting out to the net.

I also had the windows firewall popup saying it noticed suspicious activity on the network. The website that my new home page is downloading its pics from is called http://enjoywebsurf.com

Here is a list of entries that SP S&D will not remove no matter how many times I try

WildTangent: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath

CDilla: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\C-Dilla

CDilla: Executable (File, nothing done)
C:\WINDOWS\CDILLA64.EXE

CDilla: Executable (File, nothing done)
C:\WINDOWS\CDILLA10.EXE

CDilla: Library (File, nothing done)
C:\WINDOWS\CDILLA05.DLL

CDilla: Program directory (Directory, nothing done)
c:\C_DILLA\

CDilla: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LMS

CoolWWWSearch.Feat2Installer: Data (File, nothing done)
C:\WINDOWS\system32\pestp.txt

CoolWWWSearch.IELinks: IE Search URL (Registry change, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

CoolWWWSearch.IELinks: IE Search bar (Registry change, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch.IELinks: IE Search bar (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank

CoolWWWSearch.IELinks: IE Search page (Registry change, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com

CoolWWWSearch.IELinks: IE Search page (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com

CoolWWWSearch.IELinks: IE Search URL (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

CoolWWWSearch.IELinks: IE Search URL (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL=about:blank

CoolWWWSearch.SearchKlick: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA\UninstallString

CoolWWWSearch.SearchKlick: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA\DisplayName

CoolWWWSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I

CoolWWWSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11Fßä#·ºÄÖ`I

FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Fun Web Products

FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Fun Web Products

FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Fun Web Products

FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Fun Web Products

Spy Sheriff: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-554876233-2347168215-3186290999-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn!=dword:0

Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW

Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE

Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA

Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-554876233-2347168215-3186290999-1005\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Windows.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-554876233-2347168215-3186290999-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn!=W=0

I hope this helps out a little more.

Thanks
PPGB

12-04-2005, 01:18 AM	#2 (permalink)
PPGB Registered User Join Date: Dec 2005 Posts: 18 OS: XP Pro, XP Home, Win2k Pro, NTServer 2000, Knoppix	Im sorry I shouldve added some more details. The wallpaper has been changed to a pic that says I am infected with spyware. My browsers home page has been changed to "About : Blank" and it is some crappy search engine that always comes up with pills or other stuff. I cannot change it back to what I want with any of the anti spyware programs. I was just watching my computer and MS Anti spyware keeps on putting up an orange screen saying a BHO has been blocked. I seen too much was happening so I yanked the network card and stopped it from getting out to the net. I also had the windows firewall popup saying it noticed suspicious activity on the network. The website that my new home page is downloading its pics from is called http://enjoywebsurf.com Here is a list of entries that SP S&D will not remove no matter how many times I try WildTangent: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath CDilla: Global settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\C-Dilla CDilla: Executable (File, nothing done) C:\WINDOWS\CDILLA64.EXE CDilla: Executable (File, nothing done) C:\WINDOWS\CDILLA10.EXE CDilla: Library (File, nothing done) C:\WINDOWS\CDILLA05.DLL CDilla: Program directory (Directory, nothing done) c:\C_DILLA\ CDilla: Uninstall settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LMS CoolWWWSearch.Feat2Installer: Data (File, nothing done) C:\WINDOWS\system32\pestp.txt CoolWWWSearch.IELinks: IE Search URL (Registry change, nothing done) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank CoolWWWSearch.IELinks: IE Search bar (Registry change, nothing done) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank CoolWWWSearch.IELinks: IE Search bar (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank CoolWWWSearch.IELinks: IE Search page (Registry change, nothing done) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com CoolWWWSearch.IELinks: IE Search page (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=http://www.google.com CoolWWWSearch.IELinks: IE Search URL (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank CoolWWWSearch.IELinks: IE Search URL (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL=about:blank CoolWWWSearch.SearchKlick: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA\UninstallString CoolWWWSearch.SearchKlick: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA\DisplayName CoolWWWSearch: Settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I CoolWWWSearch: Settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11Fßä#·ºÄÖ`I FunWebProducts: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Fun Web Products FunWebProducts: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-20\Software\Fun Web Products FunWebProducts: Settings (Registry key, nothing done) HKEY_USERS\S-1-5-19\Software\Fun Web Products FunWebProducts: Settings (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Fun Web Products Spy Sheriff: Settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-554876233-2347168215-3186290999-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn!=dword:0 Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA Windows.ActiveDesktop: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-554876233-2347168215-3186290999-1005\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1 Windows.Explorer: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-554876233-2347168215-3186290999-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn!=W=0 I hope this helps out a little more. Thanks PPGB