Infection won't let me connect to anti-virus sites - please help

[imblindio]

Hi, I seem to have an infection that won't let me connect to any anti-virus/spyware destinations.

I originally tried to run Spybot to do a scan when my PC kept freezing. The .exe would not run. Not realising this could be a symptom I uninstalled spybot and downloaded the latest version. The installer will run bit it won't talk to the servers so I can't reinstall the programme.

My Mcafee anti virus will not update definitions.

I can't connect to other spyware sites e.g. lavasoft (i managed to download ad-aware from another PC and have installed - this has cleaned up a few infections but again won't link to the server to update the definitions).

I cannot connect to HijackThis site, but again have downloaded the programme on a clean PC and ran it last night (see below).

I can't even connect to this forum site and am having to do this from my work PC. Please help - it is driving me bonkers!!!

---------------

HT log is as follows:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:55, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Richard Port\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.blueyonder.co.uk/search/search.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blueyonder.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: mcodbc - C:\WINDOWS\system\mcodbc.dll (file missing)
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 9510 bytes

 

[ken545]

Hello imblindio

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
It is advisable that you back up your personal data before starting any clean up procedure.

Your infected with the Smitfraud Trojan :sad:

You will have to download both these programs from a known clean computer and tranfer them to the infected one, if you can I would burn them to a CD and not use a removable drive like a thumb or flash


You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.


Boot your computer into Safemode

• Go to Start> Shut Off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
• This will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode
• Then press the Enter on your Keyboard

Tutorial if you need it How to boot into Safemode

• Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
• Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
• You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
• The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart into normal Windows.
• A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt


Reboot normally.

• Open the SmitfraudFix folder and double-click smitfraudfix.cmd
• Select option #3 - Delete Trusted zone by typing 3 and press Enter
• Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.<---Don't forget this
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply along with a Hijackthis log.

Please download ATF Cleaner by Atribune to your desktop.

• This program is for XP and Windows 2000 only
• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Post the log from Smitfraud fix, Malwarebytes and a New HJT log please

 

[imblindio]

Hi Ken, thanks for your help.

I've run the Smitfraudfix part of your instructions and have got the rapport.txt file (see below).

However, when I try and run mbam-setup.exe it hangs like spybot did in the original problem. When i look at task manager is says the file has been launched as a process but nothing happens on the screen. Any suggestions as to how I can get the programme to run?

rapport.txt and a fresh HJT log are attached.

cheers,
rich

--------------------------------
SmitFraudFix v2.381

Scan done at 21:57:15.81, 09/12/2008
Run from C:\Documents and Settings\Richard Port\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 1ad2srvr-cpt-v1.com
127.0.0.1 www.1ad2srvr-cpt-v1.com
127.0.0.1 207-182-237-233.visionaire-us.com
127.0.0.1 www.207-182-237-233.visionaire-us.com
127.0.0.1 3721.com
127.0.0.1 www.3721.com
127.0.0.1 680180.net
127.0.0.1 www.680180.net
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 Ad.doubleclick.net
127.0.0.1 www.Ad.doubleclick.net
127.0.0.1 Adserv.internetfuel.com
127.0.0.1 www.Adserv.internetfuel.com
127.0.0.1 Akapp.whenu.com
127.0.0.1 www.Akapp.whenu.com
127.0.0.1 App.whenu.com
127.0.0.1 www.App.whenu.com
127.0.0.1 Banserv.internetfuel.com
127.0.0.1 www.Banserv.internetfuel.com
127.0.0.1 Bidtxt.whenu.com
127.0.0.1 www.Bidtxt.whenu.com
127.0.0.1 Corr.conscorr.com
127.0.0.1 www.Corr.conscorr.com
127.0.0.1 Dclcorp.rpts.net
127.0.0.1 www.Dclcorp.rpts.net
127.0.0.1 Drk.localnrd.com
127.0.0.1 www.Drk.localnrd.com
127.0.0.1 Homecgocable.net
127.0.0.1 www.Homecgocable.net
127.0.0.1 Netbroadcast.com
127.0.0.1 www.Netbroadcast.com
127.0.0.1 Smartpops.com
127.0.0.1 www.Smartpops.com
127.0.0.1 Spapp.whenu.com
127.0.0.1 www.Spapp.whenu.com
127.0.0.1 Xxxtoolbar.com
127.0.0.1 www.Xxxtoolbar.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 active-alert-server.com
127.0.0.1 www.active-alert-server.com
127.0.0.1 active-max.com
127.0.0.1 www.active-max.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 address.3721.com
127.0.0.1 www.address.3721.com
127.0.0.1 adopt.hotbar.com
127.0.0.1 www.adopt.hotbar.com
127.0.0.1 adpopper.outblaze.com
127.0.0.1 www.adpopper.outblaze.com
127.0.0.1 adroar.com
127.0.0.1 www.adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 www.ads.adroar.com
127.0.0.1 ads.adtomi.com
127.0.0.1 www.ads.adtomi.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 www.ads.centralmedia.ws
127.0.0.1 ads.hotbar.com
127.0.0.1 www.ads.hotbar.com
127.0.0.1 ads.internet-optimizer.com
127.0.0.1 www.ads.internet-optimizer.com
127.0.0.1 ads.offeroptimizer.com
127.0.0.1 www.ads.offeroptimizer.com
127.0.0.1 ads.vx2.cc
127.0.0.1 www.ads.vx2.cc
127.0.0.1 ads3.virtumundo.com
127.0.0.1 www.ads3.virtumundo.com
127.0.0.1 ads4.virtumundo.com
127.0.0.1 www.ads4.virtumundo.com
127.0.0.1 adserv1.ebates.com
127.0.0.1 www.adserv1.ebates.com
127.0.0.1 adtactics.com
127.0.0.1 www.adtactics.com
127.0.0.1 adtracker.411web.com
127.0.0.1 www.adtracker.411web.com
127.0.0.1 advertisingagent.com
127.0.0.1 www.advertisingagent.com
127.0.0.1 agent.3721.com
127.0.0.1 www.agent.3721.com
127.0.0.1 ajokeaday.com
127.0.0.1 www.ajokeaday.com
127.0.0.1 ak.imgfarm.com
127.0.0.1 www.ak.imgfarm.com
127.0.0.1 akapp.whenu.com
127.0.0.1 www.akapp.whenu.com
127.0.0.1 akweb.whenu.com
127.0.0.1 www.akweb.whenu.com
127.0.0.1 allaboutsearching.com
127.0.0.1 www.allaboutsearching.com
127.0.0.1 almightysearch.com
127.0.0.1 www.almightysearch.com
127.0.0.1 alpha.searchassistant.net
127.0.0.1 www.alpha.searchassistant.net
127.0.0.1 altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 amazingautossearch.com
127.0.0.1 www.amazingautossearch.com
127.0.0.1 amnv.net
127.0.0.1 www.amnv.net
127.0.0.1 ao.lop.com
127.0.0.1 www.ao.lop.com
127.0.0.1 app.desktop.ak-networks.com
127.0.0.1 www.app.desktop.ak-networks.com
127.0.0.1 app.ezula.com
127.0.0.1 www.app.ezula.com
127.0.0.1 app.whenu.com
127.0.0.1 www.app.whenu.com
127.0.0.1 app.whenu.speedera.net
127.0.0.1 www.app.whenu.speedera.net
127.0.0.1 assistant.3721.com
127.0.0.1 www.assistant.3721.com
127.0.0.1 avenuemedia.com
127.0.0.1 www.avenuemedia.com
127.0.0.1 ayb.lop.com
127.0.0.1 www.ayb.lop.com
127.0.0.1 b3d.com
127.0.0.1 www.b3d.com
127.0.0.1 badsol.bianas.com
127.0.0.1 www.badsol.bianas.com
127.0.0.1 badurl.grandstreetinteractive.com
127.0.0.1 www.badurl.grandstreetinteractive.com
127.0.0.1 badurl.ieplugin.com
127.0.0.1 www.badurl.ieplugin.com
127.0.0.1 bannerserver.gator.com
127.0.0.1 www.bannerserver.gator.com
127.0.0.1 bannersxchange.com
127.0.0.1 www.bannersxchange.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 www.bannerx.adtactics.com
127.0.0.1 bar.mywebsearch.com
127.0.0.1 www.bar.mywebsearch.com
127.0.0.1 bc2.gator.com
127.0.0.1 www.bc2.gator.com
127.0.0.1 bde3d.com
127.0.0.1 www.bde3d.com
127.0.0.1 belt.abetterinternet.com
127.0.0.1 www.belt.abetterinternet.com
127.0.0.1 beta.searchassistant.net
127.0.0.1 www.beta.searchassistant.net
127.0.0.1 bg.gator.com
127.0.0.1 www.bg.gator.com
127.0.0.1 bg2.gator.com
127.0.0.1 www.bg2.gator.com
127.0.0.1 bi.gator.com
127.0.0.1 www.bi.gator.com
127.0.0.1 bidtxt.whenu.com
127.0.0.1 www.bidtxt.whenu.com
127.0.0.1 bigbrother.gigatechsoftware.com
127.0.0.1 www.bigbrother.gigatechsoftware.com
127.0.0.1 bins.lop.com
127.0.0.1 www.bins.lop.com
127.0.0.1 bis.180solutions.com
127.0.0.1 www.bis.180solutions.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 www.bluehavenmedia.com
127.0.0.1 brilliantdigital.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 browserwise.com
127.0.0.1 www.browserwise.com
127.0.0.1 bundleware.com
127.0.0.1 www.bundleware.com
127.0.0.1 c.abetterinternet.com
127.0.0.1 www.c.abetterinternet.com
127.0.0.1 c.centralmedia.ws
127.0.0.1 www.c.centralmedia.ws
127.0.0.1 c.pornograph.com
127.0.0.1 www.c.pornograph.com
127.0.0.1 c4.iwon.com
127.0.0.1 www.c4.iwon.com
127.0.0.1 c4.maxserving.com
127.0.0.1 www.c4.maxserving.com
127.0.0.1 c4.mysearch.com
127.0.0.1 www.c4.mysearch.com
127.0.0.1 cadsol.bianas.com
127.0.0.1 www.cadsol.bianas.com
127.0.0.1 casinobuilder.i-lookup.com
127.0.0.1 www.casinobuilder.i-lookup.com
127.0.0.1 cassandra.searchassistant.net
127.0.0.1 www.cassandra.searchassistant.net
127.0.0.1 cc.iwon.com
127.0.0.1 www.cc.iwon.com
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 www.cdn.climaxbucks.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 www.cdn.movies-etc.com
127.0.0.1 centralmedia.ws
127.0.0.1 www.centralmedia.ws
127.0.0.1 cfg.mysearch.com
127.0.0.1 www.cfg.mysearch.com
127.0.0.1 cfg.mywebsearch.com
127.0.0.1 www.cfg.mywebsearch.com
127.0.0.1 checkin.clickalchemy.com
127.0.0.1 www.checkin.clickalchemy.com
127.0.0.1 chromium.whenu.com
127.0.0.1 www.chromium.whenu.com
127.0.0.1 cjt1.net
127.0.0.1 www.cjt1.net
127.0.0.1 cleangetaway.biz
127.0.0.1 www.cleangetaway.biz
127.0.0.1 click2findnow.com
127.0.0.1 www.click2findnow.com
127.0.0.1 clickalchemy.com
127.0.0.1 www.clickalchemy.com
127.0.0.1 climaxbucks.com
127.0.0.1 www.climaxbucks.com
127.0.0.1 cns.3721.com
127.0.0.1 www.cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 www.cnsmin.3721.com
127.0.0.1 cocktailcash.com
127.0.0.1 www.cocktailcash.com
127.0.0.1 code.ignphrases.com
127.0.0.1 www.code.ignphrases.com
127.0.0.1 config.grandstreetinteractive.com
127.0.0.1 www.config.grandstreetinteractive.com
127.0.0.1 content.dashbar.com
127.0.0.1 www.content.dashbar.com
127.0.0.1 contexualsearch.com
127.0.0.1 www.contexualsearch.com
127.0.0.1 corp.3721.com
127.0.0.1 www.corp.3721.com
127.0.0.1 coupons.gator.com
127.0.0.1 www.coupons.gator.com
127.0.0.1 cr.stop-popup-ads-now.com
127.0.0.1 www.cr.stop-popup-ads-now.com
127.0.0.1 crap2.com
127.0.0.1 www.crap2.com
127.0.0.1 crossroad.trekdata.com
127.0.0.1 www.crossroad.trekdata.com
127.0.0.1 cs.hotbar.com
127.0.0.1 www.cs.hotbar.com
127.0.0.1 ct.cydoor.com
127.0.0.1 www.ct.cydoor.com
127.0.0.1 ctl.twain-tech.com
127.0.0.1 www.ctl.twain-tech.com
127.0.0.1 cust.bezeqint.net
127.0.0.1 www.cust.bezeqint.net
127.0.0.1 daptest.speedbit.com
127.0.0.1 www.daptest.speedbit.com
127.0.0.1 datastorm.biz
127.0.0.1 www.datastorm.biz
127.0.0.1 delta.adroar.com
127.0.0.1 www.delta.adroar.com
127.0.0.1 dir.3721.com
127.0.0.1 www.dir.3721.com
127.0.0.1 direct.simpletraffic.com
127.0.0.1 www.direct.simpletraffic.com
127.0.0.1 docs1.iwon.com
127.0.0.1 www.docs1.iwon.com
127.0.0.1 domain.i-lookup.com
127.0.0.1 www.domain.i-lookup.com
127.0.0.1 download.3721.com
127.0.0.1 www.download.3721.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 www.download.abetterinternet.com
127.0.0.1 download.bonzi.com
127.0.0.1 www.download.bonzi.com
127.0.0.1 download.bulletproofsoft.com
127.0.0.1 www.download.bulletproofsoft.com
127.0.0.1 download.feiyang.com
127.0.0.1 www.download.feiyang.com
127.0.0.1 download.gigatechsoftware.com
127.0.0.1 www.download.gigatechsoftware.com
127.0.0.1 download.ipinsight.net
127.0.0.1 www.download.ipinsight.net
127.0.0.1 download.vx2.cc
127.0.0.1 www.download.vx2.cc
127.0.0.1 download.whenu.com
127.0.0.1 www.download.whenu.com
127.0.0.1 download2.abetterinternet.com
127.0.0.1 www.download2.abetterinternet.com
127.0.0.1 dyn.virtumundo.com
127.0.0.1 www.dyn.virtumundo.com
127.0.0.1 dynamic.hotbar.com
127.0.0.1 www.dynamic.hotbar.com
127.0.0.1 dynmenu.hotbar.com
127.0.0.1 www.dynmenu.hotbar.com
127.0.0.1 ecpm.com
127.0.0.1 www.ecpm.com
127.0.0.1 efc.iwon.com
127.0.0.1 www.efc.iwon.com
127.0.0.1 epsilon.searchassistant.net
127.0.0.1 www.epsilon.searchassistant.net
127.0.0.1 express.3721.com
127.0.0.1 www.express.3721.com
127.0.0.1 ez-searching.com
127.0.0.1 www.ez-searching.com
127.0.0.1 ezula.com
127.0.0.1 www.ezula.com
127.0.0.1 find-quick.com
127.0.0.1 www.find-quick.com
127.0.0.1 findology.mail.everyone.net
127.0.0.1 www.findology.mail.everyone.net
127.0.0.1 fstrack.7search.com
127.0.0.1 www.fstrack.7search.com
127.0.0.1 ftp.clicktracking.info
127.0.0.1 www.ftp.clicktracking.info
127.0.0.1 gator29.gator.com
127.0.0.1 www.gator29.gator.com
127.0.0.1 gatorcme.gator.com
127.0.0.1 www.gatorcme.gator.com
127.0.0.1 gbs.gator.com
127.0.0.1 www.gbs.gator.com
127.0.0.1 getweathercast.com
127.0.0.1 www.getweathercast.com
127.0.0.1 gi.gator.com
127.0.0.1 www.gi.gator.com
127.0.0.1 globaltoolbar.com
127.0.0.1 www.globaltoolbar.com
127.0.0.1 globalwebsearch.com
127.0.0.1 www.globalwebsearch.com
127.0.0.1 grandstreetinteractive.com
127.0.0.1 www.grandstreetinteractive.com
127.0.0.1 gs.gator.com
127.0.0.1 www.gs.gator.com
127.0.0.1 gt.gator.com
127.0.0.1 www.gt.gator.com
127.0.0.1 help.mysearch.com
127.0.0.1 www.help.mysearch.com
127.0.0.1 hits.411web.com
127.0.0.1 www.hits.411web.com
127.0.0.1 home.iwon.com
127.0.0.1 www.home.iwon.com
127.0.0.1 hotbar.com
127.0.0.1 www.hotbar.com
127.0.0.1 www.i-lookup.com
127.0.0.1 i1img.com
127.0.0.1 www.i1img.com
127.0.0.1 iads.adroar.com
127.0.0.1 www.iads.adroar.com
127.0.0.1 ieplugin.com
127.0.0.1 www.ieplugin.com
127.0.0.1 igetnet.com
127.0.0.1 www.igetnet.com
127.0.0.1 image.i1img.com
127.0.0.1 www.image.i1img.com
127.0.0.1 image.imgfarm.com
127.0.0.1 www.image.imgfarm.com
127.0.0.1 images.bonzi.com
127.0.0.1 www.images.bonzi.com
127.0.0.1 images.gator.com
127.0.0.1 www.images.gator.com
127.0.0.1 img.3721.com
127.0.0.1 www.img.3721.com
127.0.0.1 img.7meta.com
127.0.0.1 www.img.7meta.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 www.img.bannersxchange.com
127.0.0.1 img.lop.com
127.0.0.1 www.img.lop.com
127.0.0.1 imgfarm.com
127.0.0.1 www.imgfarm.com
127.0.0.1 impression.7search.com
127.0.0.1 www.impression.7search.com
127.0.0.1 install.browsertoolbar.com
127.0.0.1 www.install.browsertoolbar.com
127.0.0.1 installdollars.com
127.0.0.1 www.installdollars.com
127.0.0.1 installs.hotbar.com
127.0.0.1 www.installs.hotbar.com
127.0.0.1 internal.vx2.cc
127.0.0.1 www.internal.vx2.cc
127.0.0.1 internet-optimizer.com
127.0.0.1 www.internet-optimizer.com
127.0.0.1 ipend.datastorm.biz
127.0.0.1 www.ipend.datastorm.biz
127.0.0.1 ipinsight.com
127.0.0.1 www.ipinsight.com
127.0.0.1 iron.whenu.com
127.0.0.1 www.iron.whenu.com
127.0.0.1 javatar.cjt1.net
127.0.0.1 www.javatar.cjt1.net
127.0.0.1 jbns2.cydoor.com
127.0.0.1 www.jbns2.cydoor.com
127.0.0.1 jcde-nms4.joltid.net
127.0.0.1 www.jcde-nms4.joltid.net
127.0.0.1 jcde-nms5.joltid.net
127.0.0.1 www.jcde-nms5.joltid.net
127.0.0.1 jcde-nms6.joltid.net
127.0.0.1 www.jcde-nms6.joltid.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 www.jcms.cydoor.com
127.0.0.1 jcontent.bns1.net
127.0.0.1 www.jcontent.bns1.net
127.0.0.1 jdownloadacc.cjt1.net
127.0.0.1 www.jdownloadacc.cjt1.net
127.0.0.1 jedonkey.cjt1.net
127.0.0.1 www.jedonkey.cjt1.net
127.0.0.1 jicq.cjt1.net
127.0.0.1 www.jicq.cjt1.net
127.0.0.1 jmindset.cjt1.net
127.0.0.1 www.jmindset.cjt1.net
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.jpedownload.joltid.com
127.0.0.1 jpiolet.cjt1.net
127.0.0.1 www.jpiolet.cjt1.net
127.0.0.1 jwildmedia.cjt1.net
127.0.0.1 www.jwildmedia.cjt1.net
127.0.0.1 k17177.bins.lop.com
127.0.0.1 www.k17177.bins.lop.com
127.0.0.1 kazanon.com
127.0.0.1 www.kazanon.com
127.0.0.1 lead.whenu.com
127.0.0.1 www.lead.whenu.com
127.0.0.1 license.hotbar.com
127.0.0.1 www.license.hotbar.com
127.0.0.1 lists.adroar.com
127.0.0.1 www.lists.adroar.com
127.0.0.1 look-today.com
127.0.0.1 www.look-today.com
127.0.0.1 look2me.com
127.0.0.1 www.look2me.com
127.0.0.1 lop.com
127.0.0.1 www.lop.com
127.0.0.1 magic.3721.com
127.0.0.1 www.magic.3721.com
127.0.0.1 mail.vx2.cc
127.0.0.1 www.mail.vx2.cc
127.0.0.1 map.gator.com
127.0.0.1 www.map.gator.com
127.0.0.1 mark.3721.com
127.0.0.1 www.mark.3721.com
127.0.0.1 master.mx-targeting.com
127.0.0.1 www.master.mx-targeting.com
127.0.0.1 maxexp.com
127.0.0.1 www.maxexp.com
127.0.0.1 media.altnet.com
127.0.0.1 www.media.altnet.com
127.0.0.1 mediabuy-nic.cjt1.net
127.0.0.1 www.mediabuy-nic.cjt1.net
127.0.0.1 memorymeter.com
127.0.0.1 www.memorymeter.com
127.0.0.1 mercury.whenu.com
127.0.0.1 www.mercury.whenu.com
127.0.0.1 messagebroadcaster.net
127.0.0.1 www.messagebroadcaster.net
127.0.0.1 meta.3721.com
127.0.0.1 www.meta.3721.com
127.0.0.1 mindseti.com
127.0.0.1 www.mindseti.com
127.0.0.1 movies-etc.com
127.0.0.1 www.movies-etc.com
127.0.0.1 msearch.3721.com
127.0.0.1 www.msearch.3721.com
127.0.0.1 msview.cc
127.0.0.1 www.msview.cc
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 www.mt1.climaxbucks.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 www.mt23.climaxbucks.com
127.0.0.1 my.iwon.com
127.0.0.1 www.my.iwon.com
127.0.0.1 mypanicbutton.com
127.0.0.1 www.mypanicbutton.com
127.0.0.1 mysearchnow.com
127.0.0.1 www.mysearchnow.com
127.0.0.1 mywebsearch.com
127.0.0.1 www.mywebsearch.com
127.0.0.1 netpalnow.com
127.0.0.1 www.netpalnow.com
127.0.0.1 netpaloffers.net
127.0.0.1 www.netpaloffers.net
127.0.0.1 netsearchsoft.com
127.0.0.1 www.netsearchsoft.com
127.0.0.1 new.net
127.0.0.1 www.new.net
127.0.0.1 nictechnetworks.com
127.0.0.1 www.nictechnetworks.com
127.0.0.1 nopop.net
127.0.0.1 www.nopop.net
127.0.0.1 ns1.exportusa.com
127.0.0.1 www.ns1.exportusa.com
127.0.0.1 ns1.vx2.cc
127.0.0.1 www.ns1.vx2.cc
127.0.0.1 ns2.vx2.cc
127.0.0.1 www.ns2.vx2.cc
127.0.0.1 odysseusmarketing.com
127.0.0.1 www.odysseusmarketing.com
127.0.0.1 offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 omegasearch.com
127.0.0.1 www.omegasearch.com
127.0.0.1 omi-update.net
127.0.0.1 www.omi-update.net
127.0.0.1 orbitexplorer.com
127.0.0.1 www.orbitexplorer.com
127.0.0.1 partners.hotbar.com
127.0.0.1 www.partners.hotbar.com
127.0.0.1 paypertext.com
127.0.0.1 www.paypertext.com
127.0.0.1 pchi-vtrk.virtumundo.com
127.0.0.1 www.pchi-vtrk.virtumundo.com
127.0.0.1 plugusin4cash.com
127.0.0.1 www.plugusin4cash.com
127.0.0.1 plus.iwon.com
127.0.0.1 www.plus.iwon.com
127.0.0.1 pm.altnet.com
127.0.0.1 www.pm.altnet.com
127.0.0.1 predictivesearch.com
127.0.0.1 www.predictivesearch.com
127.0.0.1 pricebandit.com
127.0.0.1 www.pricebandit.com
127.0.0.1 privacy.virtumundo.com
127.0.0.1 www.privacy.virtumundo.com
127.0.0.1 prizemachine.games.iwon.com
127.0.0.1 www.prizemachine.games.iwon.com
127.0.0.1 promos.hotbar.com
127.0.0.1 www.promos.hotbar.com
127.0.0.1 prosearching.com
127.0.0.1 www.prosearching.com
127.0.0.1 puv.hotbar.com
127.0.0.1 www.puv.hotbar.com
127.0.0.1 query.i-lookup.com
127.0.0.1 www.query.i-lookup.com
127.0.0.1 regserver.gator.com
127.0.0.1 www.regserver.gator.com
127.0.0.1 reports.hotbar.com
127.0.0.1 www.reports.hotbar.com
127.0.0.1 reports.offeroptimizer.com
127.0.0.1 www.reports.offeroptimizer.com
127.0.0.1 results.dashbar.com
127.0.0.1 www.results.dashbar.com
127.0.0.1 results.searchscout.com
127.0.0.1 www.results.searchscout.com
127.0.0.1 resultsmaster.com
127.0.0.1 www.resultsmaster.com
127.0.0.1 rs.gator.com
127.0.0.1 www.rs.gator.com
127.0.0.1 rspsearch.com
127.0.0.1 www.rspsearch.com
127.0.0.1 s.abetterinternet.com
127.0.0.1 www.s.abetterinternet.com
127.0.0.1 savenow-pop-ads.com
127.0.0.1 www.savenow-pop-ads.com
127.0.0.1 savenow-popup-ads.com
127.0.0.1 www.savenow-popup-ads.com
127.0.0.1 sbox.3721.com
127.0.0.1 www.sbox.3721.com
127.0.0.1 sbvr.com
127.0.0.1 www.sbvr.com
127.0.0.1 scriptserver.gator.com
127.0.0.1 www.scriptserver.gator.com
127.0.0.1 search.active-max.com
127.0.0.1 www.search.active-max.com
127.0.0.1 search.gator.com
127.0.0.1 www.search.gator.com
127.0.0.1 search.ieplugin.com
127.0.0.1 www.search.ieplugin.com
127.0.0.1 search.iwon.com
127.0.0.1 www.search.iwon.com
127.0.0.1 search.mysearchnow.com
127.0.0.1 www.search.mysearchnow.com
127.0.0.1 search.xrenoder.com
127.0.0.1 www.search.xrenoder.com
127.0.0.1 search2.i-lookup.com
127.0.0.1 www.search2.i-lookup.com
127.0.0.1 search200.com
127.0.0.1 www.search200.com
127.0.0.1 searchassistant.iwon.com
127.0.0.1 www.searchassistant.iwon.com
127.0.0.1 searchassistant.net
127.0.0.1 www.searchassistant.net
127.0.0.1 searchbus.com
127.0.0.1 www.searchbus.com
127.0.0.1 searchdisp.hotbar.com
127.0.0.1 www.searchdisp.hotbar.com
127.0.0.1 searchexe.com
127.0.0.1 www.searchexe.com
127.0.0.1 searchweb2.com
127.0.0.1 www.searchweb2.com
127.0.0.1 sentrymon.ipinsight.net
127.0.0.1 www.sentrymon.ipinsight.net
127.0.0.1 server.ipinsight.net
127.0.0.1 www.server.ipinsight.net
127.0.0.1 shanghai.3721.com
127.0.0.1 www.shanghai.3721.com
127.0.0.1 similarsingles.com
127.0.0.1 www.similarsingles.com
127.0.0.1 sina.3721.com
127.0.0.1 www.sina.3721.com
127.0.0.1 skins.hotbar.com
127.0.0.1 www.skins.hotbar.com
127.0.0.1 soap.alexa.com
127.0.0.1 www.soap.alexa.com
127.0.0.1 spapp.whenu.com
127.0.0.1 www.spapp.whenu.com
127.0.0.1 spawnet.com
127.0.0.1 www.spawnet.com
127.0.0.1 speedbar.myway.com
127.0.0.1 www.speedbar.myway.com
127.0.0.1 sputnik.vx2.cc
127.0.0.1 www.sputnik.vx2.cc
127.0.0.1 spweather.whenu.com
127.0.0.1 www.spweather.whenu.com
127.0.0.1 spweb.whenu.com
127.0.0.1 www.spweb.whenu.com
127.0.0.1 spywarehelp.net
127.0.0.1 www.spywarehelp.net
127.0.0.1 sqwire.com
127.0.0.1 www.sqwire.com
127.0.0.1 sqwire.i-lookup.com
127.0.0.1 www.sqwire.i-lookup.com
127.0.0.1 srch.lop.com
127.0.0.1 www.srch.lop.com
127.0.0.1 ss.gator.com
127.0.0.1 www.ss.gator.com
127.0.0.1 ssbackup.gator.com
127.0.0.1 www.ssbackup.gator.com
127.0.0.1 st.brilliantdigital.com
127.0.0.1 www.st.brilliantdigital.com
127.0.0.1 static.411web.com
127.0.0.1 www.static.411web.com
127.0.0.1 stop-popup-ads-now.com
127.0.0.1 www.stop-popup-ads-now.com
127.0.0.1 stubmon.ipinsight.net
127.0.0.1 www.stubmon.ipinsight.net
127.0.0.1 sue.lop.com
127.0.0.1 www.sue.lop.com
127.0.0.1 superwebsearch.com
127.0.0.1 www.superwebsearch.com
127.0.0.1 sysupdate.grandstreetinteractive.com
127.0.0.1 www.sysupdate.grandstreetinteractive.com
127.0.0.1 sysupdate.ieplugin.com
127.0.0.1 www.sysupdate.ieplugin.com
127.0.0.1 tdko.com
127.0.0.1 www.tdko.com
127.0.0.1 tdmy.com
127.0.0.1 www.tdmy.com
127.0.0.1 tefs.com
127.0.0.1 www.tefs.com
127.0.0.1 tfil.com
127.0.0.1 www.tfil.com
127.0.0.1 thinkingmedia.net
127.0.0.1 www.thinkingmedia.net
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.thinstall.abetterinternet.com
127.0.0.1 tin.whenu.com
127.0.0.1 www.tin.whenu.com
127.0.0.1 titanium.whenu.com
127.0.0.1 www.titanium.whenu.com
127.0.0.1 toolbar.i-lookup.com
127.0.0.1 www.toolbar.i-lookup.com
127.0.0.1 toolbar2.i-lookup.com
127.0.0.1 www.toolbar2.i-lookup.com
127.0.0.1 tooltips.hotbar.com
127.0.0.1 www.tooltips.hotbar.com
127.0.0.1 topicks.com
127.0.0.1 www.topicks.com
127.0.0.1 totalvelocity.com
127.0.0.1 www.totalvelocity.com
127.0.0.1 tpcms.topicks.com
127.0.0.1 www.tpcms.topicks.com
127.0.0.1 tpdownload.topicks.com
127.0.0.1 www.tpdownload.topicks.com
127.0.0.1 tpreport.topicks.com
127.0.0.1 www.tpreport.topicks.com
127.0.0.1 track.dlsearchbar.com
127.0.0.1 www.track.dlsearchbar.com
127.0.0.1 track.simpletraffic.com
127.0.0.1 www.track.simpletraffic.com
127.0.0.1 tracking.roispy.com
127.0.0.1 www.tracking.roispy.com
127.0.0.1 tracking.spiderbait.com
127.0.0.1 www.tracking.spiderbait.com
127.0.0.1 tracking.thunderdownloads.com
127.0.0.1 www.tracking.thunderdownloads.com
127.0.0.1 traffichog.com
127.0.0.1 www.traffichog.com
127.0.0.1 transctl-dev.vx2.cc
127.0.0.1 www.transctl-dev.vx2.cc
127.0.0.1 transctl.vx2.cc
127.0.0.1 www.transctl.vx2.cc
127.0.0.1 trickle.gator.com
127.0.0.1 www.trickle.gator.com
127.0.0.1 ts.altnet.com
127.0.0.1 www.ts.altnet.com
127.0.0.1 ts.gator.com
127.0.0.1 www.ts.gator.com
127.0.0.1 tss.altnet.com
127.0.0.1 www.tss.altnet.com
127.0.0.1 tv.180solutions.com
127.0.0.1 www.tv.180solutions.com
127.0.0.1 update.speedbit.com
127.0.0.1 www.update.speedbit.com
127.0.0.1 update.stop-popup-ads-now.com
127.0.0.1 www.update.stop-popup-ads-now.com
127.0.0.1 update.thunderdownloads.com
127.0.0.1 www.update.thunderdownloads.com
127.0.0.1 updates.desktop.ak-networks.com
127.0.0.1 www.updates.desktop.ak-networks.com
127.0.0.1 updates.desktop.virtumundo.com
127.0.0.1 www.updates.desktop.virtumundo.com
127.0.0.1 updates.hotbar.com
127.0.0.1 www.updates.hotbar.com
127.0.0.1 updateserver.gator.com
127.0.0.1 www.updateserver.gator.com
127.0.0.1 upgrades.hotbar.com
127.0.0.1 www.upgrades.hotbar.com
127.0.0.1 user.3721.com
127.0.0.1 www.user.3721.com
127.0.0.1 view.atdmt.com
127.0.0.1 www.view.atdmt.com
127.0.0.1 vip-farm1.hotbar.com
127.0.0.1 www.vip-farm1.hotbar.com
127.0.0.1 vip-farm1v.hotbar.com
127.0.0.1 www.vip-farm1v.hotbar.com
127.0.0.1 vip-farm2.hotbar.com
127.0.0.1 www.vip-farm2.hotbar.com
127.0.0.1 vip-farm2v.hotbar.com
127.0.0.1 www.vip-farm2v.hotbar.com
127.0.0.1 vip-farm31v.hotbar.com
127.0.0.1 www.vip-farm31v.hotbar.com
127.0.0.1 vip-farm5v.hotbar.com
127.0.0.1 www.vip-farm5v.hotbar.com
127.0.0.1 virtumundo.com
127.0.0.1 www.virtumundo.com
127.0.0.1 vlogic.ak-networks.com
127.0.0.1 www.vlogic.ak-networks.com
127.0.0.1 vmadmin.com
127.0.0.1 www.vmadmin.com
127.0.0.1 vrape.hardloved.com
127.0.0.1 www.vrape.hardloved.com
127.0.0.1 vtrack.virtumundo.com
127.0.0.1 www.vtrack.virtumundo.com
127.0.0.1 wap.3721.com
127.0.0.1 www.wap.3721.com
127.0.0.1 wb.gator.com
127.0.0.1 www.wb.gator.com
127.0.0.1 weather.gator.com
127.0.0.1 www.weather.gator.com
127.0.0.1 weather.whenu.com
127.0.0.1 www.weather.whenu.com
127.0.0.1 weather.whenu.speedera.net
127.0.0.1 www.weather.whenu.speedera.net
127.0.0.1 web.balance.gator.com
127.0.0.1 www.web.balance.gator.com
127.0.0.1 web.whenu.com
127.0.0.1 www.web.whenu.com
127.0.0.1 web.whenu.speedera.net
127.0.0.1 www.web.whenu.speedera.net
127.0.0.1 webpdp.gator.com
127.0.0.1 www.webpdp.gator.com
127.0.0.1 wfix.com
127.0.0.1 www.wfix.com
127.0.0.1 whenu-advertising-info.com
127.0.0.1 www.whenu-advertising-info.com
127.0.0.1 whenu-advertising.com
127.0.0.1 www.whenu-advertising.com
127.0.0.1 whenu-popup-ads.com
127.0.0.1 www.whenu-popup-ads.com
127.0.0.1 whenu.com
127.0.0.1 www.whenu.com
127.0.0.1 whenusearch.com
127.0.0.1 www.whenusearch.com
127.0.0.1 whenushop-advertising-central.com
127.0.0.1 www.whenushop-advertising-central.com
127.0.0.1 whenushop-pop-ads.com
127.0.0.1 www.whenushop-pop-ads.com
127.0.0.1 whenushop-space.com
127.0.0.1 www.whenushop-space.com
127.0.0.1 whenushop.whenu.com
127.0.0.1 www.whenushop.whenu.com
127.0.0.1 ww2.ieplugin.com
127.0.0.1 www.ww2.ieplugin.com
127.0.0.1 ww3.ieplugin.com
127.0.0.1 www.ww3.ieplugin.com
127.0.0.1 wwa.ieplugin.com
127.0.0.1 www.wwa.ieplugin.com
127.0.0.1 wwd.ieplugin.com
127.0.0.1 www.wwd.ieplugin.com
127.0.0.1 www.2004cms.com
127.0.0.1 2004cms.com
127.0.0.1 www.3721.com
127.0.0.1 3721.com
127.0.0.1 www.680180.net
127.0.0.1 680180.net
127.0.0.1 www.7metasearch.com
127.0.0.1 7metasearch.com
127.0.0.1 www.7search.com
127.0.0.1 7search.com
127.0.0.1 www.aadcom.com
127.0.0.1 aadcom.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.active-alert-server.com
127.0.0.1 active-alert-server.com
127.0.0.1 www.active-max.com
127.0.0.1 active-max.com
127.0.0.1 www.acustat.com
127.0.0.1 acustat.com
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.adroar.com
127.0.0.1 adroar.com
127.0.0.1 www.adtactics.com
127.0.0.1 adtactics.com
127.0.0.1 www.adtomi.com
127.0.0.1 adtomi.com
127.0.0.1 www.aimdolls.com
127.0.0.1 aimdolls.com
127.0.0.1 www.aimphuck.com
127.0.0.1 aimphuck.com
127.0.0.1 www.alexa.com
127.0.0.1 alexa.com
127.0.0.1 www.allaboutsearching.com
127.0.0.1 allaboutsearching.com
127.0.0.1 www.allhyperlinks.com
127.0.0.1 allhyperlinks.com
127.0.0.1 www.almightysearch.com
127.0.0.1 almightysearch.com
127.0.0.1 www.altnet.com
127.0.0.1 altnet.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 altnetp2p.com
127.0.0.1 www.amazingautossearch.com
127.0.0.1 amazingautossearch.com
127.0.0.1 www.amnv.net
127.0.0.1 amnv.net
127.0.0.1 www.at-games.com
127.0.0.1 at-games.com
127.0.0.1 www.avenuemedia.com
127.0.0.1 avenuemedia.com
127.0.0.1 www.b3d.com
127.0.0.1 b3d.com
127.0.0.1 www.bc777.com
127.0.0.1 bc777.com
127.0.0.1 www.bluehavenmedia.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 www.bns1.net
127.0.0.1 bns1.net
127.0.0.1 www.bns2.net
127.0.0.1 bns2.net
127.0.0.1 www.bonzi.com
127.0.0.1 bonzi.com
127.0.0.1 www.bonzibuddy.com
127.0.0.1 bonzibuddy.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 brilliantdigital.com
127.0.0.1 www.browsertoolbar.com
127.0.0.1 browsertoolbar.com
127.0.0.1 www.browserwise.com
127.0.0.1 browserwise.com
127.0.0.1 www.bulletproofsoft.com
127.0.0.1 bulletproofsoft.com
127.0.0.1 www.bundleware.com
127.0.0.1 bundleware.com
127.0.0.1 www.centralmedia.ws
127.0.0.1 centralmedia.ws
127.0.0.1 www.cleangetaway.biz
127.0.0.1 cleangetaway.biz
127.0.0.1 www.click2findnow.com
127.0.0.1 click2findnow.com
127.0.0.1 www.clickalchemy.com
127.0.0.1 clickalchemy.com
127.0.0.1 www.clicktracking.info
127.0.0.1 clicktracking.info
127.0.0.1 www.climaxbucks.com
127.0.0.1 climaxbucks.com
127.0.0.1 www.clock-sync.com
127.0.0.1 clock-sync.com
127.0.0.1 www.cms1.net
127.0.0.1 cms1.net
127.0.0.1 www.cms2.net
127.0.0.1 cms2.net
127.0.0.1 www.cocktailcash.com
127.0.0.1 cocktailcash.com
127.0.0.1 www.contexualsearch.com
127.0.0.1 contexualsearch.com
127.0.0.1 www.crap2.com
127.0.0.1 crap2.com
127.0.0.1 www.cydoor.com
127.0.0.1 cydoor.com
127.0.0.1 www.dashbar.com
127.0.0.1 dashbar.com
127.0.0.1 www.datastorm.biz
127.0.0.1 datastorm.biz
127.0.0.1 www.date-manager.com
127.0.0.1 date-manager.com
127.0.0.1 www.dialup2.com
127.0.0.1 dialup2.com
127.0.0.1 www.domain.i-lookup.com
127.0.0.1 domain.i-lookup.com
127.0.0.1 www.ebates.com
127.0.0.1 ebates.com
127.0.0.1 www.ecpm.com
127.0.0.1 ecpm.com
127.0.0.1 www.ez-searching.com
127.0.0.1 ez-searching.com
127.0.0.1 www.find-quick.com
127.0.0.1 find-quick.com
127.0.0.1 www.findology.com
127.0.0.1 findology.com
127.0.0.1 www.funwebproducts.com
127.0.0.1 funwebproducts.com
127.0.0.1 www.gator.com
127.0.0.1 gator.com
127.0.0.1 www.gatoradvertisinginformationnetwork.com
127.0.0.1 gatoradvertisinginformationnetwork.com
127.0.0.1 www.gatorcorporation.com
127.0.0.1 gatorcorporation.com
127.0.0.1 www.getweathercast.com
127.0.0.1 getweathercast.com
127.0.0.1 www.gigatechsoftware.com
127.0.0.1 gigatechsoftware.com
127.0.0.1 www.gonnasearch.com
127.0.0.1 gonnasearch.com
127.0.0.1 www.grandstreetinteractive.com
127.0.0.1 grandstreetinteractive.com
127.0.0.1 www.greasycow.com
127.0.0.1 greasycow.com
127.0.0.1 www.hotbar.com
127.0.0.1 hotbar.com
127.0.0.1 www.i-lookup.com
127.0.0.1 www.ieplugin.com
127.0.0.1 ieplugin.com
127.0.0.1 www.igetnet.com
127.0.0.1 igetnet.com
127.0.0.1 www.ignkeywords.com
127.0.0.1 ignkeywords.com
127.0.0.1 www.ignphrases.com
127.0.0.1 ignphrases.com
127.0.0.1 www.imbum.com
127.0.0.1 imbum.com
127.0.0.1 www.internet-optimizer.com
127.0.0.1 internet-optimizer.com
127.0.0.1 www.ipinsight.com
127.0.0.1 ipinsight.com
127.0.0.1 www.ipinsight.net
127.0.0.1 ipinsight.net
127.0.0.1 www.iwon.com
127.0.0.1 iwon.com
127.0.0.1 www.kazanon.com
127.0.0.1 kazanon.com
127.0.0.1 www.linkstoyou.com
127.0.0.1 linkstoyou.com
127.0.0.1 www.look-today.com
127.0.0.1 look-today.com
127.0.0.1 www.look2me.com
127.0.0.1 look2me.com
127.0.0.1 www.look2me1.com
127.0.0.1 look2me1.com
127.0.0.1 www.look2me2.com
127.0.0.1 look2me2.com
127.0.0.1 www.look2me4.com
127.0.0.1 look2me4.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.lop2.com
127.0.0.1 lop2.com
127.0.0.1 www.lovetraffic.com
127.0.0.1 lovetraffic.com
127.0.0.1 www.lunasearch.com
127.0.0.1 lunasearch.com
127.0.0.1 www.memorymeter.com
127.0.0.1 memorymeter.com
127.0.0.1 www.messagebroadcaster.net
127.0.0.1 messagebroadcaster.net
127.0.0.1 www.mindseti.com
127.0.0.1 mindseti.com
127.0.0.1 www.mindsetinteractive.com
127.0.0.1 mindsetinteractive.com
127.0.0.1 www.movies-etc.com
127.0.0.1 movies-etc.com
127.0.0.1 www.mp3search.com
127.0.0.1 mp3search.com
127.0.0.1 www.msview.cc
127.0.0.1 msview.cc
127.0.0.1 www.mx-targeting.com
127.0.0.1 mx-targeting.com
127.0.0.1 www.mypanicbutton.com
127.0.0.1 mypanicbutton.com
127.0.0.1 www.mypctuneup.com
127.0.0.1 mypctuneup.com
127.0.0.1 www.mysearch.com
127.0.0.1 mysearch.com
127.0.0.1 www.mysearchnow.com
127.0.0.1 mysearchnow.com
127.0.0.1 www.mywebsearch.com
127.0.0.1 mywebsearch.com
127.0.0.1 www.netpalnow.com
127.0.0.1 netpalnow.com
127.0.0.1 www.netpaloffers.net
127.0.0.1 netpaloffers.net
127.0.0.1 www.netsearchsoft.com
127.0.0.1 netsearchsoft.com
127.0.0.1 www.newtonknows.com
127.0.0.1 newtonknows.com
127.0.0.1 www.nictechnetworks.com
127.0.0.1 nictechnetworks.com
127.0.0.1 www.no-pops.com
127.0.0.1 no-pops.com
127.0.0.1 www.nopop.net
127.0.0.1 nopop.net
127.0.0.1 www.nuker.com
127.0.0.1 nuker.com
127.0.0.1 www.odysseusmarketing.com
127.0.0.1 odysseusmarketing.com
127.0.0.1 www.offercompanion.com
127.0.0.1 offercompanion.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 offeroptimizer.com
127.0.0.1 www.omegasearch.com
127.0.0.1 omegasearch.com
127.0.0.1 www.omi-update.net
127.0.0.1 omi-update.net
127.0.0.1 www.pay-per-search.com
127.0.0.1 pay-per-search.com
127.0.0.1 www.payperranking.com
127.0.0.1 payperranking.com
127.0.0.1 www.plugusin4cash.com
127.0.0.1 plugusin4cash.com
127.0.0.1 www.precision-time.com
127.0.0.1 precision-time.com
127.0.0.1 www.pricebandit.com
127.0.0.1 pricebandit.com
127.0.0.1 www.prosearching.com
127.0.0.1 prosearching.com
127.0.0.1 www.qcksearch.com
127.0.0.1 qcksearch.com
127.0.0.1 www.resultsmaster.com
127.0.0.1 resultsmaster.com
127.0.0.1 www.rgs1.net
127.0.0.1 rgs1.net
127.0.0.1 www.rgs2.net
127.0.0.1 rgs2.net
127.0.0.1 www.roispy.com
127.0.0.1 roispy.com
127.0.0.1 www.rspsearch.com
127.0.0.1 rspsearch.com
127.0.0.1 www.rub.to
127.0.0.1 rub.to
127.0.0.1 www.sbvr.com
127.0.0.1 sbvr.com
127.0.0.1 www.search200.com
127.0.0.1 search200.com
127.0.0.1 www.searchassistant.net
127.0.0.1 searchassistant.net
127.0.0.1 www.searchexe.com
127.0.0.1 searchexe.com
127.0.0.1 www.searchscout.com
127.0.0.1 searchscout.com
127.0.0.1 www.searchweb2.com
127.0.0.1 searchweb2.com
127.0.0.1 www.similarsingles.com
127.0.0.1 similarsingles.com
127.0.0.1 www.spawnet.com
127.0.0.1 spawnet.com
127.0.0.1 www.spiderbait.com
127.0.0.1 spiderbait.com
127.0.0.1 www.spywarehelp.net
127.0.0.1 spywarehelp.net
127.0.0.1 www.spywarenuker.com
127.0.0.1 spywarenuker.com
127.0.0.1 www.srv2cpt.com
127.0.0.1 srv2cpt.com
127.0.0.1 www.stop-popup-ads-now.com
127.0.0.1 stop-popup-ads-now.com
127.0.0.1 www.tdko.com
127.0.0.1 tdko.com
127.0.0.1 www.tfil.com
127.0.0.1 tfil.com
127.0.0.1 www.tgcsearch.com
127.0.0.1 tgcsearch.com
127.0.0.1 www.thinkingmedia.net
127.0.0.1 thinkingmedia.net
127.0.0.1 www.topicks.com
127.0.0.1 topicks.com
127.0.0.1 www.totalvelocity.com
127.0.0.1 totalvelocity.com
127.0.0.1 www.tps108.org
127.0.0.1 tps108.org
127.0.0.1 www.trekblue.com
127.0.0.1 trekblue.com
127.0.0.1 www.twain-tech.com
127.0.0.1 twain-tech.com
127.0.0.1 www.unitedvending.net
127.0.0.1 unitedvending.net
127.0.0.1 www.virtumundo.com
127.0.0.1 virtumundo.com
127.0.0.1 www.vx2.cc
127.0.0.1 vx2.cc
127.0.0.1 www.weatherscope.com
127.0.0.1 weatherscope.com
127.0.0.1 www.websecurealert.com
127.0.0.1 websecurealert.com
127.0.0.1 www.whenu.com
127.0.0.1 whenu.com
127.0.0.1 www.whenu.com.edgesuite.net
127.0.0.1 whenu.com.edgesuite.net
127.0.0.1 www.whenusearch.com
127.0.0.1 whenusearch.com
127.0.0.1 www.whenushop.com
127.0.0.1 whenushop.com
127.0.0.1 www.world-portal.com
127.0.0.1 world-portal.com
127.0.0.1 www.yoogee.com
127.0.0.1 yoogee.com
127.0.0.1 www.zestyfind.com
127.0.0.1 zestyfind.com
127.0.0.1 www.zsearchtoolbar.com
127.0.0.1 zsearchtoolbar.com
127.0.0.1 www1.iwon.com
127.0.0.1 www.www1.iwon.com
127.0.0.1 www1.lop.com
127.0.0.1 www.www1.lop.com
127.0.0.1 www2.browsertoolbar.com
127.0.0.1 www.www2.browsertoolbar.com
127.0.0.1 www2.i-lookup.com
127.0.0.1 www.www2.i-lookup.com
127.0.0.1 xads.offeroptimizer.com
127.0.0.1 www.xads.offeroptimizer.com
127.0.0.1 xadso.offeroptimizer.com
127.0.0.1 www.xadso.offeroptimizer.com
127.0.0.1 xadsq.offeroptimizer.com
127.0.0.1 www.xadsq.offeroptimizer.com
127.0.0.1 xadx.offeroptimizer.com
127.0.0.1 www.xadx.offeroptimizer.com
127.0.0.1 xbs.climaxbucks.com
127.0.0.1 www.xbs.climaxbucks.com
127.0.0.1 xbs.cocktailcash.com
127.0.0.1 www.xbs.cocktailcash.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 www.ximages.offeroptimizer.com
127.0.0.1 xjupiter.com
127.0.0.1 www.xjupiter.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 www.xlime.offeroptimizer.com
127.0.0.1 xml.411web.com
127.0.0.1 www.xml.411web.com
127.0.0.1 xmlsearch.balance.gator.com
127.0.0.1 www.xmlsearch.balance.gator.com
127.0.0.1 xmlsearch.gator.com
127.0.0.1 www.xmlsearch.gator.com
127.0.0.1 yahoo.3721.com
127.0.0.1 www.yahoo.3721.com
127.0.0.1 yoogee.com
127.0.0.1 www.yoogee.com
127.0.0.1 z1.vx2.cc
127.0.0.1 www.z1.vx2.cc
127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
127.0.0.1 zinc.whenu.com
127.0.0.1 www.zinc.whenu.com
127.0.0.1 zsearchtoolbar.com
127.0.0.1 www.zsearchtoolbar.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:31, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Richard Port\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: mcodbc - C:\WINDOWS\system\mcodbc.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8669 bytes

 

[ken545]

Run Malwarebytes in Safemode.

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

 

[imblindio]

Hi - it won't even let me run it in safe mode. Again it is in the task manager as a process but nothing is happening...

Don't know if it helps but when i tried to run the HijackThis installer that wouldn't run either, but when I downloaded the .exe file and ran it, without installing, that seemed to work. Is there any equivalent for malwarebtyes without having to run the installer first?

Thanks again, Rich

 

[ken545]

Try this.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[imblindio]

sorry, i'm afraid that combofix would not run either, even in safe mode.

seems i've caught a right bugger here...:sad:

 

[ken545]

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"


C:\Program Files\SpamBlockerUtility<--Delete this folder

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

 

[imblindio]

a (little) success on this one!

Did the two fixes in HijackThis.

I couldn't locate the folder C:\Program Files\SpamBlockerUtility, even when searching and looking for hidden files/folders. However, under my wife's profile there is a file called 'SpamBlocker.mlpx' and then 35 more files named:

'SpamBlocker.mlpof0'
'SpamBlocker.mlpof2'
'SpamBlocker.mlpof4'
'SpamBlocker.mlpof5'
etc, up to 'SpamBlocker.mlpof47'

These are located in C:\Documents and Settings\Sarah Port\Local Settings\Temp\em2580. Should I try and delete these (I have not done so yet)?

Finally I was able to run RSIT.exe even in normal mode, and the two files it created are now attached as requested.

Thanks again!

 

[imblindio]

log.txt
---------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Richard Port at 2008-12-11 07:21:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 73 GB (49%) free of 149 GB
Total RAM: 510 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:21:55, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Richard Port\Desktop\RSIT.exe
C:\Documents and Settings\Richard Port\Desktop\Richard Port.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: mcodbc - C:\WINDOWS\system\mcodbc.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8593 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-10-24 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"trioService"=C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-11 95536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcodbc]
C:\WINDOWS\system\mcodbc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Documents and Settings\Richard Port\My Documents\utorrent.exe"="C:\Documents and Settings\Richard Port\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-11 07:21:53 ----D---- C:\rsit
2008-12-09 21:59:00 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-09 21:57:15 ----A---- C:\rapport.txt
2008-12-02 23:41:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-02 10:51:51 ----D---- C:\Program Files\Lavasoft
2008-12-02 10:51:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-02 10:50:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-29 23:10:47 ----D---- C:\Program Files\Safer Networking
2008-11-27 23:02:19 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-14 00:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 00:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 00:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-11 07:18:49 ----D---- C:\WINDOWS\Temp
2008-12-11 07:15:06 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2008-12-10 22:55:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 22:05:40 ----D---- C:\WINDOWS\SYSTEM32
2008-12-03 17:55:56 ----D---- C:\WINDOWS\Prefetch
2008-12-02 23:41:13 ----D---- C:\WINDOWS
2008-12-02 10:52:22 ----SHD---- C:\WINDOWS\Installer
2008-12-02 10:51:51 ----RD---- C:\Program Files
2008-12-02 10:51:51 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-02 10:50:54 ----D---- C:\Program Files\Common Files
2008-11-29 10:32:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 21:10:33 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-28 17:42:53 ----D---- C:\Program Files\Google
2008-11-27 23:15:41 ----D---- C:\Program Files\WPM_Monitor
2008-11-27 23:13:50 ----SD---- C:\Documents and Settings\Richard Port\Application Data\Microsoft
2008-11-27 23:13:50 ----RSD---- C:\WINDOWS\ASSEMBLY
2008-11-27 23:13:34 ----D---- C:\Program Files\Real
2008-11-27 23:13:34 ----D---- C:\Program Files\Common Files\Real
2008-11-27 23:11:00 ----A---- C:\WINDOWS\WIN.INI
2008-11-27 23:10:25 ----D---- C:\Program Files\InterActual
2008-11-27 23:09:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 23:09:08 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-27 23:07:16 ----D---- C:\Program Files\FinePixViewer
2008-11-27 23:05:19 ----HD---- C:\WINDOWS\INF
2008-11-27 23:05:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-27 23:03:37 ----D---- C:\Program Files\Common Files\Apple
2008-11-27 23:02:11 ----D---- C:\Program Files\Adobe
2008-11-27 23:01:24 ----D---- C:\Documents and Settings\Richard Port\Application Data\Adobe
2008-11-27 23:00:18 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-27 19:34:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-26 23:10:01 ----D---- C:\Documents and Settings\Richard Port\Application Data\uTorrent
2008-11-19 19:26:28 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-18 22:04:17 ----D---- C:\WINDOWS\Help
2008-11-14 00:07:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 00:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 00:05:25 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys []
S3 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys []
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

 

[imblindio]

info.txt
-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Richard Port at 2008-12-11 07:21:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 73 GB (49%) free of 149 GB
Total RAM: 510 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:21:55, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Richard Port\Desktop\RSIT.exe
C:\Documents and Settings\Richard Port\Desktop\Richard Port.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: mcodbc - C:\WINDOWS\system\mcodbc.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8593 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-10-24 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"trioService"=C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-11 95536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcodbc]
C:\WINDOWS\system\mcodbc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Documents and Settings\Richard Port\My Documents\utorrent.exe"="C:\Documents and Settings\Richard Port\My Documents\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-11 07:21:53 ----D---- C:\rsit
2008-12-09 21:59:00 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-09 21:57:15 ----A---- C:\rapport.txt
2008-12-02 23:41:13 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-02 10:51:51 ----D---- C:\Program Files\Lavasoft
2008-12-02 10:51:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-02 10:50:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-29 23:10:47 ----D---- C:\Program Files\Safer Networking
2008-11-27 23:02:19 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-14 00:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 00:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 00:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-11 07:18:49 ----D---- C:\WINDOWS\Temp
2008-12-11 07:15:06 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2008-12-10 22:55:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 22:05:40 ----D---- C:\WINDOWS\SYSTEM32
2008-12-03 17:55:56 ----D---- C:\WINDOWS\Prefetch
2008-12-02 23:41:13 ----D---- C:\WINDOWS
2008-12-02 10:52:22 ----SHD---- C:\WINDOWS\Installer
2008-12-02 10:51:51 ----RD---- C:\Program Files
2008-12-02 10:51:51 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-02 10:50:54 ----D---- C:\Program Files\Common Files
2008-11-29 10:32:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 21:10:33 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-28 17:42:53 ----D---- C:\Program Files\Google
2008-11-27 23:15:41 ----D---- C:\Program Files\WPM_Monitor
2008-11-27 23:13:50 ----SD---- C:\Documents and Settings\Richard Port\Application Data\Microsoft
2008-11-27 23:13:50 ----RSD---- C:\WINDOWS\ASSEMBLY
2008-11-27 23:13:34 ----D---- C:\Program Files\Real
2008-11-27 23:13:34 ----D---- C:\Program Files\Common Files\Real
2008-11-27 23:11:00 ----A---- C:\WINDOWS\WIN.INI
2008-11-27 23:10:25 ----D---- C:\Program Files\InterActual
2008-11-27 23:09:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 23:09:08 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-27 23:07:16 ----D---- C:\Program Files\FinePixViewer
2008-11-27 23:05:19 ----HD---- C:\WINDOWS\INF
2008-11-27 23:05:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-27 23:03:37 ----D---- C:\Program Files\Common Files\Apple
2008-11-27 23:02:11 ----D---- C:\Program Files\Adobe
2008-11-27 23:01:24 ----D---- C:\Documents and Settings\Richard Port\Application Data\Adobe
2008-11-27 23:00:18 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-27 19:34:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-26 23:10:01 ----D---- C:\Documents and Settings\Richard Port\Application Data\uTorrent
2008-11-19 19:26:28 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-18 22:04:17 ----D---- C:\WINDOWS\Help
2008-11-14 00:07:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 00:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 00:05:25 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys []
S3 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys []
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

 

[ken545]

Hi,

C:\Documents and Settings\Sarah Port\Local Settings\Temp <---Delete everything in the temp folder BUT NOT THE TEMP FOLDER ITSELF

Remove this with HJT
O20 - Winlogon Notify: mcodbc - C:\WINDOWS\system\mcodbc.dll (file missing)

I am looking over your RSIT log, be back in a bit

 

[imblindio]

thanks - have done both of these

 

[ken545]

Post a new HJT log and let me know how things are running now??

 

[imblindio]

Hi - thanks for all your continued help but unfortunately the original symptons are all still there:-

Can't update virus definitions
Can't update spyware definitions
Can't reinstall Spybot
Can't connect to anti-spyware sites (e.g. these forums and Lavasoft.com)

The latest HJT log is as follows...

-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:31, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Richard Port\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 8617 bytes

 

[ken545]

Good Morning,

This tool needs to be run from Safemode to be effective so download it to your desktop then boot to Safemode to run it

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

[imblindio]

once again the file will not run i'm afraid, even in safe mode...:sad:

 

[ken545]

Lets reset your hosts file, you can download this tool to a known clean computer and transfer it to the infected one.

Download the HostsXpert 4.2.0.0. - Hosts File Manager.

• Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then lets try doing a free online Virus scan

Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

 

[imblindio]

hello. i was able to rest the hosts, but when I went to do the online scan it wouldn't let me connect to the website - it kept bumping me to other random sites.

 

[ken545]

See if you can run either or both of these tools, they won't remove any thing but I need to see the reports

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.





BlackLight – Rootkit Detection and Elimination Tool <-- Its on the Bottom of page

Download Blacklight to your desktop.

• Download the Blacklight Beta graphical user interface version
• Double-click blbeta.exe
• Then accept the agreement
• Click > scan then > next
• You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
• Copy and paste this log in your next reply.
• Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"