View Full Version : antivirgear
gmgismondi
2007-09-23, 20:20
Total number of scanned objects 67173
Number of viruses found 8
Number of infected objects 7
Number of suspicious objects 4
Duration of the scan process 01:46:12
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy5.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy5.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip/iesmn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\cert8.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\history.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\key3.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\parent.lock Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\search.sqlite Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\ztf7ucoa.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\laf1.exe Infected: not-virus:Hoax.Win32.Renos.ki skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218\A0009789.dll Infected: Trojan-Downloader.Win32.Zlob.cti skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218\A0009790.dll Infected: not-a-virus:AdWare.Win32.Agent.jt skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218\A0009791.exe Infected: Trojan-Downloader.Win32.Zlob.ctn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218\A0009792.exe Infected: Trojan-Downloader.Win32.Zlob.ctj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP218\A0009793.exe Infected: Trojan-Downloader.Win32.Zlob.ctl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP220\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\lgaac.dll Infected: Trojan-Downloader.Win32.Bojo.h skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Edit: name removed by request.
Hello.
Please follow the procedure in the following link to produce a HJT log:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Copy paste it into this topic and helper will advise you when available. Regards.
gmgismondi
2007-09-27, 02:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:01 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\BCMSMMSG.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - C:\WINDOWS\system32\lgaac.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9060 bytes
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
SmitFraud Look
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
SmitFraud Log
A fresh HJT Log
gmgismondi
2007-10-02, 23:43
SmitFraudFix v2.235
Scan done at 17:40:30.74, Tue 10/02/2007
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\lgaac.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GERAUL~1.GIS\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{655560a9-3ca8-4509-9632-6abbef21426b}"="andropogon"
[HKEY_CLASSES_ROOT\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\WINDOWS\system32\lgaac.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\WINDOWS\system32\lgaac.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter - Packet Scheduler Miniport
DNS Server Search Order: 24.92.226.9
DNS Server Search Order: 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A40FBB4-AE56-4FF8-8203-B120C1006190}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2A40FBB4-AE56-4FF8-8203-B120C1006190}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:06 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - C:\WINDOWS\system32\lgaac.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9076 bytes
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Update AVG Anti-Spyware
Launch AVG Anti-Spyware
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.
For Internet Explorer 7
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
For Internet Explorer 4.x - 6.x
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
For Netscape 4.x and Up
Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.
For Opera
Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Do not automatically generate reports and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________
Please post:
c:\rapport.txt
AVG log
A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
gmgismondi
2007-10-04, 02:43
I only have the free version of avg and therefore could not change state next to resident sheild and automatic updates.
Here is what I could do though:
gmgismondi
2007-10-04, 02:49
SmitFraudFix v2.235
Scan done at 18:05:19.68, Wed 10/03/2007
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{655560a9-3ca8-4509-9632-6abbef21426b}"="andropogon"
[HKEY_CLASSES_ROOT\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\WINDOWS\system32\lgaac.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\WINDOWS\system32\lgaac.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 www.miosearch.com
127.0.0.1 blue-elefant.com
127.0.0.1 www.blue-elefant.com
127.0.0.1 babeweb.de
127.0.0.1 www.babeweb.de
127.0.0.1 start-seite.com
127.0.0.1 www.start-seite.com
127.0.0.1 sexolymp.com
127.0.0.1 www.sexolymp.com
127.0.0.1 toriii.cc
127.0.0.1 www.toriii.cc
127.0.0.1 xtipp.de
127.0.0.1 www.xtipp.de
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 777search.com
127.0.0.1 www.777search.com
127.0.0.1 ace-webmaster.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 aifind.info
127.0.0.1 www.aifind.info
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 cantfind.com
127.0.0.1 www.cantfind.com
127.0.0.1 castingsamateur.com
127.0.0.1 www.castingsamateur.com
127.0.0.1 cyberrape.com
127.0.0.1 www.cyberrape.com
127.0.0.1 dialerclub.com
127.0.0.1 www.dialerclub.com
127.0.0.1 megago.com
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com
127.0.0.1 fastmetasearch.com
127.0.0.1 www.fastmetasearch.com
127.0.0.1 findwhatevernow.com
127.0.0.1 www.findwhatevernow.com
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com
127.0.0.1 hotfreebies.com
127.0.0.1 www.hotfreebies.com
127.0.0.1 krankin.com
127.0.0.1 www.krankin.com
127.0.0.1 begin2search.com
127.0.0.1 www.begin2search.com
127.0.0.1 mainstreamdollars.com
127.0.0.1 www.mainstreamdollars.com
127.0.0.1 live.sex-explorer.com
127.0.0.1 www.live.sex-explorer.com
127.0.0.1 loveadot.com
127.0.0.1 www.loveadot.com
127.0.0.1 megaseek.net
127.0.0.1 www.megaseek.net
127.0.0.1 mixsearch.com
127.0.0.1 www.mixsearch.com
127.0.0.1 munky.com
127.0.0.1 www.munky.com
127.0.0.1 newtopsites.com
127.0.0.1 www.newtopsites.com
127.0.0.1 noblindlinks.com
127.0.0.1 www.noblindlinks.com
127.0.0.1 babenet.com
127.0.0.1 r.babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 searchresult.net
127.0.0.1 www.searchresult.net
127.0.0.1 sexarena.org
127.0.0.1 www.sexarena.org
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com
127.0.0.1 superwp.by.ru
127.0.0.1 sureseeker.com
127.0.0.1 www.sureseeker.com
127.0.0.1 wethere.com
127.0.0.1 www.wethere.com
127.0.0.1 wowsearch.org
127.0.0.1 www.wowsearch.org
127.0.0.1 xxx.com
127.0.0.1 www.xxx.com
127.0.0.1 art-xxx.com
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 firehunt.com
127.0.0.1 www.firehunt.com
127.0.0.1 partner23.firehunt.com
127.0.0.1 screensaver.it
127.0.0.1 www.screensaver.it
127.0.0.1 cliks.org
127.0.0.1 www.cliks.org
127.0.0.1 xads.cliks.org
127.0.0.1 xwebsearch.biz
127.0.0.1 www.xwebsearch.biz
127.0.0.1 znext.com
127.0.0.1 www.znext.com
127.0.0.1 rawtocash.net
127.0.0.1 www.rawtocash.net
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
127.0.0.1 ntcor.com
127.0.0.1 www.ntcor.com
127.0.0.1 dev.ntcor.com
127.0.0.1 xrenoder.com
127.0.0.1 www.xrenoder.com
127.0.0.1 search.xrenoder.com
127.0.0.1 allcybersearch.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com
127.0.0.1 topsite.us
127.0.0.1 www.topsite.us
127.0.0.1 topsites.us
127.0.0.1 www.topsites.us
127.0.0.1 topsitez.us
127.0.0.1 www.topsitez.us
127.0.0.1 true-counter.com
127.0.0.1 www.true-counter.com
127.0.0.1 out.true-counter.com
127.0.0.1 cnetadd.com
127.0.0.1 www.cnetadd.com
127.0.0.1 okmmm.com
127.0.0.1 www.okmmm.com
127.0.0.1 139mm.com
127.0.0.1 www.139mm.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 2020search.com
127.0.0.1 www.2020search.com
127.0.0.1 24teen.com
127.0.0.1 www.24teen.com
127.0.0.1 36site.com
127.0.0.1 www.36site.com
127.0.0.1 4corn.net
127.0.0.1 www.4corn.net
127.0.0.1 777top.com
127.0.0.1 www.777top.com
127.0.0.1 8ad.com
127.0.0.1 www.8ad.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.aboutclicker.com
127.0.0.1 abrp.net
127.0.0.1 www.abrp.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessthefuture.net
127.0.0.1 acemedic.com
127.0.0.1 www.acemedic.com
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adasearch.com
127.0.0.1 www.adasearch.com
127.0.0.1 adipics.com
127.0.0.1 www.adipics.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 adult-erotic-guide.net
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adulttds.com
127.0.0.1 www.adulttds.com
127.0.0.1 exaccess.ru
127.0.0.1 www.exaccess.ru
127.0.0.1 advert.exaccess.ru
127.0.0.1 agentstudio.com
127.0.0.1 africaspromise.org
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 alfa-search.com
127.0.0.1 all-inet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 allhyperlinks.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 almarvideos.com
127.0.0.1 amandamountains.com
127.0.0.1 amigeek.com
127.0.0.1 amisbusiness.com
127.0.0.1 analmovi.com
127.0.0.1 anin.org
127.0.0.1 annaromeo.com
127.0.0.1 antrocity.com
127.0.0.1 anything4health.com
127.0.0.1 apsua.com
127.0.0.1 aregay.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 art-func.com
127.0.0.1 artachnid.com
127.0.0.1 asiankingkong.com
127.0.0.1 ass-gals.com
127.0.0.1 athenrye.com
127.0.0.1 avian-ads.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayumitaniguchi.com
gmgismondi
2007-10-04, 02:53
127.0.0.1 bannedhost.net
127.0.0.1 barbudafarms.com
127.0.0.1 barnandfence.com
127.0.0.1 batsearch.com
127.0.0.1 baygraphicsllc.com
127.0.0.1 bb-search.com
127.0.0.1 bbbsearch.com
127.0.0.1 bedhome.com
127.0.0.1 bediadance.com
127.0.0.1 bellabasketsfl.com
127.0.0.1 bernaolatwin.com
127.0.0.1 best-counter.com
127.0.0.1 best-hardpics.com
127.0.0.1 best-winning-casino.com
127.0.0.1 bestcrawler.com
127.0.0.1 bestfor.ru
127.0.0.1 bestporngate.com
127.0.0.1 bestxporno.com
127.0.0.1 blackjack-free.net
127.0.0.1 blender.xu.pl
127.0.0.1 bodaciousbabette.com
127.0.0.1 boobdoll.com
127.0.0.1 boobsandtits.com
127.0.0.1 boobsclub.com
127.0.0.1 boredlife.com
127.0.0.1 bowlofogumbo.com
127.0.0.1 bradcoem.org
127.0.0.1 brandiyoung.com
127.0.0.1 brookeburn.com
127.0.0.1 bucps.com
127.0.0.1 burgerkingbigscreen.com
127.0.0.1 buscards.net
127.0.0.1 bustyrussell.com
127.0.0.1 buttejazz.org
127.0.0.1 buyselldomain.net
127.0.0.1 calcioturris.com
127.0.0.1 canberracricketcoaching.com
127.0.0.1 candycantaloupes.com
127.0.0.1 careers.dulcineasystems.net
127.0.0.1 carsands.com
127.0.0.1 carsrentals.net
127.0.0.1 casino-gambling-1.net
127.0.0.1 casino-gambling-2.net
127.0.0.1 casino-onlines.net
127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1 casino2win.net
127.0.0.1 casinomidas.net
127.0.0.1 casinonline.net
127.0.0.1 catallogue.com
127.0.0.1 catsss.da.ru
127.0.0.1 caxa.ru
127.0.0.1 cclebali.org
127.0.0.1 ceewawires.org
127.0.0.1 certumgroup.com
127.0.0.1 chelancatering.com
127.0.0.1 childrenvilla.com
127.0.0.1 chips-4-free.com
127.0.0.1 chrisswasey.com
127.0.0.1 chriswallace.net
127.0.0.1 ckick4thumbs.com
127.0.0.1 clackamasliteraryreview.com
127.0.0.1 clearsearch.cc
127.0.0.1 clearsearch.net
127.0.0.1 clickaire.com
127.0.0.1 clickyestoenter.net
127.0.0.1 clrsch.com
127.0.0.1 cmtapestry.com
127.0.0.1 cool-homepage.co
127.0.0.1 cool-homepage.com
127.0.0.1 cool-search.net
127.0.0.1 cool-search.netfartpost.com
127.0.0.1 cool-web-search.com
127.0.0.1 coolfetishsite.com
127.0.0.1 coolfreehost.com
127.0.0.1 coolfreepage.com
127.0.0.1 coolfreepages.com
127.0.0.1 coolmoneysearch.com
127.0.0.1 coolpornsearch.com
127.0.0.1 coolsearcher.info
127.0.0.1 coolwebsearsh.com
127.0.0.1 copmtraine.com
127.0.0.1 couldnotfind.com
127.0.0.1 count-all.com
127.0.0.1 cracks.me.uk
127.0.0.1 creamedcutties.com
127.0.0.1 creditsearchonline.com
127.0.0.1 crestring.com
127.0.0.1 crooder.com
127.0.0.1 curvedspaces.com
127.0.0.1 cvs.jps.ru
127.0.0.1 cvsymphony.com
127.0.0.1 cydom.com
127.0.0.1 daily-gals.com
127.0.0.1 dancingbabycd.com
127.0.0.1 datanotary.com
127.0.0.1 datareco.com
127.0.0.1 davemarshall.org
127.0.0.1 dcfitusa.com
127.0.0.1 defaultsearch.net
127.0.0.1 desarrollocreativo.com
127.0.0.1 develip.com
127.0.0.1 dewis.spb.ru
127.0.0.1 dewis.us
127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1 dietpills4free.com
127.0.0.1 dietpussy.com
127.0.0.1 digistreamsa.com
127.0.0.1 dionforvalleycouncil.org
127.0.0.1 doctorwaldron.com
127.0.0.1 document-not-found.pornpic.org
127.0.0.1 doggyaction.com
127.0.0.1 domain-your-registration.com
127.0.0.1 domains-for-you-online.com
127.0.0.1 domains2003.net
127.0.0.1 domkrat.com
127.0.0.1 dp-host.com
127.0.0.1 dragqueen.gay-clan.com
127.0.0.1 drug-sources-exposed.com
127.0.0.1 drvvv.com
127.0.0.1 dutch-sex.com
127.0.0.1 dvdbank.org
127.0.0.1 e-localad.com
127.0.0.1 e-plus.cc
127.0.0.1 e-websitesolutions.com
127.0.0.1 eases.net
127.0.0.1 easy-search.net
127.0.0.1 easycategories.com
127.0.0.1 ecosrioplatenses.org
127.0.0.1 ecstasyporn.net
127.0.0.1 eikokoike.com
127.0.0.1 epornsex.com
127.0.0.1 euuu.com
127.0.0.1 evidence-detector.biz
127.0.0.1 evilspidercomics.com
127.0.0.1 ewebsearch.net
127.0.0.1 findloss.com
127.0.0.1 excellentsckin.com
127.0.0.1 extremeseek.net
127.0.0.1 faithstevens.com
127.0.0.1 fantasiewelten.com
127.0.0.1 farmsteadbandb.com
127.0.0.1 fartpost.com
127.0.0.1 fastwebfinder.com
127.0.0.1 faxporn.com
127.0.0.1 fickenisgeil.de
127.0.0.1 finance-loans.com
127.0.0.1 find-itnow.com
127.0.0.1 find-uk-health.co.uk
127.0.0.1 find4u.net
127.0.0.1 findit-now.com
127.0.0.1 findthesite.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 www.findthewebsiteyouneed.com
127.0.0.1 fionasteel.com
127.0.0.1 firstbookmark.net
127.0.0.1 fitness-free.com
127.0.0.1 foodvacations.net
127.0.0.1 forex.jps.ru
127.0.0.1 forexcredit.com
127.0.0.1 forexcredit.ru
127.0.0.1 formingfusions.com
127.0.0.1 forsythfire.net
127.0.0.1 forthline.com
127.0.0.1 free-chipes.com
127.0.0.1 free-hit.com
127.0.0.1 free-pics-and-movies.com
127.0.0.1 free-sex-movie-clips.net
127.0.0.1 free4porno.net
127.0.0.1 free64all.com
127.0.0.1 freebookmark.net
127.0.0.1 freebookmarks.net
127.0.0.1 freecategories.com
127.0.0.1 freecoolhost.com
127.0.0.1 freerbhost.com
127.0.0.1 freeshemalepics.net
127.0.0.1 freeyaho.com
127.0.0.1 freshseek.com
127.0.0.1 freshteensite.com
127.0.0.1 gabrielscott.com
127.0.0.1 galpostgirls.com
127.0.0.1 gals-for-free.com
127.0.0.1 gambling-online4you.com
127.0.0.1 gameterror.net
127.0.0.1 gay50.com
127.0.0.1 generalsmeltingofcanada.com
127.0.0.1 geteens.com
127.0.0.1 getpicshere.com
127.0.0.1 gimmezamore.com
127.0.0.1 gimnasiaer.com
127.0.0.1 girls-porn-life.com
127.0.0.1 glbdf.org
127.0.0.1 global-finder.com
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.com
127.0.0.1 gocybersearch.com
127.0.0.1 golftennis.net
127.0.0.1 good-mortgages-calculator.com
127.0.0.1 good-mortgages.net
127.0.0.1 goodsexs.com
127.0.0.1 googlebar.jps.ru
127.0.0.1 googlf.com
127.0.0.1 gradforum.org
127.0.0.1 gratis-porn-movie.com
127.0.0.1 gratis-pornopics.com
127.0.0.1 guzzycats.com
127.0.0.1 gzphoenix.com
127.0.0.1 hallnetaccolade.com
127.0.0.1 hand-book.com
127.0.0.1 happyanal.com
127.0.0.1 hard-gals.com
127.0.0.1 hardbodytgp.com
127.0.0.1 hardcoreover.com
127.0.0.1 hardloved.com
127.0.0.1 hardwareseek.net
127.0.0.1 harukaigawa.com
127.0.0.1 hccsolanonapa.org
127.0.0.1 health-protein.com
127.0.0.1 hentai4u.net
127.0.0.1 here4search.com
127.0.0.1 heyrichy.com
127.0.0.1 hi-search.com
127.0.0.1 hiddenguides.com
127.0.0.1 hitlistlyrics.com
127.0.0.1 holidayautostr.com
127.0.0.1 homemortage.ws
127.0.0.1 hostssp.com
127.0.0.1 hot-cartoon-sex.anime.american-teens.net
127.0.0.1 hotbookmark.com
127.0.0.1 hotels-list.net
127.0.0.1 hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 hotsearchbox.com
127.0.0.1 hotsex-series.com
127.0.0.1 hotstartpage.com
127.0.0.1 hqsex.biz
127.0.0.1 hugeporn4u.net
127.0.0.1 hunacsa.com
127.0.0.1 hupacasath.com
127.0.0.1 hzsx.com
127.0.0.1 icansearch.net
127.0.0.1 idgsearch.com
127.0.0.1 ie-search.com
127.0.0.1 incestporngate.com
127.0.0.1 infodigger.net
127.0.0.1 infoglobus.com
127.0.0.1 inherhole.com
127.0.0.1 insertthiscock.com
127.0.0.1 insurance-flood.net
127.0.0.1 insuranceall.net
127.0.0.1 internetsearch.ru
127.0.0.1 ionichost.com
127.0.0.1 ionomist.com
127.0.0.1 ipsex.net
127.0.0.1 itsanal.com
127.0.0.1 itseasy.us
127.0.0.1 iweb-commerce.com
127.0.0.1 iwebland.com
127.0.0.1 jeannineoldfield.com
127.0.0.1 jethomepage.com
127.0.0.1 jetseeker.com
127.0.0.1 jmhgallery.org
127.0.0.1 joannelatham.com
127.0.0.1 judin.ru
127.0.0.1 junkysex.com
127.0.0.1 karleyt.narod.ru
127.0.0.1 kathisomers.com
127.0.0.1 kazaa-lite.ws
127.0.0.1 keithgreenpro.com
127.0.0.1 kenmccaul.com
127.0.0.1 kilosex.com
127.0.0.1 kimhines.com
127.0.0.1 kinoru.com
127.0.0.1 ksdspups.org
127.0.0.1 landrape.com
127.0.0.1 lauraroebuck.com
127.0.0.1 leannalovelace.com
127.0.0.1 lesobank.ru
127.0.0.1 libertyonlinehosting.com
127.0.0.1 lingerie-mania.com
127.0.0.1 lisamatthew.com
127.0.0.1 liveholio.com
127.0.0.1 livenewspaper.com
127.0.0.1 louiseleeds.com
127.0.0.1 love-pix.com
127.0.0.1 lovelas.com
127.0.0.1 lovelysearch.com
127.0.0.1 low-taxes.com
127.0.0.1 luckysearch.net
127.0.0.1 lunitaweb.net
127.0.0.1 lustful-porno.com
127.0.0.1 mackinnonsbrook.org
127.0.0.1 madfinder.com
127.0.0.1 madisonmoons.com
127.0.0.1 madisonoilco.com
127.0.0.1 madonalive.com
127.0.0.1 majuozawa.com
127.0.0.1 makin-do.com
127.0.0.1 male4free.com
127.0.0.1 map-quest.org
127.0.0.1 marilynchamber.com
127.0.0.1 martfinder.com
127.0.0.1 massearch.com
127.0.0.1 matetrava.com
127.0.0.1 mature50.com
127.0.0.1 matureporngate.com
127.0.0.1 maxdzines.com
127.0.0.1 mcgeeforlabor.com
127.0.0.1 mdstunisie.org
127.0.0.1 medicare-insurance.net
127.0.0.1 medicare-supplemental.com
127.0.0.1 mega-dating-tips.com
127.0.0.1 megumikanzaki.com
127.0.0.1 meshalynn.com
127.0.0.1 meta-adult.com
127.0.0.1 meta-casino.com
127.0.0.1 meta-mobile.com
127.0.0.1 meta-porn.com
127.0.0.1 metafora.ru
127.0.0.1 metapoisk.ru
127.0.0.1 michiyonakajima.com
127.0.0.1 miconsultamedica.com
127.0.0.1 mikasakamoto.com
127.0.0.1 mikoni.com
127.0.0.1 militarygods.porn4porn.net
127.0.0.1 millennialpeople.org
127.0.0.1 mipham.org
127.0.0.1 missingcommand.com
127.0.0.1 mommykiss.com
127.0.0.1 moneyhunters.com
127.0.0.1 montgomeryhospitalanesthesia.com
127.0.0.1 morflot.com
127.0.0.1 mortgage-debt.net
127.0.0.1 mortismaximus.com
127.0.0.1 moscowwhores.com
127.0.0.1 moviecategories.com
127.0.0.1 mp3-pix.com
127.0.0.1 mrtg.jps.ru
127.0.0.1 msn-info.net
127.0.0.1 multipussy.com
127.0.0.1 mundopolar.com
127.0.0.1 mustv.com
127.0.0.1 mywebsearch.net
127.0.0.1 nativehardcore.com
127.0.0.1 naturalspy.com
127.0.0.1 nbasportsbook.net
127.0.0.1 nellyslyrics.com
127.0.0.1 nepgyan.com
127.0.0.1 nesrecords.com
127.0.0.1 netshastra.net
127.0.0.1 nettime.ru
127.0.0.1 nettracker.jps.ru
127.0.0.1 netyellowpages.info
127.0.0.1 new-incest.com
127.0.0.1 newcategories.com
127.0.0.1 newcracks.com
127.0.0.1 newcracks.net
127.0.0.1 newlife-lajolla.com
127.0.0.1 newsexgate.com
127.0.0.1 newtonsracks.com
127.0.0.1 newxpics.com
127.0.0.1 nhlsportsbook.net
127.0.0.1 niagaracapital.com
127.0.0.1 niche-tv.com
127.0.0.1 nmrba.com
127.0.0.1 nocalories.net
127.0.0.1 nocensor.com
127.0.0.1 ormandcompany.com
127.0.0.1 nsbabes.com
127.0.0.1 nuclearwitness.org
127.0.0.1 nursemania.com
127.0.0.1 nvntour.com
127.0.0.1 nvphall.org
127.0.0.1 oborot.com
127.0.0.1 ocalalivestockmarket.com
127.0.0.1 ocsff.com
127.0.0.1 oeatlanta.com
127.0.0.1 oharrowsearch.com
127.0.0.1 ok-search.com
127.0.0.1 okulta.com
127.0.0.1 omegabrains.net
127.0.0.1 online-casino-1.net
127.0.0.1 online-casino-bonus.info
127.0.0.1 online-casinos-x.com
127.0.0.1 online-winning.net
127.0.0.1 onlineserverz.com
127.0.0.1 onlinetradings.net
127.0.0.1 onlycunt.com
127.0.0.1 onlyinsured.com
127.0.0.1 operanabuco.com
127.0.0.1 opsex.com
127.0.0.1 oregoncharters.org
127.0.0.1 otrlives.com
127.0.0.1 ozawamadoka.com
127.0.0.1 paigesummer.com
127.0.0.1 pamelacollections.com
127.0.0.1 panamcup.com
127.0.0.1 pantygirls4u.com
127.0.0.1 pantyhoserealm.com
127.0.0.1 pantyplace.com
127.0.0.1 pastubes.com
127.0.0.1 paulapage.com
127.0.0.1 paulhoover.com
127.0.0.1 payfortraffic.net
127.0.0.1 pedo.ws
127.0.0.1 people.1gb.ru
127.0.0.1 pervertbot.com
127.0.0.1 pharma-diet-pills.com
127.0.0.1 pharmacy2003.com
127.0.0.1 pharmalocator.com
127.0.0.1 phendimetrazine-tenuate-adipex.com
127.0.0.1 pics-videos.com
127.0.0.1 picsdir.com
127.0.0.1 picsforbucks.com
127.0.0.1 picsofseductiveladies.com
127.0.0.1 pills-birth-control.com
127.0.0.1 pillsmall.com
127.0.0.1 pilotronix.com
127.0.0.1 pixpox.com
127.0.0.1 planemusic.com
127.0.0.1 poiska.net
127.0.0.1 poker-casino-free.com
127.0.0.1 poker-games-free.net
127.0.0.1 polradiologia.com
127.0.0.1 pooi.net
127.0.0.1 porn-teacher.com
127.0.0.1 porncamz.com
127.0.0.1 pornfree.info
127.0.0.1 pornnightdreams.com
127.0.0.1 pornokopec.com
127.0.0.1 porntetris.com
127.0.0.1 porntwist.com
127.0.0.1 powerwebsearch.com
127.0.0.1 prblitz.com
127.0.0.1 pretypics.com
127.0.0.1 pribalt.com
127.0.0.1 privacy-support.biz
127.0.0.1 privateporn.net
127.0.0.1 prostactive.com
127.0.0.1 prostol.com
127.0.0.1 protect-yourself.biz
127.0.0.1 prsainlandempire.org
127.0.0.1 put-your-link-here.com
127.0.0.1 pyrocorp.com
127.0.0.1 quick-search.ws
127.0.0.1 quiksearchgenealogy.com
gmgismondi
2007-10-04, 02:57
127.0.0.1 rbay.it
127.0.0.1 rdepubblica.it
127.0.0.1 rebay.it
127.0.0.1 redpubblica.it
127.0.0.1 reepubblica.it
127.0.0.1 refpubblica.it
127.0.0.1 relpubblica.it
127.0.0.1 reopubblica.it
127.0.0.1 reossoalice.it
127.0.0.1 reoubblica.it
127.0.0.1 repbblica.it
127.0.0.1 rephubblica.it
127.0.0.1 repibblica.it
127.0.0.1 repiubblica.it
127.0.0.1 replubblica.it
127.0.0.1 repoubblica.it
127.0.0.1 repubbglica.it
127.0.0.1 repubbhlica.it
127.0.0.1 repubbkica.it
127.0.0.1 repubbklica.it
127.0.0.1 repubblicaa.it
127.0.0.1 repubblicaq.it
127.0.0.1 repubblicas.it
127.0.0.1 repubblicca.it
127.0.0.1 repubblicda.it
127.0.0.1 repubblicfa.it
127.0.0.1 repubblicsa.it
127.0.0.1 repubblics.it
127.0.0.1 repubblicva.it
127.0.0.1 repubblicza.it
127.0.0.1 repubblidca.it
127.0.0.1 repubblifca.it
127.0.0.1 repubbliica.it
127.0.0.1 repubblilca.it
127.0.0.1 repubblioca.it
127.0.0.1 repubbliuca.it
127.0.0.1 repubbliva.it
127.0.0.1 repubblivca.it
127.0.0.1 repubblixa.it
127.0.0.1 repubblixca.it
127.0.0.1 repubbllica.it
127.0.0.1 repubbloca.it
127.0.0.1 repubbloica.it
127.0.0.1 repubblpica.it
127.0.0.1 repubbluica.it
127.0.0.1 repubbnlica.it
127.0.0.1 repubbolica.it
127.0.0.1 repubbplica.it
127.0.0.1 repubbvlica.it
127.0.0.1 repubnblica.it
127.0.0.1 repubnlica.it
127.0.0.1 repubvblica.it
127.0.0.1 repubvlica.it
127.0.0.1 repugbblica.it
127.0.0.1 repuhbblica.it
127.0.0.1 repuibblica.it
127.0.0.1 repunbblica.it
127.0.0.1 repunblica.it
127.0.0.1 repuubblica.it
127.0.0.1 repuvbblica.it
127.0.0.1 repuvblica.it
127.0.0.1 repybblica.it
127.0.0.1 repyubblica.it
127.0.0.1 rerpubblica.it
127.0.0.1 reubblica.it
127.0.0.1 rewpubblica.it
127.0.0.1 rfepubblica.it
127.0.0.1 rgepubblica.it
127.0.0.1 riscali.it
127.0.0.1 roassoalice.it
127.0.0.1 roissoalice.it
127.0.0.1 roogle.it
127.0.0.1 roossoalice.it
127.0.0.1 ropssoalice.it
127.0.0.1 rosaoalice.it
127.0.0.1 rosasoalice.it
127.0.0.1 rossaoalice.it
127.0.0.1 rossdoalice.it
127.0.0.1 rossoaalice.it
127.0.0.1 rossoaice.it
127.0.0.1 rossoalce.it
127.0.0.1 rossoalicce.it
127.0.0.1 rossoalicee.it
127.0.0.1 rossoalicer.it
127.0.0.1 rossoalicew.it
127.0.0.1 rossoalic.it
127.0.0.1 rossoalicre.it
127.0.0.1 rossoalicr.it
127.0.0.1 rossoalicve.it
127.0.0.1 rossoalicwe.it
127.0.0.1 rossoalicw.it
127.0.0.1 rossoalicxe.it
127.0.0.1 rossoalie.it
127.0.0.1 rossoaliice.it
127.0.0.1 rossoalioce.it
127.0.0.1 rossoalivce.it
127.0.0.1 rossoalive.it
127.0.0.1 rossoalixce.it
127.0.0.1 rossoalixe.it
127.0.0.1 rossoalkice.it
127.0.0.1 rossoallice.it
127.0.0.1 rossoaloce.it
127.0.0.1 rossoaloice.it
127.0.0.1 rossoaluce.it
127.0.0.1 rossoaslice.it
127.0.0.1 rossolice.it
127.0.0.1 rossooalice.it
127.0.0.1 rossopalice.it
127.0.0.1 rossosalice.it
127.0.0.1 rosspalice.it
127.0.0.1 rosspoalice.it
127.0.0.1 rosssoalice.it
127.0.0.1 rrenitalia.it
127.0.0.1 rrepubblica.it
127.0.0.1 rrossoalice.it
127.0.0.1 rrpubblica.it
127.0.0.1 rsepubblica.it
127.0.0.1 rssoalice.it
127.0.0.1 rtepubblica.it
127.0.0.1 rtiscali.it
127.0.0.1 rtossoalice.it
127.0.0.1 rtrenitalia.it
127.0.0.1 rtuttogratis.it
127.0.0.1 rwepubblica.it
127.0.0.1 salitalia.it
127.0.0.1 saupereva.it
127.0.0.1 sdupereva.it
127.0.0.1 sebay.it
127.0.0.1 sipereva.it
127.0.0.1 siupereva.it
127.0.0.1 spereva.it
127.0.0.1 suereva.it
127.0.0.1 suipereva.it
127.0.0.1 suoereva.it
127.0.0.1 suopereva.it
127.0.0.1 supeereva.it
127.0.0.1 supeeva.it
127.0.0.1 superea.it
127.0.0.1 supereba.it
127.0.0.1 superebva.it
127.0.0.1 superecva.it
127.0.0.1 supereeva.it
127.0.0.1 supererva.it
127.0.0.1 superevaq.it
127.0.0.1 superevaw.it
127.0.0.1 superevaz.it
127.0.0.1 superevba.it
127.0.0.1 superevca.it
127.0.0.1 superev.it
127.0.0.1 superevsa.it
127.0.0.1 superevva.it
127.0.0.1 superevw.it
127.0.0.1 superevz.it
127.0.0.1 superewva.it
127.0.0.1 superreva.it
127.0.0.1 superteva.it
127.0.0.1 superweva.it
127.0.0.1 superwva.it
127.0.0.1 supeteva.it
127.0.0.1 supetreva.it
127.0.0.1 supewreva.it
127.0.0.1 supoereva.it
127.0.0.1 suppereva.it
127.0.0.1 suprereva.it
127.0.0.1 supreva.it
127.0.0.1 supwereva.it
127.0.0.1 supwreva.it
127.0.0.1 suupereva.it
127.0.0.1 suypereva.it
127.0.0.1 sypereva.it
127.0.0.1 syupereva.it
gmgismondi
2007-10-04, 02:59
127.0.0.1 t8iscali.it
127.0.0.1 t9iscali.it
127.0.0.1 tepubblica.it
127.0.0.1 tfiscali.it
127.0.0.1 tgiscali.it
127.0.0.1 tgoogle.it
127.0.0.1 thiscali.it
127.0.0.1 ti8scali.it
127.0.0.1 ti9scali.it
127.0.0.1 tiacali.it
127.0.0.1 tiascali.it
127.0.0.1 ticali.it
127.0.0.1 tidcali.it
127.0.0.1 tidscali.it
127.0.0.1 tiiscali.it
127.0.0.1 tijscali.it
127.0.0.1 tikscali.it
127.0.0.1 tilscali.it
127.0.0.1 tioscali.it
127.0.0.1 tisacali.it
127.0.0.1 tisacli.it
127.0.0.1 tiscaali.it
127.0.0.1 tiscail.it
127.0.0.1 tiscaki.it
127.0.0.1 tiscakli.it
127.0.0.1 tiscal8.it
127.0.0.1 tiscal9.it
127.0.0.1 tiscalii.it
127.0.0.1 tiscalij.it
127.0.0.1 tiscalik.it
127.0.0.1 tiscalil.it
127.0.0.1 tiscaliu.it
127.0.0.1 tiscalji.it
127.0.0.1 tiscalki.it
127.0.0.1 tiscalk.it
127.0.0.1 tiscalli.it
127.0.0.1 tiscaloi.it
127.0.0.1 tiscalo.it
127.0.0.1 tiscalui.it
127.0.0.1 tiscaoi.it
127.0.0.1 tiscaoli.it
127.0.0.1 tiscaqli.it
127.0.0.1 tiscasli.it
127.0.0.1 tiscawli.it
127.0.0.1 tiscaxli.it
127.0.0.1 tiscazli.it
127.0.0.1 tiscdali.it
127.0.0.1 tiscfali.it
127.0.0.1 tisclai.it
127.0.0.1 tiscli.it
127.0.0.1 tiscqali.it
127.0.0.1 tiscqli.it
127.0.0.1 tiscsali.it
127.0.0.1 tiscsli.it
127.0.0.1 tiscvali.it
127.0.0.1 tiscwali.it
127.0.0.1 tiscxali.it
127.0.0.1 tisczali.it
127.0.0.1 tisczli.it
127.0.0.1 tisdcali.it
127.0.0.1 tisecali.it
127.0.0.1 tisfcali.it
127.0.0.1 tisscali.it
127.0.0.1 tisvcali.it
127.0.0.1 tiswcali.it
127.0.0.1 tisxali.it
127.0.0.1 tisxcali.it
127.0.0.1 tiuscali.it
127.0.0.1 tiwcali.it
127.0.0.1 tiwscali.it
127.0.0.1 tixcali.it
127.0.0.1 tixscali.it
127.0.0.1 tizscali.it
127.0.0.1 tjiscali.it
127.0.0.1 tkiscali.it
127.0.0.1 tliscali.it
127.0.0.1 toiscali.it
127.0.0.1 toogle.it
127.0.0.1 toscali.it
127.0.0.1 tossoalice.it
127.0.0.1 trebitalia.it
127.0.0.1 treenitalia.it
127.0.0.1 treitalia.it
127.0.0.1 tremnitalia.it
127.0.0.1 treniralia.it
127.0.0.1 trenitaalia.it
127.0.0.1 trenitaia.it
127.0.0.1 trenitakia.it
127.0.0.1 trenitaliaa.it
127.0.0.1 trenitaliaq.it
127.0.0.1 trenitalias.it
127.0.0.1 trenitaliaz.it
127.0.0.1 trenitaliia.it
127.0.0.1 trenitalisa.it
127.0.0.1 trenitalis.it
127.0.0.1 trenitallia.it
127.0.0.1 trenitaloa.it
127.0.0.1 trenitalua.it
127.0.0.1 trenitralia.it
127.0.0.1 trenitslia.it
127.0.0.1 trenittalia.it
127.0.0.1 treniutalia.it
127.0.0.1 treniyalia.it
127.0.0.1 trenmitalia.it
127.0.0.1 trennitalia.it
127.0.0.1 trenotalia.it
127.0.0.1 trentalia.it
127.0.0.1 trenutalia.it
127.0.0.1 trepubblica.it
127.0.0.1 trernitalia.it
127.0.0.1 trewnitalia.it
127.0.0.1 triscali.it
127.0.0.1 trossoalice.it
127.0.0.1 trrenitalia.it
127.0.0.1 trtenitalia.it
127.0.0.1 truttogratis.it
127.0.0.1 tscali.it
127.0.0.1 ttiscali.it
127.0.0.1 ttrenitalia.it
127.0.0.1 tttogratis.it
127.0.0.1 ttuttogratis.it
127.0.0.1 tuiscali.it
127.0.0.1 turtogratis.it
127.0.0.1 tutogratis.it
127.0.0.1 tutrogratis.it
127.0.0.1 tuttgratis.it
127.0.0.1 tuttofratis.it
127.0.0.1 tuttogeratis.it
127.0.0.1 tuttograatis.it
127.0.0.1 tuttograis.it
127.0.0.1 tuttograris.it
127.0.0.1 tuttogratia.it
127.0.0.1 tuttogratias.it
127.0.0.1 tuttogratiis.it
127.0.0.1 tuttograti.it
127.0.0.1 tuttogratisa.it
127.0.0.1 tuttogratiss.it
127.0.0.1 tuttogratos.it
127.0.0.1 tuttograts.it
127.0.0.1 tuttograttis.it
127.0.0.1 tuttogratus.it
127.0.0.1 tuttograyis.it
127.0.0.1 tuttogrratis.it
127.0.0.1 tuttogrstis.it
127.0.0.1 tuttogrtatis.it
127.0.0.1 tuttohratis.it
127.0.0.1 tuttoigratis.it
127.0.0.1 tuttoogratis.it
127.0.0.1 tuttopgratis.it
127.0.0.1 tuttoratis.it
127.0.0.1 tuttpgratis.it
127.0.0.1 tutttogratis.it
127.0.0.1 tuttyogratis.it
127.0.0.1 tutyogratis.it
127.0.0.1 tutytogratis.it
127.0.0.1 tuuttogratis.it
127.0.0.1 tuytogratis.it
127.0.0.1 tyiscali.it
127.0.0.1 tyttogratis.it
127.0.0.1 uibo.it
127.0.0.1 uige.it
127.0.0.1 uimi.it
127.0.0.1 uinimi.it
127.0.0.1 uipd.it
127.0.0.1 uipg.it
127.0.0.1 uito.it
127.0.0.1 umibo.it
127.0.0.1 umige.it
127.0.0.1 umimi.it
127.0.0.1 umipd.it
127.0.0.1 umipv.it
127.0.0.1 umnibo.it
127.0.0.1 unbo.it
127.0.0.1 unge.it
127.0.0.1 unibno.it
127.0.0.1 unie.it
127.0.0.1 unig.it
127.0.0.1 unii.it
127.0.0.1 unini.it
127.0.0.1 univo.it
127.0.0.1 unmibo.it
127.0.0.1 unmi.it
127.0.0.1 unobo.it
127.0.0.1 unpd.it
127.0.0.1 unpg.it
127.0.0.1 unto.it
127.0.0.1 unubo.it
127.0.0.1 upereva.it
gmgismondi
2007-10-04, 03:00
127.0.0.1 v8irgilio.it
127.0.0.1 v8rgilio.it
127.0.0.1 v9irgilio.it
127.0.0.1 v9rgilio.it
127.0.0.1 vbirgilio.it
127.0.0.1 vcirgilio.it
127.0.0.1 vcorriere.it
127.0.0.1 vfirgilio.it
127.0.0.1 vgirgilio.it
127.0.0.1 vgoogle.it
127.0.0.1 vi4gilio.it
127.0.0.1 vi4rgilio.it
127.0.0.1 vi5gilio.it
127.0.0.1 vi5rgilio.it
127.0.0.1 vi8rgilio.it
127.0.0.1 vi9rgilio.it
127.0.0.1 vidrgilio.it
127.0.0.1 viegilio.it
127.0.0.1 viergilio.it
127.0.0.1 vifgilio.it
127.0.0.1 vifrgilio.it
127.0.0.1 vigrgilio.it
127.0.0.1 vigrilio.it
127.0.0.1 vijrgilio.it
127.0.0.1 vikrgilio.it
127.0.0.1 vilrgilio.it
127.0.0.1 viorgilio.it
127.0.0.1 vir4gilio.it
127.0.0.1 vir5gilio.it
127.0.0.1 virbgilio.it
127.0.0.1 virbilio.it
127.0.0.1 virdgilio.it
127.0.0.1 viregilio.it
127.0.0.1 virfgilio.it
127.0.0.1 virg8ilio.it
127.0.0.1 virg8lio.it
127.0.0.1 virg9ilio.it
127.0.0.1 virg9lio.it
127.0.0.1 virgbilio.it
127.0.0.1 virgfilio.it
127.0.0.1 virghilio.it
127.0.0.1 virgi8lio.it
127.0.0.1 virgi9lio.it
127.0.0.1 virgiilo.it
127.0.0.1 virgiio.it
127.0.0.1 virgijlio.it
127.0.0.1 virgiklio.it
127.0.0.1 virgil8io.it
127.0.0.1 virgil9io.it
127.0.0.1 virgili0.it
127.0.0.1 virgili8o.it
127.0.0.1 virgili9.it
127.0.0.1 virgili9o.it
127.0.0.1 virgilijo.it
127.0.0.1 virgiliko.it
127.0.0.1 virgilil.it
127.0.0.1 virgililo.it
127.0.0.1 virgilio0.it
127.0.0.1 virgilio9.it
127.0.0.1 virgilioi.it
127.0.0.1 virgiliok.it
127.0.0.1 virgiliol.it
127.0.0.1 virgiliop.it
127.0.0.1 virgilipo.it
127.0.0.1 virgiliuo.it
127.0.0.1 virgiljio.it
127.0.0.1 virgilkio.it
127.0.0.1 virgiloio.it
127.0.0.1 virgiloo.it
127.0.0.1 virgilpio.it
127.0.0.1 virgiluio.it
127.0.0.1 virgiluo.it
127.0.0.1 virgioio.it
127.0.0.1 virgiolio.it
127.0.0.1 virgiplio.it
127.0.0.1 virgiulio.it
127.0.0.1 virgjilio.it
127.0.0.1 virgkilio.it
127.0.0.1 virgklio.it
127.0.0.1 virglilio.it
127.0.0.1 virgoilio.it
127.0.0.1 virgtilio.it
127.0.0.1 virguilio.it
127.0.0.1 virgvilio.it
127.0.0.1 virgyilio.it
127.0.0.1 virhgilio.it
127.0.0.1 virtgilio.it
127.0.0.1 virtilio.it
127.0.0.1 virvgilio.it
127.0.0.1 virvilio.it
127.0.0.1 virygilio.it
127.0.0.1 vitrgilio.it
127.0.0.1 viurgilio.it
127.0.0.1 vjirgilio.it
127.0.0.1 vkirgilio.it
127.0.0.1 vkrgilio.it
127.0.0.1 vlirgilio.it
127.0.0.1 voirgilio.it
127.0.0.1 vorriere.it
127.0.0.1 vuirgilio.it
127.0.0.1 walitalia.it
127.0.0.1 wbay.it
127.0.0.1 wsupereva.it
127.0.0.1 xcorriere.it
127.0.0.1 xorriere.it
127.0.0.1 ygoogle.it
127.0.0.1 yiscali.it
127.0.0.1 yoogle.it
127.0.0.1 ytiscali.it
127.0.0.1 ytrenitalia.it
127.0.0.1 yunibo.it
127.0.0.1 zalitalia.it
127.0.0.1 zsupereva.it
127.0.0.1 spybot-now.com
127.0.0.1 www.spybot-now.com
127.0.0.1 videowebproject.com
127.0.0.1 www.videowebproject.com
127.0.0.1 apicpreview.com
127.0.0.1 www.apicpreview.com
127.0.0.1 getvideosource.com
127.0.0.1 www.getvideosource.com
127.0.0.1 installmoviepro.com
127.0.0.1 www.installmoviepro.com
127.0.0.1 expandvideo.com
127.0.0.1 www.expandvideo.com
127.0.0.1 onlinevideoset.com
127.0.0.1 www.onlinevideoset.com
127.0.0.1 porn-party.net
127.0.0.1 www.porn-party.net
127.0.0.1 movscodec.com
127.0.0.1 www.movscodec.com
127.0.0.1 codec-fun.com
127.0.0.1 www.codec-fun.com
127.0.0.1 dgbusiness.com
127.0.0.1 www.dgbusiness.com
127.0.0.1 zero-codec.com
127.0.0.1 www.zero-codec.com
127.0.0.1 qwecompany.com
127.0.0.1 www.qwecompany.com
127.0.0.1 cool.ne.jp
127.0.0.1 365soft.info
127.0.0.1 3abetterinternet.com
127.0.0.1 8866.org
127.0.0.1 abetterinternet.com
127.0.0.1 adult-host.org
127.0.0.1 american-teens.net
127.0.0.1 asianpornmag.com
127.0.0.1 azebar.com
127.0.0.1 biz.biz
127.0.0.1 bonzi.com
127.0.0.1 browserwise.com
127.0.0.1 buhartes.info
127.0.0.1 cashsurfers.com
127.0.0.1 centralmedia.ws
127.0.0.1 click-now.net
127.0.0.1 cool.ne.jp
127.0.0.1 dollarrevenue.com
127.0.0.1 download-me.info
127.0.0.1 downloadmax.net
127.0.0.1 downloadzcenter.com
127.0.0.1 downloadzcentral.com
127.0.0.1 downloadznow.net
127.0.0.1 drocherway.com
127.0.0.1 locked-domain.com
127.0.0.1 enitinvest.net
127.0.0.1 dulcineasystems.net
127.0.0.1 ebony-pornmag.com
127.0.0.1 exeupdate.com
127.0.0.1 ezcybersearch.com
127.0.0.1 otcmomo.com
127.0.0.1 fastfreedownload.com
127.0.0.1 free-popup-killer.com
127.0.0.1 fric.cn
127.0.0.1 full-tgp.net
127.0.0.1 gay-clan.com
127.0.0.1 gohip.com
127.0.0.1 grab-it-today.net
127.0.0.1 gratisdownloads.nl
127.0.0.1 hastalavista.com
127.0.0.1 host.sk
127.0.0.1 huntbar.com
127.0.0.1 i-used.cc
127.0.0.1 ieplugin.com
127.0.0.1 imiserver.com
127.0.0.1 imrworldwide.com
127.0.0.1 jps.ru
127.0.0.1 justcount.net
127.0.0.1 k-lined.com
127.0.0.1 kannylizaciya.info
127.0.0.1 lesbianspornmag.com
127.0.0.1 lets-get-it.net
127.0.0.1 links4all.biz
127.0.0.1 registerapi.com
127.0.0.1 logih.com
127.0.0.1 malwarewipe.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 marketdart.com
127.0.0.1 myvnc.com
127.0.0.1 n3.net
127.0.0.1 netfartpost.com
127.0.0.1 netzany.com
127.0.0.1 ninoa.com
127.0.0.1 nylonpornmag.com
127.0.0.1 onli-ne.com
127.0.0.1 p0rt2.com
127.0.0.1 picture-posters.com
127.0.0.1 play-lolita.com
127.0.0.1 porn4porn.net
127.0.0.1 pornpic.org
127.0.0.1 nevest.net
127.0.0.1 psn.cn
127.0.0.1 psyche-evolution.com
127.0.0.1 rack.cc
127.0.0.1 realfet.com
127.0.0.1 rub.to
127.0.0.1 s-redirect.com
127.0.0.1 searchtab.net
127.0.0.1 searchtabs.net
127.0.0.1 secdep.info
127.0.0.1 seekporn.org
127.0.0.1 sex-explorer.com
127.0.0.1 ncc.sex-explorer.com
127.0.0.1 sexmaniack.com
127.0.0.1 doktorxxx.com
127.0.0.1 sexpornonline.com
127.0.0.1 shemalespornmag.com
127.0.0.1 shopnav.com
127.0.0.1 smileycentral.com
127.0.0.1 smtp.ru
127.0.0.1 softwarecenterz.com
127.0.0.1 spb.ru
127.0.0.1 spy-shredder.com
127.0.0.1 spyaxe.biz
127.0.0.1 spyaxe.com
127.0.0.1 spyaxe.net
127.0.0.1 studioaperto.net
127.0.0.1 superbahamas.com
127.0.0.1 supersexpass.com
127.0.0.1 syserrors.com
127.0.0.1 teenmonster.com
127.0.0.1 truth-is-out-there.org
127.0.0.1 tsx.org
127.0.0.1 tuttogtratis.it
127.0.0.1 ucmore.com
127.0.0.1 underagehost.com
127.0.0.1 vcodec.com
127.0.0.1 virusprotectpro.com
127.0.0.1 web1000.com
127.0.0.1 winantispam.com
127.0.0.1 windrivesafe.com
127.0.0.1 www4free.info
127.0.0.1 xrensmagpost.com
127.0.0.1 xu.pl
127.0.0.1 xupiter.com
127.0.0.1 sigmadown.biz
127.0.0.1 www.sigmadown.biz
127.0.0.1 antivirgear.com
127.0.0.1 www.antivirgear.com
127.0.0.1 dl1.antivirgear.com
127.0.0.1 flashdollars.com
127.0.0.1 www.flashdollars.com
127.0.0.1 signupprocess.com
127.0.0.1 www.signupprocess.com
127.0.0.1 antivirusprotector.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 americancarbargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 dogproblemswebsite.com
127.0.0.1 www.dogproblemswebsite.com
127.0.0.1 dvdtocdsite.com
127.0.0.1 www.dvdtocdsite.com
127.0.0.1 edietprogram.com
127.0.0.1 www.edietprogram.com
127.0.0.1 extremepaidsurveys.com
127.0.0.1 www.extremepaidsurveys.com
127.0.0.1 hotmp3music.com
127.0.0.1 www.hotmp3music.com
127.0.0.1 registrycleanersite.com
127.0.0.1 www.registrycleanersite.com
127.0.0.1 sharedgamesite.com
127.0.0.1 www.sharedgamesite.com
127.0.0.1 sharedmoviesite.com
127.0.0.1 www.sharedmoviesite.com
127.0.0.1 sharedtvsite.com
127.0.0.1 www.sharedtvsite.com
127.0.0.1 spywareremoversite.com
127.0.0.1 www.spywareremoversite.com
127.0.0.1 helpyourpcnow.com
127.0.0.1 www.helpyourpcnow.com
127.0.0.1 gomyron.com
127.0.0.1 www.gomyron.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\lgaac.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\lgaac.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A40FBB4-AE56-4FF8-8203-B120C1006190}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2A40FBB4-AE56-4FF8-8203-B120C1006190}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
gmgismondi
2007-10-04, 03:01
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:27:18 PM 10/3/2007
+ Scan result:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP225\A0010258.dll -> Downloader.Bojo.h : Cleaned with backup (quarantined).
::Report end
gmgismondi
2007-10-04, 03:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:59 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8559 bytes
Thats looking better :)
How are things running now ??
Show All Files And Folders
Now you need to show all files and folders
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Delete Files and Folders
Find and delete the following Files if present
C:\Documents and Settings\user\Local Settings\Temp\laf1.exe <<< This File
Deckard's System Scanner
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
gmgismondi
2007-10-06, 01:55
Deckard's System Scanner v20070905.67
Run by user on 2007-10-05 19:48:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2007-10-05 23:49:04 UTC - RP229 - Deckard's System Scanner Restore Point
6: 2007-10-05 22:25:04 UTC - RP228 - Uninstall Steinberg Cubase LE
5: 2007-10-05 22:23:05 UTC - RP227 - Removed Microsoft Money 2004 System Pack
4: 2007-10-04 22:26:59 UTC - RP226 - System Checkpoint
3: 2007-10-03 02:56:39 UTC - RP225 - System Checkpoint
-- First Restore Point --
1: 2007-09-28 01:00:22 UTC - RP223 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.95 GiB (less than 15%) free.
-- HijackThis (run as user.exe) ---------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:56 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8407 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 US122 (US122 Driver) - c:\windows\system32\drivers\us122.sys <Not Verified; Frontier Design Group, LLC; TASCAM US-122>
S3 US122DL (US122 Firmware Downloader) - c:\windows\system32\drivers\us122dl.sys <Not Verified; Frontier Design Group; TASCAM US-122>
S3 Us122WdmService (US122 Wdm Audio) - c:\windows\system32\drivers\us122wdm.sys <Not Verified; Frontier Design Group, LLC; TASCAM US-122>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_16A6&SUBSYS_81261028&REV_02\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom 570x Gigabit Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_16A6&SUBSYS_81261028&REV_02\4&39A85202&0&00F0
Service: b57w2k
-- Scheduled Tasks -------------------------------------------------------------
2007-10-05 18:13:03 522 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (WIN-user).job
-- Files created between 2007-09-05 and 2007-10-05 -----------------------------
2007-10-02 17:40:45 2870 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-02 17:40:10 25088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-02 17:40:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-02 17:40:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-02 17:40:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-02 17:40:08 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-02 17:39:43 1033821 --a------ C:\Program Files\SmitfraudFix.exe
2007-09-26 20:10:16 0 d-------- C:\Program Files\Trend Micro
2007-09-23 11:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-23 11:39:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-22 13:55:17 0 dr-h----- C:\Documents and Settings\user\Recent
2007-09-20 17:05:40 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-09 10:50:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
-- Find3M Report ---------------------------------------------------------------
2007-10-05 18:28:57 0 d-------- C:\Program Files\ewido anti-malware
2007-10-05 18:26:33 0 d-------- C:\Program Files\Steinberg
2007-10-05 18:22:33 0 d-------- C:\Program Files\Magix
2007-10-05 18:22:12 0 d-------- C:\Program Files\Media_Manager_2004
2007-10-05 18:21:38 0 d-------- C:\Program Files\Ares
2007-09-23 18:39:47 0 d-------- C:\Program Files\Lavasoft
2007-09-22 00:03:57 0 d-------- C:\Program Files\Yahoo!
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 03:04 AM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/28/2003 07:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/05/2004 11:57 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [04/19/2004 10:29 AM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08/08/2003 07:02 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/17/2003 10:50 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [08/27/2003 12:00 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [08/21/2003 07:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"CTHelper"="CTHELPER.EXE" [05/11/2005 02:01 AM C:\WINDOWS\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/09/2006 12:31 PM]
"RegistryMechanic"="" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [05/11/2005 01:51 AM C:\WINDOWS\MIDIDEF.EXE]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
DESKTOP.INI [9/3/2002 11:00:00 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 06/20/2003 09:03 AM 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1102627529\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
-- Hosts -----------------------------------------------------------------------
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
6538 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-10-05 19:53:41 ------------
That looks fine, apart from the amount of space left on your hard drive ;)
How are things running now ?
gmgismondi
2007-10-07, 18:10
Things seem to be running fine. Thank you for your help.
I have a million questions though...
My hard drive is near capacity because I have some music recording programs that take up a lot of space. I should go through and delete some of the ones I don't use. Should I defrag when done deleting ? What else can I do to help this?
Also, I noticed in my past log there are a lot of websites listed that I've never been to. are they embeded or something? Do I need to get rid of them? My full name is also listed in a lot of my logs probably from when I registered my computer. Can I change this? When we are finished can this thread be deleted? Because if you search my name on google this thread will come up and i don't want anyone reading it.
Haha...I think that's all. Thanks again.
G
Should I defrag when done deleting ? What else can I do to help this?Defragmenting does help speed up the computer, but you need space for it to work.
I would recommend getting an external harddrive if there are files that you want to keep but don't use often.
Also, I noticed in my past log there are a lot of websites listed that I've never been to. are they embeded or something? Do I need to get rid of them?
The sites listed are in your Host file.
This is the file that your computer looks in to find the address of a website.
The fact that they all have 127.0.0.1 in front of the name means that you couldn't visit the site if you wanted to :) .
This stops malware from sending you to these sites by accident.
You should leave them as they are.
My full name is also listed in a lot of my logs probably from when I registered my computer. Can I change this?
I will ask an Admin to remove your name.
Congratulations your logs look clean :D
Let’s see if I can help you keep it that way
First lets tidy up :D
Please delete
SmitFraudFix and Dss
You can also remove any logs we made.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
Also PLEASE read this article
So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
If you can see a program in the must have section that you have never seen or used then get it!
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
gmgismondi
2007-10-10, 23:29
Everything is ok! Thank you very much for your help.
G