ultimate defender problems

V

verram

New member
I got the desktop background changed, popups telling me my system is infected and ads for ultimate defender among other things. I have to continue the hijackthis log in another post because it is too long.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:02 PM, on 10/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B19F2E-09BC-47CF-A709-13B50B4620FC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {359F6495-6D24-4B75-8D8C-95F2DD94A24E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrdkq.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - (no file)
O2 - BHO: (no name) - {A9150711-B448-4878-9AF7-68C82CAD8000} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {AC9CEDCC-7F9F-48E9-B9C1-1FA7962A73C1} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {AF1BA546-A930-43E8-863D-9D39B1E6F976} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {B5F3970B-745E-46AC-B890-E08F69777D80} - (no file)
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O2 - BHO: (no name) - {C2365BA4-8E86-49F8-9C15-DA6600D3D79E} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {C347A0AC-42B4-4E3E-9867-2412512A3D24} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {C561ABA5-B6A0-46D9-9ECC-2F6F08D48824} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CDA7FABE-7142-4004-845E-8AA884E529A8} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {D36E8104-E529-4A76-9DE9-0BC52F11C8D0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {E8808CC7-CE3E-4FC7-A0B2-65DCB8F91ABF} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {ED182F32-4A69-4F63-B894-B69022344DAD} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O2 - BHO: (no name) - {FA67E157-C26C-4019-B3C8-BE9FE91B226A} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {C109664B-CEB1-420b-B353-D55A561536DD} - (no file)
O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebScan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [lxbfrd] C:\WINDOWS\System32\vtlgqw.exe
O4 - HKLM\..\Run: [hnvy] C:\WINDOWS\System32\ichop.exe
O4 - HKLM\..\Run: [uykkyrz] C:\WINDOWS\System32\qfqgwyt.exe
O4 - HKLM\..\Run: [kwnh] C:\WINDOWS\System32\oegczuz.exe
O4 - HKLM\..\Run: [dfie] C:\WINDOWS\System32\cvpixdeu.exe
O4 - HKLM\..\Run: [nnlxvoy] C:\WINDOWS\System32\equsyw.exe
O4 - HKLM\..\Run: [cksob] C:\WINDOWS\System32\rlpdhsh.exe
O4 - HKLM\..\Run: [yaormqa] C:\WINDOWS\System32\qesjc.exe
O4 - HKLM\..\Run: [gqiuyx] C:\WINDOWS\System32\khlasjm.exe
O4 - HKLM\..\Run: [wwsyy] C:\WINDOWS\System32\gquncixs.exe
O4 - HKLM\..\Run: [vyhv] C:\WINDOWS\System32\dhsiwdeh.exe
O4 - HKLM\..\Run: [iukl] C:\WINDOWS\System32\fsmgq.exe
O4 - HKLM\..\Run: [wlhwdp] C:\WINDOWS\System32\rctwlkcf.exe
O4 - HKLM\..\Run: [ljat] C:\WINDOWS\System32\reorhqq.exe
O4 - HKLM\..\Run: [bdzr] C:\WINDOWS\System32\chtkh.exe
O4 - HKLM\..\Run: [yeue] C:\WINDOWS\System32\xitvso.exe
O4 - HKLM\..\Run: [gkprgs] C:\WINDOWS\System32\reeytzt.exe
O4 - HKLM\..\Run: [zxeor] C:\WINDOWS\System32\bhswnk.exe
O4 - HKLM\..\Run: [zuybvka] C:\WINDOWS\System32\wdkzhue.exe
O4 - HKLM\..\Run: [zgbjs] C:\WINDOWS\System32\dmnplb.exe
O4 - HKLM\..\Run: [ebujbxl] C:\WINDOWS\System32\fgsam.exe
O4 - HKLM\..\Run: [sqhxjnwf] C:\WINDOWS\System32\qtpqsqz.exe
O4 - HKLM\..\Run: [grow] C:\WINDOWS\System32\cpitubvt.exe
O4 - HKLM\..\Run: [zaapllqc] C:\WINDOWS\System32\xmdcppxr.exe
O4 - HKLM\..\Run: [sugqy] C:\WINDOWS\System32\osppozy.exe
O4 - HKLM\..\Run: [qaqrxgv] C:\WINDOWS\System32\oqltbu.exe
O4 - HKLM\..\Run: [nrroyj] C:\WINDOWS\System32\qlzl.exe
O4 - HKLM\..\Run: [gtpg] C:\WINDOWS\System32\lfqwa.exe
O4 - HKLM\..\Run: [oimchl] C:\WINDOWS\System32\oivhbjru.exe
O4 - HKLM\..\Run: [awqxd] C:\WINDOWS\System32\saywi.exe
O4 - HKLM\..\Run: [mdptsz] C:\WINDOWS\System32\bygltvcz.exe
O4 - HKLM\..\Run: [kfmit] C:\WINDOWS\System32\ypdgoqio.exe
O4 - HKLM\..\Run: [abvfahbu] C:\WINDOWS\System32\wzuhybb.exe
O4 - HKLM\..\Run: [cxridkkg] C:\WINDOWS\System32\okzivf.exe
O4 - HKLM\..\Run: [peyxtc] C:\WINDOWS\System32\hgqiwxbw.exe
O4 - HKLM\..\Run: [exwdz] C:\WINDOWS\System32\jjvbxpu.exe
O4 - HKLM\..\Run: [qvwlyhn] C:\WINDOWS\System32\zjnbo.exe
O4 - HKLM\..\Run: [btymsm] C:\WINDOWS\System32\gmuemk.exe
O4 - HKLM\..\Run: [gdtve] C:\WINDOWS\System32\wsilhs.exe
O4 - HKLM\..\Run: [dhhsja] C:\WINDOWS\System32\oezkcyu.exe
O4 - HKLM\..\Run: [jmtuik] C:\WINDOWS\System32\kjwdz.exe
O4 - HKLM\..\Run: [capcli] C:\WINDOWS\System32\vdcwactf.exe
O4 - HKLM\..\Run: [mwaqv] C:\WINDOWS\System32\eqcxjoqw.exe
O4 - HKLM\..\Run: [nafv] C:\WINDOWS\System32\admwgfnb.exe
O4 - HKLM\..\Run: [rbjri] C:\WINDOWS\System32\dctkolj.exe
O4 - HKLM\..\Run: [uofjbwt] C:\WINDOWS\System32\fwzcp.exe
O4 - HKLM\..\Run: [rjmzvp] c:\windows\system32\rjmzvp.exe
O4 - HKLM\..\Run: [juoob] C:\WINDOWS\System32\rcexejtt.exe
O4 - HKLM\..\Run: [ufrms] C:\WINDOWS\System32\bxjpfc.exe
O4 - HKLM\..\Run: [cwnb] C:\WINDOWS\System32\pkxz.exe
O4 - HKLM\..\Run: [biynop] C:\WINDOWS\System32\rjwfyxh.exe
O4 - HKLM\..\Run: [gvnb] C:\WINDOWS\System32\kgyyjvq.exe
O4 - HKLM\..\Run: [bzafkzh] C:\WINDOWS\System32\ubpf.exe
O4 - HKLM\..\Run: [pyzt] C:\WINDOWS\System32\tvrfg.exe
O4 - HKLM\..\Run: [xghgws] C:\WINDOWS\System32\bzyzezf.exe
O4 - HKLM\..\Run: [szlw] C:\WINDOWS\System32\nxld.exe
O4 - HKLM\..\Run: [wnau] C:\WINDOWS\System32\knjz.exe
O4 - HKLM\..\Run: [iyqpys] C:\WINDOWS\System32\llkg.exe
O4 - HKLM\..\Run: [xjllnegx] C:\WINDOWS\System32\mcccoor.exe
O4 - HKLM\..\Run: [ojyv] C:\WINDOWS\System32\noxmhj.exe
O4 - HKLM\..\Run: [cccwy] C:\WINDOWS\System32\cdkj.exe
O4 - HKLM\..\Run: [cgbpczf] C:\WINDOWS\System32\udbslo.exe
O4 - HKLM\..\Run: [wilskamx] C:\WINDOWS\System32\bbjwck.exe
O4 - HKLM\..\Run: [bcung] C:\WINDOWS\System32\oythwvar.exe
O4 - HKLM\..\Run: [swyws] C:\WINDOWS\System32\yarvm.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [ajpylew] C:\WINDOWS\System32\jjuvp.exe
O4 - HKLM\..\Run: [eehku] C:\WINDOWS\System32\bvsvwy.exe
O4 - HKLM\..\Run: [cqkg] C:\WINDOWS\System32\hjree.exe
O4 - HKLM\..\Run: [ylfrzafc] C:\WINDOWS\System32\lkwdw.exe
O4 - HKLM\..\Run: [kuclsrh] C:\WINDOWS\System32\adha.exe
O4 - HKLM\..\Run: [xymr] C:\WINDOWS\System32\hwkoxfl.exe
O4 - HKLM\..\Run: [knprbopo] C:\WINDOWS\System32\jecfw.exe
O4 - HKLM\..\Run: [pfoc] C:\WINDOWS\System32\tzseszm.exe
O4 - HKLM\..\Run: [pebljl] C:\WINDOWS\System32\ifcgzlni.exe
O4 - HKLM\..\Run: [hlrsyqa] C:\WINDOWS\System32\tjlkgyj.exe
O4 - HKLM\..\Run: [ulvtjx] C:\WINDOWS\System32\elrvh.exe
O4 - HKLM\..\Run: [smfcyruv] C:\WINDOWS\System32\sftndqtz.exe
O4 - HKLM\..\Run: [vdtb] C:\WINDOWS\System32\lzuuu.exe
O4 - HKLM\..\Run: [lixstrl] C:\WINDOWS\System32\ytbh.exe
O4 - HKLM\..\Run: [spzjmny] C:\WINDOWS\System32\nlomxp.exe
O4 - HKLM\..\Run: [dxjsfdn] C:\WINDOWS\System32\vdst.exe
O4 - HKLM\..\Run: [hbyxbz] C:\WINDOWS\System32\lzmo.exe
O4 - HKLM\..\Run: [ayyfrht] C:\WINDOWS\System32\tkrl.exe
O4 - HKLM\..\Run: [uhhrkzvm] C:\WINDOWS\System32\ogkodk.exe
O4 - HKLM\..\Run: [dlwhoh] C:\WINDOWS\System32\hqzaxcr.exe
O4 - HKLM\..\Run: [friaba] C:\WINDOWS\System32\cfnstj.exe
O4 - HKLM\..\Run: [jhqmbd] C:\WINDOWS\System32\qbcin.exe
O4 - HKLM\..\Run: [utqiz] C:\WINDOWS\System32\bdhbobui.exe
O4 - HKLM\..\Run: [tncsm] C:\WINDOWS\System32\vwneg.exe
O4 - HKLM\..\Run: [vflrjgsg] C:\WINDOWS\System32\oqfgxs.exe
O4 - HKLM\..\Run: [sdjt] C:\WINDOWS\System32\lgdbzv.exe
O4 - HKLM\..\Run: [iitg] C:\WINDOWS\System32\uklrvc.exe
O4 - HKLM\..\Run: [fgrikz] C:\WINDOWS\System32\rajnqy.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [stlaaymn] C:\WINDOWS\System32\zyfjw.exe
O4 - HKLM\..\Run: [ldnz] C:\WINDOWS\System32\bakt.exe
O4 - HKLM\..\Run: [qorpkjxv] C:\WINDOWS\System32\hwwhgj.exe
O4 - HKLM\..\Run: [jxfhrhxk] C:\WINDOWS\System32\xtqwgrjw.exe
O4 - HKLM\..\Run: [vzcd] C:\WINDOWS\System32\aygmwydh.exe
O4 - HKLM\..\Run: [fgeonihv] C:\WINDOWS\System32\glybj.exe
O4 - HKLM\..\Run: [ofxaupfs] C:\WINDOWS\System32\thieldi.exe
O4 - HKLM\..\Run: [ajctdbws] C:\WINDOWS\System32\fyffwrie.exe
O4 - HKLM\..\Run: [aneglun] C:\WINDOWS\System32\kwvu.exe
O4 - HKLM\..\Run: [dtbw] C:\WINDOWS\System32\hvtq.exe
O4 - HKLM\..\Run: [fhsgj] C:\WINDOWS\System32\xxkwspa.exe
O4 - HKLM\..\Run: [dfudgnut] C:\WINDOWS\System32\vvisnsg.exe
O4 - HKLM\..\Run: [vqzwgvil] C:\WINDOWS\System32\xmmyupib.exe
O4 - HKLM\..\Run: [yyhvi] C:\WINDOWS\System32\myba.exe
O4 - HKLM\..\Run: [vzrzzi] C:\WINDOWS\System32\qawlrigr.exe
O4 - HKLM\..\Run: [swyph] C:\WINDOWS\System32\xmdo.exe
O4 - HKLM\..\Run: [wylmsn] C:\WINDOWS\System32\jjeeqqr.exe
O4 - HKLM\..\Run: [bngyo] C:\WINDOWS\System32\wfxh.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zhqyqu] C:\WINDOWS\System32\hhovkgv.exe r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
 
continued

the rest of the hijackthis og, also the kaspersky log is too long to fit and the guide said not to post more than twice.

O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe"] C:\WINDOWS\tulrdfur.exe
O4 - HKLM\..\Run: [}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe"] C:\WINDOWS\tulrdfur.exe
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [iqiz] C:\PROGRA~1\COMMON~1\iqiz\iqizm.exe
O4 - HKCU\..\Run: [Tgatngd] C:\Documents and Settings\Jesse\Application Data\?racle\w?wexec.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adextension.com
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.gimmycash.com
O15 - Trusted Zone: *.gimmysmileys.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.proben.nu
O15 - Trusted Zone: *.snet.ms
O15 - Trusted Zone: *.snet.tc
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.yoursitebar.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: *.adextension.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.proben.nu (HKLM)
O15 - Trusted Zone: *.snet.ms (HKLM)
O15 - Trusted Zone: *.snet.tc (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.zango.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177413760234
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: dvdabr - C:\WINDOWS\inf\dvdabr.dll (file missing)
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O21 - SSODL: msvb - {C66ACD7D-AC93-490F-B05E-C0E7FC89E418} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {099FABF5-744E-4A87-B5D8-2E360EA78C9D} - C:\WINDOWS\sysdx.dll
O22 - SharedTaskScheduler: (no name) - {C569B8DA-D929-4c57-9ADD-C071C13C1FAD} - (no file)
O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 25704 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are badly infected so do not expect this to be either fast or easy. I would like you to keep this computer offline until I tell you it is clean except when troubleshooting. You may quickly check email but DO NOT open attachments or email you do not know who is from.

If this works for you, please start like this:

http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post ONLY the C:\rapport.txt and keep in mind I am in EST.

Thanks
 
I tried to do this and all that happens is that the command prompt window opens and says something for like half a second and then closes. I tried it a ot of times and it won't work. Is there something else I can do or something to get it to work?
 
Understand this fix is used all over the world and many, many times daily. My guess is that McAfee is blocking part of the download, which is the reason for this information I posted:

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

We have a difficult cleanup on our hands here and the first instruction is not one we should allow not to work. Here are the files that should be in the Smitfraudfix folder:
http://siri.urz.free.fr/Fix/Bitmaps/Folder.png

If any is missing from the download you made, delete the download completely and start again.
Try turning off McAfee while you make the download, then turn it back on. Check to make sure all of the files are there and proceed again with the posted directions. This is only the first step in a complex cleanup. The alternative would be a reformat:

http://spyware-free.us/tutorials/reformat/
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html
http://helpdesk.its.uiowa.edu/windows/instructions/reformat.htm

Thanks
 
the only one that isn't in the folder is download.exe, there are a few others that are in the folder but not in the picture. The same things were in the folder before and after the new download with mcafee off. I tried redownloading a few times and none of them are working.
 
First remove all Smitfraudfix you have downloaded.

Use this executable: http://siri.urz.free.fr/Fix/SmitfraudFix.exe
save it to the Desktop and make sure you allow everything if you get notifications about pups or scripts for this program. Once you have it installed and running, then follow the directions:

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Post ONLY the C:\rapport.txt

Thanks
 
It is doing the same thing as before. It opens the command window for half a second and then closes. I have tried downloading it a bunch of times with all the things off and it won't work. I don't know what to do.
 
I don't either and it is not a good sign to start this way. Did you review the reformat option?

Remove Smitfraufix from your computer.

Thanks to sUBs and anyone else who helped with this fix.

Please read and follow all directions with extreme care.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thanks
 
I ran combofix and while it was running I took a shower. When I came bak I'm not sure what happened but the screen just showed my background and nothing else, so I rebooted and the popups and infection warnings were gone and I was able to run smitfraudfix so here is the rapport.txt

SmitFraudFix v2.240

Scan done at 16:37:57.54, 2007-10-13
Run from C:\Documents and Settings\Jesse\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cmd.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jesse


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jesse\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jesse\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}"="8OJ"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdkxv.exe"

kdkxv.exe detected !


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 208.67.220.220
DNS Server Search Order: 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB2E44C6-7F87-40CA-A5B9-991457698368}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB2E44C6-7F87-40CA-A5B9-991457698368}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB2E44C6-7F87-40CA-A5B9-991457698368}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
I ran combofix and while it was running I took a shower
Click to expand...

Post the Log from Combofix now

http://siri.geekstogo.com/SmitfraudFix.php <<< tutorial if needed

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Post the C:\rapport.txt and a new HJT log

Thanks
 
I can't find a combofix report. If you want it, where would I find it? Here is rapport.txt and a new HJT log

SmitFraudFix v2.240

Scan done at 18:02:46.53, 2007-10-13
Run from C:\Documents and Settings\Jesse\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}"="¨#J"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


216.93.168.167 sitefinder.verisign.com



127.0.0.1 1ad2srvr-cpt-v1.com
127.0.0.1 www.1ad2srvr-cpt-v1.com
127.0.0.1 207-182-237-233.visionaire-us.com
127.0.0.1 www.207-182-237-233.visionaire-us.com
127.0.0.1 3721.com
127.0.0.1 www.3721.com
127.0.0.1 680180.net
127.0.0.1 www.680180.net
127.0.0.1 7search.com
127.0.0.1 www.7search.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 www.ad.doubleclick.net
127.0.0.1 adserv.internetfuel.com
127.0.0.1 www.adserv.internetfuel.com
127.0.0.1 akapp.whenu.com
127.0.0.1 www.akapp.whenu.com
127.0.0.1 app.whenu.com
127.0.0.1 www.app.whenu.com
127.0.0.1 banserv.internetfuel.com
127.0.0.1 www.banserv.internetfuel.com
127.0.0.1 bidtxt.whenu.com
127.0.0.1 www.bidtxt.whenu.com
127.0.0.1 corr.conscorr.com
127.0.0.1 www.corr.conscorr.com
127.0.0.1 dclcorp.rpts.net
127.0.0.1 www.dclcorp.rpts.net
127.0.0.1 drk.localnrd.com
127.0.0.1 www.drk.localnrd.com
127.0.0.1 homecgocable.net
127.0.0.1 www.homecgocable.net
127.0.0.1 netbroadcast.com
127.0.0.1 www.netbroadcast.com
127.0.0.1 smartpops.com
127.0.0.1 www.smartpops.com
127.0.0.1 spapp.whenu.com
127.0.0.1 www.spapp.whenu.com
127.0.0.1 xxxtoolbar.com
127.0.0.1 www.xxxtoolbar.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 active-alert-server.com
127.0.0.1 www.active-alert-server.com
127.0.0.1 active-max.com
127.0.0.1 www.active-max.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 address.3721.com
127.0.0.1 www.address.3721.com
127.0.0.1 adopt.hotbar.com
127.0.0.1 www.adopt.hotbar.com
127.0.0.1 adpopper.outblaze.com
127.0.0.1 www.adpopper.outblaze.com
127.0.0.1 adroar.com
127.0.0.1 www.adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 www.ads.adroar.com
127.0.0.1 ads.adtomi.com
127.0.0.1 www.ads.adtomi.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 www.ads.centralmedia.ws
127.0.0.1 ads.hotbar.com
127.0.0.1 www.ads.hotbar.com
127.0.0.1 ads.internet-optimizer.com
127.0.0.1 www.ads.internet-optimizer.com
127.0.0.1 ads.offeroptimizer.com
127.0.0.1 www.ads.offeroptimizer.com
127.0.0.1 ads.vx2.cc
127.0.0.1 www.ads.vx2.cc
127.0.0.1 ads3.virtumundo.com
127.0.0.1 www.ads3.virtumundo.com
127.0.0.1 ads4.virtumundo.com
127.0.0.1 www.ads4.virtumundo.com
127.0.0.1 adserv1.ebates.com
127.0.0.1 www.adserv1.ebates.com
127.0.0.1 adtactics.com
127.0.0.1 www.adtactics.com
127.0.0.1 adtracker.411web.com
127.0.0.1 www.adtracker.411web.com
127.0.0.1 advertisingagent.com
127.0.0.1 www.advertisingagent.com
127.0.0.1 agent.3721.com
127.0.0.1 www.agent.3721.com
127.0.0.1 ajokeaday.com
127.0.0.1 www.ajokeaday.com
127.0.0.1 ak.imgfarm.com
127.0.0.1 www.ak.imgfarm.com
127.0.0.1 akapp.whenu.com
127.0.0.1 www.akapp.whenu.com
127.0.0.1 akweb.whenu.com
127.0.0.1 www.akweb.whenu.com
127.0.0.1 allaboutsearching.com
127.0.0.1 www.allaboutsearching.com
127.0.0.1 almightysearch.com
127.0.0.1 www.almightysearch.com
127.0.0.1 alpha.searchassistant.net
127.0.0.1 www.alpha.searchassistant.net
127.0.0.1 altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 amazingautossearch.com
127.0.0.1 www.amazingautossearch.com
127.0.0.1 amnv.net
127.0.0.1 www.amnv.net
127.0.0.1 ao.lop.com
127.0.0.1 www.ao.lop.com
127.0.0.1 app.desktop.ak-networks.com
127.0.0.1 www.app.desktop.ak-networks.com
127.0.0.1 app.ezula.com
127.0.0.1 www.app.ezula.com
127.0.0.1 app.whenu.com
127.0.0.1 www.app.whenu.com
127.0.0.1 app.whenu.speedera.net
127.0.0.1 www.app.whenu.speedera.net
127.0.0.1 assistant.3721.com
127.0.0.1 www.assistant.3721.com
127.0.0.1 avenuemedia.com
127.0.0.1 www.avenuemedia.com
127.0.0.1 ayb.lop.com
127.0.0.1 www.ayb.lop.com
127.0.0.1 b3d.com
127.0.0.1 www.b3d.com
127.0.0.1 badsol.bianas.com
127.0.0.1 www.badsol.bianas.com
127.0.0.1 badurl.grandstreetinteractive.com
127.0.0.1 www.badurl.grandstreetinteractive.com
127.0.0.1 badurl.ieplugin.com
127.0.0.1 www.badurl.ieplugin.com
127.0.0.1 bannersxchange.com
127.0.0.1 www.bannersxchange.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 www.bannerx.adtactics.com
127.0.0.1 bar.mywebsearch.com
127.0.0.1 www.bar.mywebsearch.com
127.0.0.1 bde3d.com
127.0.0.1 www.bde3d.com
127.0.0.1 belt.abetterinternet.com
127.0.0.1 www.belt.abetterinternet.com
127.0.0.1 beta.searchassistant.net
127.0.0.1 www.beta.searchassistant.net
127.0.0.1 bidtxt.whenu.com
127.0.0.1 www.bidtxt.whenu.com
127.0.0.1 bigbrother.gigatechsoftware.com
127.0.0.1 www.bigbrother.gigatechsoftware.com
127.0.0.1 bins.lop.com
127.0.0.1 www.bins.lop.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 www.bluehavenmedia.com
127.0.0.1 brilliantdigital.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 browserwise.com
127.0.0.1 www.browserwise.com
127.0.0.1 bundleware.com
127.0.0.1 www.bundleware.com
127.0.0.1 c.abetterinternet.com
127.0.0.1 www.c.abetterinternet.com
127.0.0.1 c.centralmedia.ws
127.0.0.1 www.c.centralmedia.ws
127.0.0.1 c.pornograph.com
127.0.0.1 www.c.pornograph.com
127.0.0.1 c4.iwon.com
127.0.0.1 www.c4.iwon.com
127.0.0.1 c4.maxserving.com
127.0.0.1 www.c4.maxserving.com
127.0.0.1 c4.mysearch.com
127.0.0.1 www.c4.mysearch.com
127.0.0.1 cadsol.bianas.com
127.0.0.1 www.cadsol.bianas.com
127.0.0.1 casinobuilder.i-lookup.com
127.0.0.1 www.casinobuilder.i-lookup.com
127.0.0.1 cassandra.searchassistant.net
127.0.0.1 www.cassandra.searchassistant.net
127.0.0.1 cc.iwon.com
127.0.0.1 www.cc.iwon.com
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 www.cdn.climaxbucks.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 www.cdn.movies-etc.com
127.0.0.1 centralmedia.ws
127.0.0.1 www.centralmedia.ws
127.0.0.1 cfg.mysearch.com
127.0.0.1 www.cfg.mysearch.com
127.0.0.1 cfg.mywebsearch.com
127.0.0.1 www.cfg.mywebsearch.com
127.0.0.1 checkin.clickalchemy.com
127.0.0.1 www.checkin.clickalchemy.com
127.0.0.1 chromium.whenu.com
127.0.0.1 www.chromium.whenu.com
127.0.0.1 cjt1.net
127.0.0.1 www.cjt1.net
127.0.0.1 cleangetaway.biz
127.0.0.1 www.cleangetaway.biz
127.0.0.1 click2findnow.com
127.0.0.1 www.click2findnow.com
127.0.0.1 clickalchemy.com
127.0.0.1 www.clickalchemy.com
127.0.0.1 climaxbucks.com
127.0.0.1 www.climaxbucks.com
127.0.0.1 cns.3721.com
127.0.0.1 www.cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 www.cnsmin.3721.com
127.0.0.1 cocktailcash.com
127.0.0.1 www.cocktailcash.com
127.0.0.1 code.ignphrases.com
127.0.0.1 www.code.ignphrases.com
127.0.0.1 config.grandstreetinteractive.com
127.0.0.1 www.config.grandstreetinteractive.com
127.0.0.1 contexualsearch.com
127.0.0.1 www.contexualsearch.com
127.0.0.1 corp.3721.com
127.0.0.1 www.corp.3721.com
127.0.0.1 cr.stop-popup-ads-now.com
127.0.0.1 www.cr.stop-popup-ads-now.com
127.0.0.1 crap2.com
127.0.0.1 www.crap2.com
127.0.0.1 crossroad.trekdata.com
127.0.0.1 www.crossroad.trekdata.com
127.0.0.1 cs.hotbar.com
127.0.0.1 www.cs.hotbar.com
127.0.0.1 ct.cydoor.com
127.0.0.1 www.ct.cydoor.com
127.0.0.1 ctl.twain-tech.com
127.0.0.1 www.ctl.twain-tech.com
127.0.0.1 cust.bezeqint.net
127.0.0.1 www.cust.bezeqint.net
127.0.0.1 daptest.speedbit.com
127.0.0.1 www.daptest.speedbit.com
127.0.0.1 datastorm.biz
127.0.0.1 www.datastorm.biz
127.0.0.1 delta.adroar.com
127.0.0.1 www.delta.adroar.com
127.0.0.1 dir.3721.com
127.0.0.1 www.dir.3721.com
127.0.0.1 direct.simpletraffic.com
127.0.0.1 www.direct.simpletraffic.com
127.0.0.1 docs1.iwon.com
127.0.0.1 www.docs1.iwon.com
127.0.0.1 domain.i-lookup.com
127.0.0.1 www.domain.i-lookup.com
127.0.0.1 download.3721.com
127.0.0.1 www.download.3721.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 www.download.abetterinternet.com
127.0.0.1 download.bonzi.com
127.0.0.1 www.download.bonzi.com
127.0.0.1 download.bulletproofsoft.com
127.0.0.1 www.download.bulletproofsoft.com
127.0.0.1 download.feiyang.com
127.0.0.1 www.download.feiyang.com
127.0.0.1 download.gigatechsoftware.com
127.0.0.1 www.download.gigatechsoftware.com
127.0.0.1 download.ipinsight.net
127.0.0.1 www.download.ipinsight.net
127.0.0.1 download.vx2.cc
127.0.0.1 www.download.vx2.cc
127.0.0.1 download.whenu.com
127.0.0.1 www.download.whenu.com
127.0.0.1 download2.abetterinternet.com
127.0.0.1 www.download2.abetterinternet.com
127.0.0.1 dyn.virtumundo.com
127.0.0.1 www.dyn.virtumundo.com
127.0.0.1 dynamic.hotbar.com
127.0.0.1 www.dynamic.hotbar.com
127.0.0.1 dynmenu.hotbar.com
127.0.0.1 www.dynmenu.hotbar.com
127.0.0.1 ecpm.com
127.0.0.1 www.ecpm.com
127.0.0.1 efc.iwon.com
127.0.0.1 www.efc.iwon.com
127.0.0.1 epsilon.searchassistant.net
127.0.0.1 www.epsilon.searchassistant.net
127.0.0.1 express.3721.com
127.0.0.1 www.express.3721.com
127.0.0.1 ez-searching.com
127.0.0.1 www.ez-searching.com
127.0.0.1 ezula.com
127.0.0.1 www.ezula.com
127.0.0.1 find-quick.com
127.0.0.1 www.find-quick.com
127.0.0.1 findology.mail.everyone.net
127.0.0.1 www.findology.mail.everyone.net
127.0.0.1 fstrack.7search.com
127.0.0.1 www.fstrack.7search.com
127.0.0.1 ftp.clicktracking.info
127.0.0.1 www.ftp.clicktracking.info
127.0.0.1 getweathercast.com
127.0.0.1 www.getweathercast.com
127.0.0.1 globaltoolbar.com
127.0.0.1 www.globaltoolbar.com
127.0.0.1 globalwebsearch.com
127.0.0.1 www.globalwebsearch.com
127.0.0.1 grandstreetinteractive.com
127.0.0.1 www.grandstreetinteractive.com
127.0.0.1 help.mysearch.com
127.0.0.1 www.help.mysearch.com
127.0.0.1 hits.411web.com
127.0.0.1 www.hits.411web.com
127.0.0.1 home.iwon.com
127.0.0.1 www.home.iwon.com
127.0.0.1 hotbar.com
127.0.0.1 www.hotbar.com
127.0.0.1 i-lookup.com
127.0.0.1 www.i-lookup.com
127.0.0.1 i1img.com
127.0.0.1 www.i1img.com
127.0.0.1 iads.adroar.com
127.0.0.1 www.iads.adroar.com
127.0.0.1 ieplugin.com
127.0.0.1 www.ieplugin.com
127.0.0.1 igetnet.com
127.0.0.1 www.igetnet.com
127.0.0.1 image.i1img.com
127.0.0.1 www.image.i1img.com
127.0.0.1 image.imgfarm.com
127.0.0.1 www.image.imgfarm.com
127.0.0.1 images.bonzi.com
127.0.0.1 www.images.bonzi.com
127.0.0.1 img.3721.com
127.0.0.1 www.img.3721.com
127.0.0.1 img.7meta.com
127.0.0.1 www.img.7meta.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 www.img.bannersxchange.com
127.0.0.1 img.lop.com
127.0.0.1 www.img.lop.com
127.0.0.1 imgfarm.com
127.0.0.1 www.imgfarm.com
127.0.0.1 impression.7search.com
127.0.0.1 www.impression.7search.com
127.0.0.1 install.browsertoolbar.com
127.0.0.1 www.install.browsertoolbar.com
127.0.0.1 installdollars.com
127.0.0.1 www.installdollars.com
127.0.0.1 installs.hotbar.com
127.0.0.1 www.installs.hotbar.com
127.0.0.1 internal.vx2.cc
127.0.0.1 www.internal.vx2.cc
127.0.0.1 internet-optimizer.com
127.0.0.1 www.internet-optimizer.com
127.0.0.1 ipend.datastorm.biz
127.0.0.1 www.ipend.datastorm.biz
127.0.0.1 ipinsight.com
127.0.0.1 www.ipinsight.com
127.0.0.1 iron.whenu.com
127.0.0.1 www.iron.whenu.com
127.0.0.1 javatar.cjt1.net
127.0.0.1 www.javatar.cjt1.net
127.0.0.1 jbns2.cydoor.com
127.0.0.1 www.jbns2.cydoor.com
127.0.0.1 jcde-nms4.joltid.net
127.0.0.1 www.jcde-nms4.joltid.net
127.0.0.1 jcde-nms5.joltid.net
127.0.0.1 www.jcde-nms5.joltid.net
127.0.0.1 jcde-nms6.joltid.net
127.0.0.1 www.jcde-nms6.joltid.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 www.jcms.cydoor.com
127.0.0.1 jcontent.bns1.net
127.0.0.1 www.jcontent.bns1.net
127.0.0.1 jdownloadacc.cjt1.net
127.0.0.1 www.jdownloadacc.cjt1.net
127.0.0.1 jedonkey.cjt1.net
127.0.0.1 www.jedonkey.cjt1.net
127.0.0.1 jicq.cjt1.net
127.0.0.1 www.jicq.cjt1.net
127.0.0.1 jmindset.cjt1.net
127.0.0.1 www.jmindset.cjt1.net
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.jpedownload.joltid.com
127.0.0.1 jpiolet.cjt1.net
127.0.0.1 www.jpiolet.cjt1.net
127.0.0.1 jwildmedia.cjt1.net
127.0.0.1 www.jwildmedia.cjt1.net
127.0.0.1 k17177.bins.lop.com
127.0.0.1 www.k17177.bins.lop.com
127.0.0.1 kazanon.com
127.0.0.1 www.kazanon.com
127.0.0.1 lead.whenu.com
127.0.0.1 www.lead.whenu.com
127.0.0.1 license.hotbar.com
127.0.0.1 www.license.hotbar.com
127.0.0.1 lists.adroar.com
127.0.0.1 www.lists.adroar.com
127.0.0.1 look-today.com
127.0.0.1 www.look-today.com
127.0.0.1 look2me.com
127.0.0.1 www.look2me.com
127.0.0.1 lop.com
127.0.0.1 www.lop.com
127.0.0.1 magic.3721.com
127.0.0.1 www.magic.3721.com
127.0.0.1 mail.vx2.cc
127.0.0.1 www.mail.vx2.cc
127.0.0.1 mark.3721.com
127.0.0.1 www.mark.3721.com
127.0.0.1 master.mx-targeting.com
127.0.0.1 www.master.mx-targeting.com
127.0.0.1 maxexp.com
127.0.0.1 www.maxexp.com
127.0.0.1 media.altnet.com
127.0.0.1 www.media.altnet.com
127.0.0.1 mediabuy-nic.cjt1.net
127.0.0.1 www.mediabuy-nic.cjt1.net
127.0.0.1 memorymeter.com
127.0.0.1 www.memorymeter.com
127.0.0.1 mercury.whenu.com
127.0.0.1 www.mercury.whenu.com
127.0.0.1 messagebroadcaster.net
127.0.0.1 www.messagebroadcaster.net
127.0.0.1 meta.3721.com
127.0.0.1 www.meta.3721.com
127.0.0.1 mindseti.com
127.0.0.1 www.mindseti.com
127.0.0.1 movies-etc.com
127.0.0.1 www.movies-etc.com
127.0.0.1 msearch.3721.com
127.0.0.1 www.msearch.3721.com
127.0.0.1 msview.cc
127.0.0.1 www.msview.cc
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 www.mt1.climaxbucks.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 www.mt23.climaxbucks.com
127.0.0.1 my.iwon.com
127.0.0.1 www.my.iwon.com
127.0.0.1 mypanicbutton.com
127.0.0.1 www.mypanicbutton.com
127.0.0.1 mysearchnow.com
127.0.0.1 www.mysearchnow.com
127.0.0.1 mywebsearch.com
127.0.0.1 www.mywebsearch.com
127.0.0.1 netpalnow.com
127.0.0.1 www.netpalnow.com
127.0.0.1 netpaloffers.net
127.0.0.1 www.netpaloffers.net
127.0.0.1 netsearchsoft.com
127.0.0.1 www.netsearchsoft.com
127.0.0.1 new.net
127.0.0.1 www.new.net
127.0.0.1 nictechnetworks.com
127.0.0.1 www.nictechnetworks.com
127.0.0.1 nopop.net
127.0.0.1 www.nopop.net
127.0.0.1 ns1.exportusa.com
127.0.0.1 www.ns1.exportusa.com
127.0.0.1 ns1.vx2.cc
127.0.0.1 www.ns1.vx2.cc
127.0.0.1 ns2.vx2.cc
127.0.0.1 www.ns2.vx2.cc
127.0.0.1 odysseusmarketing.com
127.0.0.1 www.odysseusmarketing.com
127.0.0.1 offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 omegasearch.com
127.0.0.1 www.omegasearch.com
127.0.0.1 omi-update.net
127.0.0.1 www.omi-update.net
127.0.0.1 orbitexplorer.com
127.0.0.1 www.orbitexplorer.com
127.0.0.1 partners.hotbar.com
127.0.0.1 www.partners.hotbar.com
127.0.0.1 paypertext.com
127.0.0.1 www.paypertext.com
127.0.0.1 pchi-vtrk.virtumundo.com
127.0.0.1 www.pchi-vtrk.virtumundo.com
127.0.0.1 plugusin4cash.com
127.0.0.1 www.plugusin4cash.com
127.0.0.1 plus.iwon.com
127.0.0.1 www.plus.iwon.com
127.0.0.1 pm.altnet.com
127.0.0.1 www.pm.altnet.com
127.0.0.1 predictivesearch.com
127.0.0.1 www.predictivesearch.com
127.0.0.1 pricebandit.com
127.0.0.1 www.pricebandit.com
127.0.0.1 privacy.virtumundo.com
127.0.0.1 www.privacy.virtumundo.com
127.0.0.1 prizemachine.games.iwon.com
127.0.0.1 www.prizemachine.games.iwon.com
127.0.0.1 promos.hotbar.com
127.0.0.1 www.promos.hotbar.com
127.0.0.1 prosearching.com
127.0.0.1 www.prosearching.com
127.0.0.1 puv.hotbar.com
127.0.0.1 www.puv.hotbar.com
127.0.0.1 query.i-lookup.com
127.0.0.1 www.query.i-lookup.com
127.0.0.1 reports.hotbar.com
127.0.0.1 www.reports.hotbar.com
127.0.0.1 reports.offeroptimizer.com
127.0.0.1 www.reports.offeroptimizer.com
127.0.0.1 resultsmaster.com
127.0.0.1 www.resultsmaster.com
127.0.0.1 rspsearch.com
127.0.0.1 www.rspsearch.com
127.0.0.1 s.abetterinternet.com
127.0.0.1 www.s.abetterinternet.com
127.0.0.1 savenow-pop-ads.com
127.0.0.1 www.savenow-pop-ads.com
127.0.0.1 savenow-popup-ads.com
127.0.0.1 www.savenow-popup-ads.com
127.0.0.1 sbox.3721.com
127.0.0.1 www.sbox.3721.com
127.0.0.1 sbvr.com
127.0.0.1 www.sbvr.com
127.0.0.1 search.active-max.com
127.0.0.1 www.search.active-max.com
127.0.0.1 search.ieplugin.com
127.0.0.1 www.search.ieplugin.com
127.0.0.1 search.iwon.com
127.0.0.1 www.search.iwon.com
127.0.0.1 search.mysearchnow.com
127.0.0.1 www.search.mysearchnow.com


127.0.0.1 search2.i-lookup.com
127.0.0.1 www.search2.i-lookup.com
127.0.0.1 search200.com
127.0.0.1 www.search200.com
127.0.0.1 searchassistant.iwon.com
127.0.0.1 www.searchassistant.iwon.com
127.0.0.1 searchassistant.net
127.0.0.1 www.searchassistant.net
127.0.0.1 searchbus.com
127.0.0.1 www.searchbus.com
127.0.0.1 searchdisp.hotbar.com
127.0.0.1 www.searchdisp.hotbar.com
127.0.0.1 searchexe.com
127.0.0.1 www.searchexe.com
127.0.0.1 searchweb2.com
127.0.0.1 www.searchweb2.com
127.0.0.1 sentrymon.ipinsight.net
127.0.0.1 www.sentrymon.ipinsight.net
127.0.0.1 server.ipinsight.net
127.0.0.1 www.server.ipinsight.net
127.0.0.1 shanghai.3721.com
127.0.0.1 www.shanghai.3721.com
127.0.0.1 similarsingles.com
127.0.0.1 www.similarsingles.com
127.0.0.1 sina.3721.com
127.0.0.1 www.sina.3721.com
127.0.0.1 skins.hotbar.com
127.0.0.1 www.skins.hotbar.com
127.0.0.1 soap.alexa.com
127.0.0.1 www.soap.alexa.com
127.0.0.1 spapp.whenu.com
127.0.0.1 www.spapp.whenu.com
127.0.0.1 spawnet.com
127.0.0.1 www.spawnet.com
127.0.0.1 speedbar.myway.com
127.0.0.1 www.speedbar.myway.com
127.0.0.1 sputnik.vx2.cc
127.0.0.1 www.sputnik.vx2.cc
127.0.0.1 spweather.whenu.com
127.0.0.1 www.spweather.whenu.com
127.0.0.1 spweb.whenu.com
127.0.0.1 www.spweb.whenu.com
127.0.0.1 spywarehelp.net
127.0.0.1 www.spywarehelp.net
127.0.0.1 sqwire.com
127.0.0.1 www.sqwire.com
127.0.0.1 sqwire.i-lookup.com
127.0.0.1 www.sqwire.i-lookup.com
127.0.0.1 srch.lop.com
127.0.0.1 www.srch.lop.com
127.0.0.1 st.brilliantdigital.com
127.0.0.1 www.st.brilliantdigital.com
127.0.0.1 static.411web.com
127.0.0.1 www.static.411web.com
127.0.0.1 stop-popup-ads-now.com
127.0.0.1 www.stop-popup-ads-now.com
127.0.0.1 stubmon.ipinsight.net
127.0.0.1 www.stubmon.ipinsight.net
127.0.0.1 sue.lop.com
127.0.0.1 www.sue.lop.com
127.0.0.1 superwebsearch.com
127.0.0.1 www.superwebsearch.com
127.0.0.1 sysupdate.grandstreetinteractive.com
127.0.0.1 www.sysupdate.grandstreetinteractive.com
127.0.0.1 sysupdate.ieplugin.com
127.0.0.1 www.sysupdate.ieplugin.com
127.0.0.1 tdko.com
127.0.0.1 www.tdko.com
127.0.0.1 tdmy.com
127.0.0.1 www.tdmy.com
127.0.0.1 tefs.com
127.0.0.1 www.tefs.com
127.0.0.1 tfil.com
127.0.0.1 www.tfil.com
127.0.0.1 thinkingmedia.net
127.0.0.1 www.thinkingmedia.net
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.thinstall.abetterinternet.com
127.0.0.1 tin.whenu.com
127.0.0.1 www.tin.whenu.com
127.0.0.1 titanium.whenu.com
127.0.0.1 www.titanium.whenu.com
127.0.0.1 toolbar.i-lookup.com
127.0.0.1 www.toolbar.i-lookup.com
127.0.0.1 toolbar2.i-lookup.com
127.0.0.1 www.toolbar2.i-lookup.com
 
continued

rapport.txt continued

127.0.0.1 tooltips.hotbar.com
127.0.0.1 www.tooltips.hotbar.com
127.0.0.1 topicks.com
127.0.0.1 www.topicks.com
127.0.0.1 totalvelocity.com
127.0.0.1 www.totalvelocity.com
127.0.0.1 tpcms.topicks.com
127.0.0.1 www.tpcms.topicks.com
127.0.0.1 tpdownload.topicks.com
127.0.0.1 www.tpdownload.topicks.com
127.0.0.1 tpreport.topicks.com
127.0.0.1 www.tpreport.topicks.com
127.0.0.1 track.dlsearchbar.com
127.0.0.1 www.track.dlsearchbar.com
127.0.0.1 track.simpletraffic.com
127.0.0.1 www.track.simpletraffic.com
127.0.0.1 tracking.roispy.com
127.0.0.1 www.tracking.roispy.com
127.0.0.1 tracking.spiderbait.com
127.0.0.1 www.tracking.spiderbait.com
127.0.0.1 tracking.thunderdownloads.com
127.0.0.1 www.tracking.thunderdownloads.com
127.0.0.1 traffichog.com
127.0.0.1 www.traffichog.com
127.0.0.1 transctl-dev.vx2.cc
127.0.0.1 www.transctl-dev.vx2.cc
127.0.0.1 transctl.vx2.cc
127.0.0.1 www.transctl.vx2.cc
127.0.0.1 ts.altnet.com
127.0.0.1 www.ts.altnet.com
127.0.0.1 tss.altnet.com
127.0.0.1 www.tss.altnet.com
127.0.0.1 update.speedbit.com
127.0.0.1 www.update.speedbit.com
127.0.0.1 update.stop-popup-ads-now.com
127.0.0.1 www.update.stop-popup-ads-now.com
127.0.0.1 update.thunderdownloads.com
127.0.0.1 www.update.thunderdownloads.com
127.0.0.1 updates.desktop.ak-networks.com
127.0.0.1 www.updates.desktop.ak-networks.com
127.0.0.1 updates.desktop.virtumundo.com
127.0.0.1 www.updates.desktop.virtumundo.com
127.0.0.1 updates.hotbar.com
127.0.0.1 www.updates.hotbar.com
127.0.0.1 upgrades.hotbar.com
127.0.0.1 www.upgrades.hotbar.com
127.0.0.1 user.3721.com
127.0.0.1 www.user.3721.com
127.0.0.1 view.atdmt.com
127.0.0.1 www.view.atdmt.com
127.0.0.1 vip-farm1.hotbar.com
127.0.0.1 www.vip-farm1.hotbar.com
127.0.0.1 vip-farm1v.hotbar.com
127.0.0.1 www.vip-farm1v.hotbar.com
127.0.0.1 vip-farm2.hotbar.com
127.0.0.1 www.vip-farm2.hotbar.com
127.0.0.1 vip-farm2v.hotbar.com
127.0.0.1 www.vip-farm2v.hotbar.com
127.0.0.1 vip-farm31v.hotbar.com
127.0.0.1 www.vip-farm31v.hotbar.com
127.0.0.1 vip-farm5v.hotbar.com
127.0.0.1 www.vip-farm5v.hotbar.com
127.0.0.1 virtumundo.com
127.0.0.1 www.virtumundo.com
127.0.0.1 vlogic.ak-networks.com
127.0.0.1 www.vlogic.ak-networks.com
127.0.0.1 vmadmin.com
127.0.0.1 www.vmadmin.com
127.0.0.1 vrape.hardloved.com
127.0.0.1 www.vrape.hardloved.com
127.0.0.1 vtrack.virtumundo.com
127.0.0.1 www.vtrack.virtumundo.com
127.0.0.1 wap.3721.com
127.0.0.1 www.wap.3721.com
127.0.0.1 weather.whenu.com
127.0.0.1 www.weather.whenu.com
127.0.0.1 weather.whenu.speedera.net
127.0.0.1 www.weather.whenu.speedera.net
127.0.0.1 web.whenu.com
127.0.0.1 www.web.whenu.com
127.0.0.1 web.whenu.speedera.net
127.0.0.1 www.web.whenu.speedera.net
127.0.0.1 wfix.com
127.0.0.1 www.wfix.com
127.0.0.1 whenu-advertising-info.com
127.0.0.1 www.whenu-advertising-info.com
127.0.0.1 whenu-advertising.com
127.0.0.1 www.whenu-advertising.com
127.0.0.1 whenu-popup-ads.com
127.0.0.1 www.whenu-popup-ads.com
127.0.0.1 whenu.com
127.0.0.1 www.whenu.com
127.0.0.1 whenusearch.com
127.0.0.1 www.whenusearch.com
127.0.0.1 whenushop-advertising-central.com
127.0.0.1 www.whenushop-advertising-central.com
127.0.0.1 whenushop-pop-ads.com
127.0.0.1 www.whenushop-pop-ads.com
127.0.0.1 whenushop-space.com
127.0.0.1 www.whenushop-space.com
127.0.0.1 whenushop.whenu.com
127.0.0.1 www.whenushop.whenu.com
127.0.0.1 ww2.ieplugin.com
127.0.0.1 www.ww2.ieplugin.com
127.0.0.1 ww3.ieplugin.com
127.0.0.1 www.ww3.ieplugin.com
127.0.0.1 wwa.ieplugin.com
127.0.0.1 www.wwa.ieplugin.com
127.0.0.1 wwd.ieplugin.com
127.0.0.1 www.wwd.ieplugin.com
127.0.0.1 www.2004cms.com
127.0.0.1 2004cms.com
127.0.0.1 www.3721.com
127.0.0.1 3721.com
127.0.0.1 www.680180.net
127.0.0.1 680180.net
127.0.0.1 www.7metasearch.com
127.0.0.1 7metasearch.com
127.0.0.1 www.7search.com
127.0.0.1 7search.com
127.0.0.1 www.aadcom.com
127.0.0.1 aadcom.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.active-alert-server.com
127.0.0.1 active-alert-server.com
127.0.0.1 www.active-max.com
127.0.0.1 active-max.com
127.0.0.1 www.acustat.com
127.0.0.1 acustat.com
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 addictivetechnologies.net
127.0.0.1 www.adroar.com
127.0.0.1 adroar.com
127.0.0.1 www.adtactics.com
127.0.0.1 adtactics.com
127.0.0.1 www.adtomi.com
127.0.0.1 adtomi.com
127.0.0.1 www.aimdolls.com
127.0.0.1 aimdolls.com
127.0.0.1 www.aimphuck.com
127.0.0.1 aimphuck.com
127.0.0.1 www.alexa.com
127.0.0.1 alexa.com
127.0.0.1 www.allaboutsearching.com
127.0.0.1 allaboutsearching.com
127.0.0.1 www.allhyperlinks.com
127.0.0.1 allhyperlinks.com
127.0.0.1 www.almightysearch.com
127.0.0.1 almightysearch.com
127.0.0.1 www.altnet.com
127.0.0.1 altnet.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 altnetp2p.com
127.0.0.1 www.amazingautossearch.com
127.0.0.1 amazingautossearch.com
127.0.0.1 www.amnv.net
127.0.0.1 amnv.net
127.0.0.1 www.at-games.com
127.0.0.1 at-games.com
127.0.0.1 www.avenuemedia.com
127.0.0.1 avenuemedia.com
127.0.0.1 www.b3d.com
127.0.0.1 b3d.com
127.0.0.1 www.bc777.com
127.0.0.1 bc777.com
127.0.0.1 www.bluehavenmedia.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 www.bns1.net
127.0.0.1 bns1.net
127.0.0.1 www.bns2.net
127.0.0.1 bns2.net
127.0.0.1 www.bonzi.com
127.0.0.1 bonzi.com
127.0.0.1 www.bonzibuddy.com
127.0.0.1 bonzibuddy.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 brilliantdigital.com
127.0.0.1 www.browsertoolbar.com
127.0.0.1 browsertoolbar.com
127.0.0.1 www.browserwise.com
127.0.0.1 browserwise.com
127.0.0.1 www.bulletproofsoft.com
127.0.0.1 bulletproofsoft.com
127.0.0.1 www.bundleware.com
127.0.0.1 bundleware.com
127.0.0.1 www.centralmedia.ws
127.0.0.1 centralmedia.ws
127.0.0.1 www.cleangetaway.biz
127.0.0.1 cleangetaway.biz
127.0.0.1 www.click2findnow.com
127.0.0.1 click2findnow.com
127.0.0.1 www.clickalchemy.com
127.0.0.1 clickalchemy.com
127.0.0.1 www.clicktracking.info
127.0.0.1 clicktracking.info
127.0.0.1 www.climaxbucks.com
127.0.0.1 climaxbucks.com
127.0.0.1 www.clock-sync.com
127.0.0.1 clock-sync.com
127.0.0.1 www.cms1.net
127.0.0.1 cms1.net
127.0.0.1 www.cms2.net
127.0.0.1 cms2.net
127.0.0.1 www.cocktailcash.com
127.0.0.1 cocktailcash.com
127.0.0.1 www.contexualsearch.com
127.0.0.1 contexualsearch.com
127.0.0.1 www.crap2.com
127.0.0.1 crap2.com
127.0.0.1 www.cydoor.com
127.0.0.1 cydoor.com
127.0.0.1 dashbar.com
127.0.0.1 www.datastorm.biz
127.0.0.1 datastorm.biz
127.0.0.1 date-manager.com
127.0.0.1 www.dialup2.com
127.0.0.1 dialup2.com
127.0.0.1 www.domain.i-lookup.com
127.0.0.1 domain.i-lookup.com
127.0.0.1 www.ebates.com
127.0.0.1 ebates.com
127.0.0.1 www.ecpm.com
127.0.0.1 ecpm.com
127.0.0.1 www.ez-searching.com
127.0.0.1 ez-searching.com
127.0.0.1 www.find-quick.com
127.0.0.1 find-quick.com
127.0.0.1 www.findology.com
127.0.0.1 findology.com
127.0.0.1 www.funwebproducts.com
127.0.0.1 funwebproducts.com
127.0.0.1 gator.com
127.0.0.1 www.gatoradvertisinginformationnetwork.com
127.0.0.1 gatoradvertisinginformationnetwork.com
127.0.0.1 gatorcorporation.com
127.0.0.1 www.getweathercast.com
127.0.0.1 getweathercast.com
127.0.0.1 www.gigatechsoftware.com
127.0.0.1 gigatechsoftware.com
127.0.0.1 www.gonnasearch.com
127.0.0.1 gonnasearch.com
127.0.0.1 www.grandstreetinteractive.com
127.0.0.1 grandstreetinteractive.com
127.0.0.1 www.greasycow.com
127.0.0.1 greasycow.com
127.0.0.1 www.hotbar.com
127.0.0.1 hotbar.com
127.0.0.1 www.i-lookup.com
127.0.0.1 i-lookup.com
127.0.0.1 www.ieplugin.com
127.0.0.1 ieplugin.com
127.0.0.1 www.igetnet.com
127.0.0.1 igetnet.com
127.0.0.1 www.ignkeywords.com
127.0.0.1 ignkeywords.com
127.0.0.1 www.ignphrases.com
127.0.0.1 ignphrases.com
127.0.0.1 www.imbum.com
127.0.0.1 imbum.com
127.0.0.1 www.internet-optimizer.com
127.0.0.1 internet-optimizer.com
127.0.0.1 www.ipinsight.com
127.0.0.1 ipinsight.com
127.0.0.1 www.ipinsight.net
127.0.0.1 ipinsight.net
127.0.0.1 www.iwon.com
127.0.0.1 iwon.com
127.0.0.1 www.kazanon.com
127.0.0.1 kazanon.com
127.0.0.1 www.linkstoyou.com
127.0.0.1 linkstoyou.com
127.0.0.1 www.look-today.com
127.0.0.1 look-today.com
127.0.0.1 www.look2me.com
127.0.0.1 look2me.com
127.0.0.1 www.look2me1.com
127.0.0.1 look2me1.com
127.0.0.1 www.look2me2.com
127.0.0.1 look2me2.com
127.0.0.1 www.look2me4.com
127.0.0.1 look2me4.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.lop2.com
127.0.0.1 lop2.com
127.0.0.1 www.lovetraffic.com
127.0.0.1 lovetraffic.com
127.0.0.1 www.lunasearch.com
127.0.0.1 lunasearch.com
127.0.0.1 www.memorymeter.com
127.0.0.1 memorymeter.com
127.0.0.1 www.messagebroadcaster.net
127.0.0.1 messagebroadcaster.net
127.0.0.1 www.mindseti.com
127.0.0.1 mindseti.com
127.0.0.1 www.mindsetinteractive.com
127.0.0.1 mindsetinteractive.com
127.0.0.1 www.movies-etc.com
127.0.0.1 movies-etc.com
127.0.0.1 www.mp3search.com
127.0.0.1 mp3search.com
127.0.0.1 www.msview.cc
127.0.0.1 msview.cc
127.0.0.1 www.mx-targeting.com
127.0.0.1 mx-targeting.com
127.0.0.1 www.mypanicbutton.com
127.0.0.1 mypanicbutton.com
127.0.0.1 www.mypctuneup.com
127.0.0.1 mypctuneup.com
127.0.0.1 www.mysearch.com
127.0.0.1 mysearch.com
127.0.0.1 www.mysearchnow.com
127.0.0.1 mysearchnow.com
127.0.0.1 www.mywebsearch.com
127.0.0.1 mywebsearch.com
127.0.0.1 www.netpalnow.com
127.0.0.1 netpalnow.com
127.0.0.1 www.netpaloffers.net
127.0.0.1 netpaloffers.net
127.0.0.1 www.netsearchsoft.com
127.0.0.1 netsearchsoft.com
127.0.0.1 www.newtonknows.com
127.0.0.1 newtonknows.com
127.0.0.1 www.nictechnetworks.com
127.0.0.1 nictechnetworks.com
127.0.0.1 www.no-pops.com
127.0.0.1 no-pops.com
127.0.0.1 www.nopop.net
127.0.0.1 nopop.net
127.0.0.1 www.nuker.com
127.0.0.1 nuker.com
127.0.0.1 www.odysseusmarketing.com
127.0.0.1 odysseusmarketing.com
127.0.0.1 offercompanion.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 offeroptimizer.com
127.0.0.1 www.omegasearch.com
127.0.0.1 omegasearch.com
127.0.0.1 www.omi-update.net
127.0.0.1 omi-update.net
127.0.0.1 www.pay-per-search.com
127.0.0.1 pay-per-search.com
127.0.0.1 www.payperranking.com
127.0.0.1 payperranking.com
127.0.0.1 www.plugusin4cash.com
127.0.0.1 plugusin4cash.com
127.0.0.1 precision-time.com
127.0.0.1 www.pricebandit.com
127.0.0.1 pricebandit.com
127.0.0.1 www.prosearching.com
127.0.0.1 prosearching.com
127.0.0.1 www.qcksearch.com
127.0.0.1 qcksearch.com
127.0.0.1 www.resultsmaster.com
127.0.0.1 resultsmaster.com
127.0.0.1 www.rgs1.net
127.0.0.1 rgs1.net
127.0.0.1 www.rgs2.net
127.0.0.1 rgs2.net
127.0.0.1 www.roispy.com
127.0.0.1 roispy.com
127.0.0.1 www.rspsearch.com
127.0.0.1 rspsearch.com
127.0.0.1 www.rub.to
127.0.0.1 rub.to
127.0.0.1 www.sbvr.com
127.0.0.1 sbvr.com
127.0.0.1 www.search200.com
127.0.0.1 search200.com
127.0.0.1 www.searchassistant.net
127.0.0.1 searchassistant.net
127.0.0.1 www.searchexe.com
127.0.0.1 searchexe.com
127.0.0.1 searchscout.com
127.0.0.1 www.searchweb2.com
127.0.0.1 searchweb2.com
127.0.0.1 www.similarsingles.com
127.0.0.1 similarsingles.com
127.0.0.1 www.spawnet.com
127.0.0.1 spawnet.com
127.0.0.1 www.spiderbait.com
127.0.0.1 spiderbait.com
127.0.0.1 www.spywarehelp.net
127.0.0.1 spywarehelp.net
127.0.0.1 www.spywarenuker.com
127.0.0.1 spywarenuker.com
127.0.0.1 www.srv2cpt.com
127.0.0.1 srv2cpt.com
127.0.0.1 www.stop-popup-ads-now.com
127.0.0.1 stop-popup-ads-now.com
127.0.0.1 www.tdko.com
127.0.0.1 tdko.com
127.0.0.1 www.tfil.com
127.0.0.1 tfil.com
127.0.0.1 tgcsearch.com
127.0.0.1 www.thinkingmedia.net
127.0.0.1 thinkingmedia.net
127.0.0.1 www.topicks.com
127.0.0.1 topicks.com
127.0.0.1 www.totalvelocity.com
127.0.0.1 totalvelocity.com
127.0.0.1 www.tps108.org
127.0.0.1 tps108.org
127.0.0.1 www.trekblue.com
127.0.0.1 trekblue.com
127.0.0.1 www.twain-tech.com
127.0.0.1 twain-tech.com
127.0.0.1 www.unitedvending.net
127.0.0.1 unitedvending.net
127.0.0.1 www.virtumundo.com
127.0.0.1 virtumundo.com
127.0.0.1 www.vx2.cc
127.0.0.1 vx2.cc
127.0.0.1 weatherscope.com
127.0.0.1 www.websecurealert.com
127.0.0.1 websecurealert.com
127.0.0.1 www.whenu.com
127.0.0.1 whenu.com
127.0.0.1 www.whenu.com.edgesuite.net
127.0.0.1 whenu.com.edgesuite.net
127.0.0.1 www.whenusearch.com
127.0.0.1 whenusearch.com
127.0.0.1 www.whenushop.com
127.0.0.1 whenushop.com
127.0.0.1 www.world-portal.com
127.0.0.1 world-portal.com
127.0.0.1 www.yoogee.com
127.0.0.1 yoogee.com
127.0.0.1 www.zestyfind.com
127.0.0.1 zestyfind.com
127.0.0.1 www.zsearchtoolbar.com
127.0.0.1 zsearchtoolbar.com
127.0.0.1 www1.iwon.com
127.0.0.1 www.www1.iwon.com
127.0.0.1 www1.lop.com
127.0.0.1 www.www1.lop.com
127.0.0.1 www2.browsertoolbar.com
127.0.0.1 www.www2.browsertoolbar.com
127.0.0.1 www2.i-lookup.com
127.0.0.1 www.www2.i-lookup.com
127.0.0.1 xads.offeroptimizer.com
127.0.0.1 www.xads.offeroptimizer.com
127.0.0.1 xadso.offeroptimizer.com
127.0.0.1 www.xadso.offeroptimizer.com
127.0.0.1 xadsq.offeroptimizer.com
127.0.0.1 www.xadsq.offeroptimizer.com
127.0.0.1 xadx.offeroptimizer.com
127.0.0.1 www.xadx.offeroptimizer.com
127.0.0.1 xbs.climaxbucks.com
127.0.0.1 www.xbs.climaxbucks.com
127.0.0.1 xbs.cocktailcash.com
127.0.0.1 www.xbs.cocktailcash.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 www.ximages.offeroptimizer.com
127.0.0.1 xjupiter.com
127.0.0.1 www.xjupiter.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 www.xlime.offeroptimizer.com
127.0.0.1 xml.411web.com
127.0.0.1 www.xml.411web.com
127.0.0.1 yahoo.3721.com
127.0.0.1 www.yahoo.3721.com
127.0.0.1 yoogee.com
127.0.0.1 www.yoogee.com
127.0.0.1 z1.vx2.cc
127.0.0.1 www.z1.vx2.cc
127.0.0.1 zestyfind.com
127.0.0.1 www.zestyfind.com
127.0.0.1 zinc.whenu.com
127.0.0.1 www.zinc.whenu.com
127.0.0.1 zsearchtoolbar.com
127.0.0.1 www.zsearchtoolbar.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB2E44C6-7F87-40CA-A5B9-991457698368}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB2E44C6-7F87-40CA-A5B9-991457698368}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB2E44C6-7F87-40CA-A5B9-991457698368}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdkxv.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C569B8DA-D929-4c57-9ADD-C071C13C1FAD}"="°OJ"



»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\kdkxv.exe Deleted

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Hjt

Heres the new HJT log after the smitfraudfix clean

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32, on 2007-10-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B19F2E-09BC-47CF-A709-13B50B4620FC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {359F6495-6D24-4B75-8D8C-95F2DD94A24E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - (no file)
O2 - BHO: (no name) - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {A9150711-B448-4878-9AF7-68C82CAD8000} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {AC9CEDCC-7F9F-48E9-B9C1-1FA7962A73C1} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {AF1BA546-A930-43E8-863D-9D39B1E6F976} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O2 - BHO: (no name) - {C2365BA4-8E86-49F8-9C15-DA6600D3D79E} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {C347A0AC-42B4-4E3E-9867-2412512A3D24} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {C561ABA5-B6A0-46D9-9ECC-2F6F08D48824} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CDA7FABE-7142-4004-845E-8AA884E529A8} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {D36E8104-E529-4A76-9DE9-0BC52F11C8D0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {E8808CC7-CE3E-4FC7-A0B2-65DCB8F91ABF} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {ED182F32-4A69-4F63-B894-B69022344DAD} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O2 - BHO: (no name) - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - (no file)
O2 - BHO: (no name) - {FA67E157-C26C-4019-B3C8-BE9FE91B226A} - C:\Program Files\8w6fbfy3\8w6fbfy3.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: (no name) - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {C109664B-CEB1-420b-B353-D55A561536DD} - (no file)
O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebScan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [lxbfrd] C:\WINDOWS\System32\vtlgqw.exe
O4 - HKLM\..\Run: [hnvy] C:\WINDOWS\System32\ichop.exe
O4 - HKLM\..\Run: [uykkyrz] C:\WINDOWS\System32\qfqgwyt.exe
O4 - HKLM\..\Run: [kwnh] C:\WINDOWS\System32\oegczuz.exe
O4 - HKLM\..\Run: [dfie] C:\WINDOWS\System32\cvpixdeu.exe
O4 - HKLM\..\Run: [nnlxvoy] C:\WINDOWS\System32\equsyw.exe
O4 - HKLM\..\Run: [cksob] C:\WINDOWS\System32\rlpdhsh.exe
O4 - HKLM\..\Run: [yaormqa] C:\WINDOWS\System32\qesjc.exe
O4 - HKLM\..\Run: [gqiuyx] C:\WINDOWS\System32\khlasjm.exe
O4 - HKLM\..\Run: [wwsyy] C:\WINDOWS\System32\gquncixs.exe
O4 - HKLM\..\Run: [vyhv] C:\WINDOWS\System32\dhsiwdeh.exe
O4 - HKLM\..\Run: [iukl] C:\WINDOWS\System32\fsmgq.exe
O4 - HKLM\..\Run: [wlhwdp] C:\WINDOWS\System32\rctwlkcf.exe
O4 - HKLM\..\Run: [ljat] C:\WINDOWS\System32\reorhqq.exe
O4 - HKLM\..\Run: [bdzr] C:\WINDOWS\System32\chtkh.exe
O4 - HKLM\..\Run: [yeue] C:\WINDOWS\System32\xitvso.exe
O4 - HKLM\..\Run: [gkprgs] C:\WINDOWS\System32\reeytzt.exe
O4 - HKLM\..\Run: [zxeor] C:\WINDOWS\System32\bhswnk.exe
O4 - HKLM\..\Run: [zuybvka] C:\WINDOWS\System32\wdkzhue.exe
O4 - HKLM\..\Run: [zgbjs] C:\WINDOWS\System32\dmnplb.exe
O4 - HKLM\..\Run: [ebujbxl] C:\WINDOWS\System32\fgsam.exe
O4 - HKLM\..\Run: [sqhxjnwf] C:\WINDOWS\System32\qtpqsqz.exe
O4 - HKLM\..\Run: [grow] C:\WINDOWS\System32\cpitubvt.exe
O4 - HKLM\..\Run: [zaapllqc] C:\WINDOWS\System32\xmdcppxr.exe
O4 - HKLM\..\Run: [sugqy] C:\WINDOWS\System32\osppozy.exe
O4 - HKLM\..\Run: [qaqrxgv] C:\WINDOWS\System32\oqltbu.exe
O4 - HKLM\..\Run: [nrroyj] C:\WINDOWS\System32\qlzl.exe
O4 - HKLM\..\Run: [gtpg] C:\WINDOWS\System32\lfqwa.exe
O4 - HKLM\..\Run: [oimchl] C:\WINDOWS\System32\oivhbjru.exe
O4 - HKLM\..\Run: [awqxd] C:\WINDOWS\System32\saywi.exe
O4 - HKLM\..\Run: [mdptsz] C:\WINDOWS\System32\bygltvcz.exe
O4 - HKLM\..\Run: [kfmit] C:\WINDOWS\System32\ypdgoqio.exe
O4 - HKLM\..\Run: [abvfahbu] C:\WINDOWS\System32\wzuhybb.exe
O4 - HKLM\..\Run: [cxridkkg] C:\WINDOWS\System32\okzivf.exe
O4 - HKLM\..\Run: [peyxtc] C:\WINDOWS\System32\hgqiwxbw.exe
O4 - HKLM\..\Run: [exwdz] C:\WINDOWS\System32\jjvbxpu.exe
O4 - HKLM\..\Run: [qvwlyhn] C:\WINDOWS\System32\zjnbo.exe
O4 - HKLM\..\Run: [btymsm] C:\WINDOWS\System32\gmuemk.exe
O4 - HKLM\..\Run: [gdtve] C:\WINDOWS\System32\wsilhs.exe
O4 - HKLM\..\Run: [dhhsja] C:\WINDOWS\System32\oezkcyu.exe
O4 - HKLM\..\Run: [jmtuik] C:\WINDOWS\System32\kjwdz.exe
O4 - HKLM\..\Run: [capcli] C:\WINDOWS\System32\vdcwactf.exe
O4 - HKLM\..\Run: [mwaqv] C:\WINDOWS\System32\eqcxjoqw.exe
O4 - HKLM\..\Run: [nafv] C:\WINDOWS\System32\admwgfnb.exe
O4 - HKLM\..\Run: [rbjri] C:\WINDOWS\System32\dctkolj.exe
O4 - HKLM\..\Run: [uofjbwt] C:\WINDOWS\System32\fwzcp.exe
O4 - HKLM\..\Run: [rjmzvp] c:\windows\system32\rjmzvp.exe
O4 - HKLM\..\Run: [juoob] C:\WINDOWS\System32\rcexejtt.exe
O4 - HKLM\..\Run: [ufrms] C:\WINDOWS\System32\bxjpfc.exe
O4 - HKLM\..\Run: [cwnb] C:\WINDOWS\System32\pkxz.exe
O4 - HKLM\..\Run: [biynop] C:\WINDOWS\System32\rjwfyxh.exe
O4 - HKLM\..\Run: [gvnb] C:\WINDOWS\System32\kgyyjvq.exe
O4 - HKLM\..\Run: [bzafkzh] C:\WINDOWS\System32\ubpf.exe
O4 - HKLM\..\Run: [pyzt] C:\WINDOWS\System32\tvrfg.exe
O4 - HKLM\..\Run: [xghgws] C:\WINDOWS\System32\bzyzezf.exe
O4 - HKLM\..\Run: [szlw] C:\WINDOWS\System32\nxld.exe
O4 - HKLM\..\Run: [wnau] C:\WINDOWS\System32\knjz.exe
O4 - HKLM\..\Run: [iyqpys] C:\WINDOWS\System32\llkg.exe
O4 - HKLM\..\Run: [xjllnegx] C:\WINDOWS\System32\mcccoor.exe
O4 - HKLM\..\Run: [ojyv] C:\WINDOWS\System32\noxmhj.exe
O4 - HKLM\..\Run: [cccwy] C:\WINDOWS\System32\cdkj.exe
O4 - HKLM\..\Run: [cgbpczf] C:\WINDOWS\System32\udbslo.exe
O4 - HKLM\..\Run: [wilskamx] C:\WINDOWS\System32\bbjwck.exe
O4 - HKLM\..\Run: [bcung] C:\WINDOWS\System32\oythwvar.exe
O4 - HKLM\..\Run: [swyws] C:\WINDOWS\System32\yarvm.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [ajpylew] C:\WINDOWS\System32\jjuvp.exe
O4 - HKLM\..\Run: [eehku] C:\WINDOWS\System32\bvsvwy.exe
O4 - HKLM\..\Run: [cqkg] C:\WINDOWS\System32\hjree.exe
O4 - HKLM\..\Run: [ylfrzafc] C:\WINDOWS\System32\lkwdw.exe
O4 - HKLM\..\Run: [kuclsrh] C:\WINDOWS\System32\adha.exe
O4 - HKLM\..\Run: [xymr] C:\WINDOWS\System32\hwkoxfl.exe
O4 - HKLM\..\Run: [knprbopo] C:\WINDOWS\System32\jecfw.exe
O4 - HKLM\..\Run: [pfoc] C:\WINDOWS\System32\tzseszm.exe
O4 - HKLM\..\Run: [pebljl] C:\WINDOWS\System32\ifcgzlni.exe
O4 - HKLM\..\Run: [hlrsyqa] C:\WINDOWS\System32\tjlkgyj.exe
O4 - HKLM\..\Run: [ulvtjx] C:\WINDOWS\System32\elrvh.exe
O4 - HKLM\..\Run: [smfcyruv] C:\WINDOWS\System32\sftndqtz.exe
O4 - HKLM\..\Run: [vdtb] C:\WINDOWS\System32\lzuuu.exe
O4 - HKLM\..\Run: [lixstrl] C:\WINDOWS\System32\ytbh.exe
O4 - HKLM\..\Run: [spzjmny] C:\WINDOWS\System32\nlomxp.exe
O4 - HKLM\..\Run: [dxjsfdn] C:\WINDOWS\System32\vdst.exe
O4 - HKLM\..\Run: [hbyxbz] C:\WINDOWS\System32\lzmo.exe
O4 - HKLM\..\Run: [ayyfrht] C:\WINDOWS\System32\tkrl.exe
O4 - HKLM\..\Run: [uhhrkzvm] C:\WINDOWS\System32\ogkodk.exe
O4 - HKLM\..\Run: [dlwhoh] C:\WINDOWS\System32\hqzaxcr.exe
O4 - HKLM\..\Run: [friaba] C:\WINDOWS\System32\cfnstj.exe
O4 - HKLM\..\Run: [jhqmbd] C:\WINDOWS\System32\qbcin.exe
O4 - HKLM\..\Run: [utqiz] C:\WINDOWS\System32\bdhbobui.exe
O4 - HKLM\..\Run: [tncsm] C:\WINDOWS\System32\vwneg.exe
O4 - HKLM\..\Run: [vflrjgsg] C:\WINDOWS\System32\oqfgxs.exe
O4 - HKLM\..\Run: [sdjt] C:\WINDOWS\System32\lgdbzv.exe
O4 - HKLM\..\Run: [iitg] C:\WINDOWS\System32\uklrvc.exe
O4 - HKLM\..\Run: [fgrikz] C:\WINDOWS\System32\rajnqy.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [stlaaymn] C:\WINDOWS\System32\zyfjw.exe
O4 - HKLM\..\Run: [ldnz] C:\WINDOWS\System32\bakt.exe
O4 - HKLM\..\Run: [qorpkjxv] C:\WINDOWS\System32\hwwhgj.exe
O4 - HKLM\..\Run: [jxfhrhxk] C:\WINDOWS\System32\xtqwgrjw.exe
O4 - HKLM\..\Run: [vzcd] C:\WINDOWS\System32\aygmwydh.exe
O4 - HKLM\..\Run: [fgeonihv] C:\WINDOWS\System32\glybj.exe
O4 - HKLM\..\Run: [ofxaupfs] C:\WINDOWS\System32\thieldi.exe
O4 - HKLM\..\Run: [ajctdbws] C:\WINDOWS\System32\fyffwrie.exe
O4 - HKLM\..\Run: [aneglun] C:\WINDOWS\System32\kwvu.exe
O4 - HKLM\..\Run: [dtbw] C:\WINDOWS\System32\hvtq.exe
O4 - HKLM\..\Run: [fhsgj] C:\WINDOWS\System32\xxkwspa.exe
O4 - HKLM\..\Run: [dfudgnut] C:\WINDOWS\System32\vvisnsg.exe
O4 - HKLM\..\Run: [vqzwgvil] C:\WINDOWS\System32\xmmyupib.exe
O4 - HKLM\..\Run: [yyhvi] C:\WINDOWS\System32\myba.exe
O4 - HKLM\..\Run: [vzrzzi] C:\WINDOWS\System32\qawlrigr.exe
O4 - HKLM\..\Run: [swyph] C:\WINDOWS\System32\xmdo.exe
O4 - HKLM\..\Run: [wylmsn] C:\WINDOWS\System32\jjeeqqr.exe
O4 - HKLM\..\Run: [bngyo] C:\WINDOWS\System32\wfxh.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zhqyqu] C:\WINDOWS\System32\hhovkgv.exe r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe"] C:\WINDOWS\tulrdfur.exe
O4 - HKLM\..\Run: [}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe"] C:\WINDOWS\tulrdfur.exe
O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [iqiz] C:\PROGRA~1\COMMON~1\iqiz\iqizm.exe
O4 - HKCU\..\Run: [Tgatngd] C:\Documents and Settings\Jesse\Application Data\?racle\w?wexec.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1013018
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 
HJT continued

the finish of the HJT log

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adextension.com
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.gimmycash.com
O15 - Trusted Zone: *.gimmysmileys.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.proben.nu
O15 - Trusted Zone: *.snet.ms
O15 - Trusted Zone: *.snet.tc
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.snipernet.us
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.yoursitebar.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: *.adextension.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.proben.nu (HKLM)
O15 - Trusted Zone: *.snet.ms (HKLM)
O15 - Trusted Zone: *.snet.tc (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.zango.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177413760234
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A52E0A1-DADB-438C-A848-769E1E20F68D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: dvdabr - C:\WINDOWS\inf\dvdabr.dll (file missing)
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O21 - SSODL: msvb - {C66ACD7D-AC93-490F-B05E-C0E7FC89E418} - C:\WINDOWS\msvb.dll (file missing)
O21 - SSODL: sysdx - {099FABF5-744E-4A87-B5D8-2E360EA78C9D} - C:\WINDOWS\sysdx.dll (file missing)
O22 - SharedTaskScheduler: (no name) - {C569B8DA-D929-4c57-9ADD-C071C13C1FAD} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 25137 bytes
 
Download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Click to expand...

That log should be in the folder on your Desktop where you installed combofix. I need to see that log before I proceed.

Thanks
 
I can't find any text files in the combofix folder, but again when I ran combofix, I left and when I came back the screen didn't have anything on it but the backround so I restarted the computer. I don't know if it didn't save or what but there is no log for combofix. I could run it again if you want.
 
If you do not have the time to work on the instructions I give you and to stay with the computer while these tools run so you can post the logs I require, please do not start the instructions. A new combofix log will not show anything it removed the first time.

Please run it again and post the log it creates, read and follow the directions exactly.

Thanks
 
combofix log

ComboFix 07-10-12.4 - Jesse 2007-10-13 19:29:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.263 [GMT -5:00]
Running from: C:\Documents and Settings\Jesse\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Programs.\AntiSpywareBot
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\DataBase.ref
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 07 - 08_18_28 PM_609.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 07 - 08_19_10 PM_812.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 07 - 08_39_33 PM_640.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 08 - 01_02_04 PM_687.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 08 - 03_00_08 AM_953.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 08 - 03_00_28 AM_546.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Log\2007 Oct 08 - 04_05_01 PM_890.log
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Jesse\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Jesse\Application Data\RACLE~1
C:\Documents and Settings\Jesse\Desktop\Error Cleaner.url
C:\Documents and Settings\Jesse\Desktop\Privacy Protector.url
C:\Documents and Settings\Jesse\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Jesse\Favorites\Error Cleaner.url
C:\Documents and Settings\Jesse\Favorites\Privacy Protector.url
C:\Documents and Settings\Jesse\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Jesse\My Documents\ICROSO~1
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\racle~1
C:\WINDOWS\dat.txt
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0000
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0001
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0002
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0003
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0004
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0005
C:\WINDOWS\dobe~1\DOBE~1\ctxad-426.0006
C:\WINDOWS\fnts~1
C:\WINDOWS\msvb.dll
C:\WINDOWS\netadv.dll
C:\WINDOWS\racle~1
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\sysdx.dll
C:\WINDOWS\system32\_002580_.tmp.dll
C:\WINDOWS\system32\_002748_.tmp.dll
C:\WINDOWS\system32\_002749_.tmp.dll
C:\WINDOWS\system32\_002754_.tmp.dll
C:\WINDOWS\system32\_002755_.tmp.dll
C:\WINDOWS\system32\_002756_.tmp.dll
C:\WINDOWS\system32\_002757_.tmp.dll
C:\WINDOWS\system32\_002764_.tmp.dll
C:\WINDOWS\system32\_002765_.tmp.dll
C:\WINDOWS\system32\_002766_.tmp.dll
C:\WINDOWS\system32\_002768_.tmp.dll
C:\WINDOWS\system32\_002769_.tmp.dll
C:\WINDOWS\system32\_002772_.tmp.dll
C:\WINDOWS\system32\_002773_.tmp.dll
C:\WINDOWS\system32\_002775_.tmp.dll
C:\WINDOWS\system32\_002776_.tmp.dll
C:\WINDOWS\system32\_002777_.tmp.dll
C:\WINDOWS\system32\_002779_.tmp.dll
C:\WINDOWS\system32\_002780_.tmp.dll
C:\WINDOWS\system32\_002782_.tmp.dll
C:\WINDOWS\system32\_002783_.tmp.dll
C:\WINDOWS\system32\_002786_.tmp.dll
C:\WINDOWS\system32\_002787_.tmp.dll
C:\WINDOWS\system32\_002789_.tmp.dll
C:\WINDOWS\system32\_002792_.tmp.dll
C:\WINDOWS\system32\_002794_.tmp.dll
C:\WINDOWS\system32\_002795_.tmp.dll
C:\WINDOWS\system32\_002796_.tmp.dll
C:\WINDOWS\system32\_002797_.tmp.dll
C:\WINDOWS\system32\_002800_.tmp.dll
C:\WINDOWS\system32\_002802_.tmp.dll
C:\WINDOWS\system32\_002803_.tmp.dll
C:\WINDOWS\system32\_002804_.tmp.dll
C:\WINDOWS\system32\_002808_.tmp.dll
C:\WINDOWS\system32\_002824_.tmp.dll
C:\WINDOWS\system32\_002825_.tmp.dll
C:\WINDOWS\system32\_002826_.tmp.dll
C:\WINDOWS\system32\_002827_.tmp.dll
C:\WINDOWS\system32\_002832_.tmp.dll
C:\WINDOWS\system32\_002833_.tmp.dll
C:\WINDOWS\system32\_002834_.tmp.dll
C:\WINDOWS\system32\_002835_.tmp.dll
C:\WINDOWS\system32\_002842_.tmp.dll
C:\WINDOWS\system32\_002843_.tmp.dll
C:\WINDOWS\system32\_002844_.tmp.dll
C:\WINDOWS\system32\_002846_.tmp.dll
C:\WINDOWS\system32\_002847_.tmp.dll
C:\WINDOWS\system32\_002850_.tmp.dll
C:\WINDOWS\system32\_002851_.tmp.dll
C:\WINDOWS\system32\_002853_.tmp.dll
C:\WINDOWS\system32\_002854_.tmp.dll
C:\WINDOWS\system32\_002855_.tmp.dll
C:\WINDOWS\system32\_002857_.tmp.dll
C:\WINDOWS\system32\_002858_.tmp.dll
C:\WINDOWS\system32\_002860_.tmp.dll
C:\WINDOWS\system32\_002861_.tmp.dll
C:\WINDOWS\system32\_002864_.tmp.dll
C:\WINDOWS\system32\_002865_.tmp.dll
C:\WINDOWS\system32\_002867_.tmp.dll
C:\WINDOWS\system32\_002870_.tmp.dll
C:\WINDOWS\system32\_002872_.tmp.dll
C:\WINDOWS\system32\_002873_.tmp.dll
C:\WINDOWS\system32\_002874_.tmp.dll
C:\WINDOWS\system32\_002875_.tmp.dll
C:\WINDOWS\system32\_002878_.tmp.dll
C:\WINDOWS\system32\_002879_.tmp.dll
C:\WINDOWS\system32\_002880_.tmp.dll
C:\WINDOWS\system32\_002881_.tmp.dll
C:\WINDOWS\system32\_002882_.tmp.dll
C:\WINDOWS\system32\_002887_.tmp.dll
C:\WINDOWS\system32\_002888_.tmp.dll
C:\WINDOWS\system32\_002889_.tmp.dll
C:\WINDOWS\system32\_002890_.tmp.dll
C:\WINDOWS\system32\_002897_.tmp.dll
C:\WINDOWS\system32\_002898_.tmp.dll
C:\WINDOWS\system32\_002899_.tmp.dll
C:\WINDOWS\system32\_002901_.tmp.dll
C:\WINDOWS\system32\_002902_.tmp.dll
C:\WINDOWS\system32\_002905_.tmp.dll
C:\WINDOWS\system32\_002906_.tmp.dll
C:\WINDOWS\system32\_002908_.tmp.dll
C:\WINDOWS\system32\_002909_.tmp.dll
C:\WINDOWS\system32\_002910_.tmp.dll
C:\WINDOWS\system32\_002912_.tmp.dll
C:\WINDOWS\system32\_002913_.tmp.dll
C:\WINDOWS\system32\_002915_.tmp.dll
C:\WINDOWS\system32\_002916_.tmp.dll
C:\WINDOWS\system32\_002919_.tmp.dll
C:\WINDOWS\system32\_002920_.tmp.dll
C:\WINDOWS\system32\_002922_.tmp.dll
C:\WINDOWS\system32\_002925_.tmp.dll
C:\WINDOWS\system32\_002927_.tmp.dll
C:\WINDOWS\system32\_002928_.tmp.dll
C:\WINDOWS\system32\_002929_.tmp.dll
C:\WINDOWS\system32\_002930_.tmp.dll
C:\WINDOWS\system32\_002933_.tmp.dll
C:\WINDOWS\system32\_002935_.tmp.dll
C:\WINDOWS\system32\_002936_.tmp.dll
C:\WINDOWS\system32\_002937_.tmp.dll
C:\WINDOWS\system32\_002941_.tmp.dll
C:\WINDOWS\system32\_002943_.tmp.dll
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\wnstsit.exe
C:\WINDOWS\system32\wnstsit.exe
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-13 18:02 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-10-13 16:38 15,486 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-10-13 16:37 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-10-13 16:37 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-10-13 16:37 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-10-13 16:37 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-10-13 16:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 23:46 <DIR> d-------- C:\Program Files\Dynamic Toolbar
2007-10-08 20:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-08 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-08 18:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-10-08 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 14:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-10-08 12:13 <DIR> d-------- C:\Program Files\CCleaner
2007-10-08 12:05 <DIR> d-------- C:\WINDOWS\pss
2007-10-07 20:26 164 --a------ C:\install.dat
2007-10-07 20:23 <DIR> d-------- C:\Documents and Settings\Jesse\Application Data\GetRightToGo
2007-10-07 17:56 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-07 13:05 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-10-07 13:03 <DIR> d-------- C:\mcafee_mcpr
2007-10-07 13:03 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-10-07 13:03 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-10-07 13:03 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-10-07 13:03 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-10-07 13:03 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-10-07 13:03 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-10-07 13:02 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-07 13:01 <DIR> d-------- C:\Program Files\McAfee
2007-10-07 01:47 <DIR> d-------- C:\Program Files\SystemDefender
2007-10-07 01:40 258,048 --a------ C:\WINDOWS\bndsrdkq.dll
2007-09-27 05:47 <DIR> d-------- C:\Program Files\InterActual
2007-09-22 22:55 <DIR> d-------- C:\Program Files\1964
2007-09-22 22:26 <DIR> d-------- C:\SSF_009_prototype
2007-09-18 18:36 <DIR> d-------- C:\Documents and Settings\Jesse\Application Data\Reno 911 Paintball

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 21:00 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Free Download Manager
2007-10-08 19:19 --------- d-----w C:\Program Files\QuickTime
2007-10-08 19:19 --------- d-----w C:\Program Files\AIM
2007-10-07 20:13 --------- d-----w C:\Program Files\8w6fbfy3
2007-10-07 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-07 18:00 --------- d-----w C:\Program Files\McAfee.com
2007-10-07 17:59 --------- d-----w C:\Program Files\Common Files\aol
2007-10-07 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-07 17:56 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AOL
2007-10-06 23:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-01 09:21 --------- d-----w C:\Program Files\Veoh Networks
2007-09-01 03:43 --------- d-----w C:\Program Files\DivX
2007-08-30 21:10 --------- d-----w C:\Program Files\ICOO Loader
2007-08-30 20:55 --------- d-----w C:\Program Files\MUSICMATCH
2007-08-30 11:25 28,276 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-08-30 01:28 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AdobeUM
2007-08-28 01:15 --------- d-----w C:\Documents and Settings\Jesse\Application Data\DivX
2007-02-22 14:48 55,808 ----a-w C:\Documents and Settings\Jesse\Application Data\GDIPFONTCACHEV1.DAT
2005-09-23 17:54 413,937 --sh--w C:\WINDOWS\INF\rbadvd.ini2
2005-09-23 00:04 412,687 --sh--w C:\WINDOWS\INF\rbadvd.bak2
2005-09-21 01:23 414,674 --sh--w C:\WINDOWS\INF\rbadvd.bak1
2004-03-01 10:22 4 ----a-w C:\Documents and Settings\Jesse\FO933.DAT
2003-12-04 02:50 16,251,072 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2003-11-19 18:12 531,513 ----a-w C:\Program Files\schreckermccarthy.pdf
2003-11-17 01:39 78,244 ----a-w C:\Program Files\Experiment11_2.pdf
2003-11-17 01:37 173,534 ----a-w C:\Program Files\experiment11_1.pdf
2003-10-27 19:24 809 ----a-w C:\Program Files\INSTALL.LOG
2005-09-21 01:23:32 414,674 --sh--w C:\WINDOWS\INF\rbadvd.bak1
2005-09-23 00:04:07 412,687 --sh--w C:\WINDOWS\INF\rbadvd.bak2
2005-09-23 17:54:11 413,937 --sh--w C:\WINDOWS\INF\rbadvd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B19F2E-09BC-47CF-A709-13B50B4620FC}]
C:\Program Files\CSBB\CSBB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{359F6495-6D24-4B75-8D8C-95F2DD94A24E}]
C:\Program Files\CSBB\CSBB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9150711-B448-4878-9AF7-68C82CAD8000}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC9CEDCC-7F9F-48E9-B9C1-1FA7962A73C1}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF1BA546-A930-43E8-863D-9D39B1E6F976}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2365BA4-8E86-49F8-9C15-DA6600D3D79E}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C347A0AC-42B4-4E3E-9867-2412512A3D24}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C561ABA5-B6A0-46D9-9ECC-2F6F08D48824}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDA7FABE-7142-4004-845E-8AA884E529A8}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D36E8104-E529-4A76-9DE9-0BC52F11C8D0}]
C:\Program Files\CSBB\CSBB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8808CC7-CE3E-4FC7-A0B2-65DCB8F91ABF}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED182F32-4A69-4F63-B894-B69022344DAD}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA67E157-C26C-4019-B3C8-BE9FE91B226A}]
C:\Program Files\8w6fbfy3\8w6fbfy3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="RUNDLL32.exe" [2002-08-29 05:00
 
combofix continued

C:\WINDOWS\SYSTEM32\rundll32.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 18:22]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 03:50]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\conmgr.exe" [2002-01-03 23:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"WebScan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-09-17 12:05]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 07:21]
"DeadAIM"="rundll32.exe" [2002-08-29 05:00 C:\WINDOWS\SYSTEM32\rundll32.exe]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" []
"lxbfrd"="C:\WINDOWS\System32\vtlgqw.exe" []
"hnvy"="C:\WINDOWS\System32\ichop.exe" []
"uykkyrz"="C:\WINDOWS\System32\qfqgwyt.exe" []
"kwnh"="C:\WINDOWS\System32\oegczuz.exe" []
"dfie"="C:\WINDOWS\System32\cvpixdeu.exe" []
"nnlxvoy"="C:\WINDOWS\System32\equsyw.exe" []
"cksob"="C:\WINDOWS\System32\rlpdhsh.exe" []
"yaormqa"="C:\WINDOWS\System32\qesjc.exe" []
"gqiuyx"="C:\WINDOWS\System32\khlasjm.exe" []
"wwsyy"="C:\WINDOWS\System32\gquncixs.exe" []
"vyhv"="C:\WINDOWS\System32\dhsiwdeh.exe" []
"iukl"="C:\WINDOWS\System32\fsmgq.exe" []
"wlhwdp"="C:\WINDOWS\System32\rctwlkcf.exe" []
"ljat"="C:\WINDOWS\System32\reorhqq.exe" []
"bdzr"="C:\WINDOWS\System32\chtkh.exe" []
"yeue"="C:\WINDOWS\System32\xitvso.exe" []
"gkprgs"="C:\WINDOWS\System32\reeytzt.exe" []
"zxeor"="C:\WINDOWS\System32\bhswnk.exe" []
"zuybvka"="C:\WINDOWS\System32\wdkzhue.exe" []
"zgbjs"="C:\WINDOWS\System32\dmnplb.exe" []
"ebujbxl"="C:\WINDOWS\System32\fgsam.exe" []
"sqhxjnwf"="C:\WINDOWS\System32\qtpqsqz.exe" []
"grow"="C:\WINDOWS\System32\cpitubvt.exe" []
"zaapllqc"="C:\WINDOWS\System32\xmdcppxr.exe" []
"sugqy"="C:\WINDOWS\System32\osppozy.exe" []
"qaqrxgv"="C:\WINDOWS\System32\oqltbu.exe" []
"nrroyj"="C:\WINDOWS\System32\qlzl.exe" []
"gtpg"="C:\WINDOWS\System32\lfqwa.exe" []
"oimchl"="C:\WINDOWS\System32\oivhbjru.exe" []
"awqxd"="C:\WINDOWS\System32\saywi.exe" []
"mdptsz"="C:\WINDOWS\System32\bygltvcz.exe" []
"kfmit"="C:\WINDOWS\System32\ypdgoqio.exe" []
"abvfahbu"="C:\WINDOWS\System32\wzuhybb.exe" []
"cxridkkg"="C:\WINDOWS\System32\okzivf.exe" []
"peyxtc"="C:\WINDOWS\System32\hgqiwxbw.exe" []
"exwdz"="C:\WINDOWS\System32\jjvbxpu.exe" []
"qvwlyhn"="C:\WINDOWS\System32\zjnbo.exe" []
"btymsm"="C:\WINDOWS\System32\gmuemk.exe" []
"gdtve"="C:\WINDOWS\System32\wsilhs.exe" []
"dhhsja"="C:\WINDOWS\System32\oezkcyu.exe" []
"jmtuik"="C:\WINDOWS\System32\kjwdz.exe" []
"capcli"="C:\WINDOWS\System32\vdcwactf.exe" []
"mwaqv"="C:\WINDOWS\System32\eqcxjoqw.exe" []
"nafv"="C:\WINDOWS\System32\admwgfnb.exe" []
"rbjri"="C:\WINDOWS\System32\dctkolj.exe" []
"uofjbwt"="C:\WINDOWS\System32\fwzcp.exe" []
"rjmzvp"="c:\windows\system32\rjmzvp.exe" []
"juoob"="C:\WINDOWS\System32\rcexejtt.exe" []
"ufrms"="C:\WINDOWS\System32\bxjpfc.exe" []
"cwnb"="C:\WINDOWS\System32\pkxz.exe" []
"biynop"="C:\WINDOWS\System32\rjwfyxh.exe" []
"gvnb"="C:\WINDOWS\System32\kgyyjvq.exe" []
"bzafkzh"="C:\WINDOWS\System32\ubpf.exe" []
"pyzt"="C:\WINDOWS\System32\tvrfg.exe" []
"xghgws"="C:\WINDOWS\System32\bzyzezf.exe" []
"szlw"="C:\WINDOWS\System32\nxld.exe" []
"wnau"="C:\WINDOWS\System32\knjz.exe" []
"iyqpys"="C:\WINDOWS\System32\llkg.exe" []
"xjllnegx"="C:\WINDOWS\System32\mcccoor.exe" []
"ojyv"="C:\WINDOWS\System32\noxmhj.exe" []
"cccwy"="C:\WINDOWS\System32\cdkj.exe" []
"cgbpczf"="C:\WINDOWS\System32\udbslo.exe" []
"wilskamx"="C:\WINDOWS\System32\bbjwck.exe" []
"bcung"="C:\WINDOWS\System32\oythwvar.exe" []
"swyws"="C:\WINDOWS\System32\yarvm.exe" []
"StopSignSsTsMon"="Rundll32.exe" [2002-08-29 05:00 C:\WINDOWS\SYSTEM32\rundll32.exe]
"ajpylew"="C:\WINDOWS\System32\jjuvp.exe" []
"eehku"="C:\WINDOWS\System32\bvsvwy.exe" []
"cqkg"="C:\WINDOWS\System32\hjree.exe" []
"ylfrzafc"="C:\WINDOWS\System32\lkwdw.exe" []
"kuclsrh"="C:\WINDOWS\System32\adha.exe" []
"xymr"="C:\WINDOWS\System32\hwkoxfl.exe" []
"knprbopo"="C:\WINDOWS\System32\jecfw.exe" []
"pfoc"="C:\WINDOWS\System32\tzseszm.exe" []
"pebljl"="C:\WINDOWS\System32\ifcgzlni.exe" []
"hlrsyqa"="C:\WINDOWS\System32\tjlkgyj.exe" []
"ulvtjx"="C:\WINDOWS\System32\elrvh.exe" []
"smfcyruv"="C:\WINDOWS\System32\sftndqtz.exe" []
"vdtb"="C:\WINDOWS\System32\lzuuu.exe" []
"lixstrl"="C:\WINDOWS\System32\ytbh.exe" []
"spzjmny"="C:\WINDOWS\System32\nlomxp.exe" []
"dxjsfdn"="C:\WINDOWS\System32\vdst.exe" []
"hbyxbz"="C:\WINDOWS\System32\lzmo.exe" []
"ayyfrht"="C:\WINDOWS\System32\tkrl.exe" []
"uhhrkzvm"="C:\WINDOWS\System32\ogkodk.exe" []
"dlwhoh"="C:\WINDOWS\System32\hqzaxcr.exe" []
"friaba"="C:\WINDOWS\System32\cfnstj.exe" []
"jhqmbd"="C:\WINDOWS\System32\qbcin.exe" []
"utqiz"="C:\WINDOWS\System32\bdhbobui.exe" []
"tncsm"="C:\WINDOWS\System32\vwneg.exe" []
"vflrjgsg"="C:\WINDOWS\System32\oqfgxs.exe" []
"sdjt"="C:\WINDOWS\System32\lgdbzv.exe" []
"iitg"="C:\WINDOWS\System32\uklrvc.exe" []
"fgrikz"="C:\WINDOWS\System32\rajnqy.exe" []
"eanth_system_patcher"="C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" []
"stlaaymn"="C:\WINDOWS\System32\zyfjw.exe" []
"ldnz"="C:\WINDOWS\System32\bakt.exe" []
"qorpkjxv"="C:\WINDOWS\System32\hwwhgj.exe" []
"jxfhrhxk"="C:\WINDOWS\System32\xtqwgrjw.exe" []
"vzcd"="C:\WINDOWS\System32\aygmwydh.exe" []
"fgeonihv"="C:\WINDOWS\System32\glybj.exe" []
"ofxaupfs"="C:\WINDOWS\System32\thieldi.exe" []
"ajctdbws"="C:\WINDOWS\System32\fyffwrie.exe" []
"aneglun"="C:\WINDOWS\System32\kwvu.exe" []
"dtbw"="C:\WINDOWS\System32\hvtq.exe" []
"fhsgj"="C:\WINDOWS\System32\xxkwspa.exe" []
"dfudgnut"="C:\WINDOWS\System32\vvisnsg.exe" []
"vqzwgvil"="C:\WINDOWS\System32\xmmyupib.exe" []
"yyhvi"="C:\WINDOWS\System32\myba.exe" []
"vzrzzi"="C:\WINDOWS\System32\qawlrigr.exe" []
"swyph"="C:\WINDOWS\System32\xmdo.exe" []
"wylmsn"="C:\WINDOWS\System32\jjeeqqr.exe" []
"bngyo"="C:\WINDOWS\System32\wfxh.exe" []
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2006-10-20 19:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-28 00:31]
"zhqyqu"="C:\WINDOWS\System32\hhovkgv.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24]
"DaemonTools_WhenUSave_Installer"="C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe" []
"BCMSMMSG"="BCMSMMSG.exe" [2003-02-24 18:34 C:\WINDOWS\BCMSMMSG.exe]
"}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe"="C:\WINDOWS\tulrdfur.exe" []
"}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe"="C:\WINDOWS\tulrdfur.exe" []
"MSRegSvc"="C:\WINDOWS\System32\regsvc32.exe" []
"EanthologyApp"="C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.exe" []
"eanth_critical_update_alert"="C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.exe" []
"spywarebot"="C:\Program Files\SpywareBot\SpywareBot.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Terminate Popup"="C:\Program Files\Free-Popup-Killer\fpuk.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 10:31]
"iqiz"="C:\PROGRA~1\COMMON~1\iqiz\iqizm.exe" []
"Tgatngd"="C:\Documents and Settings\Jesse\Application Data\?racle\w?wexec.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2003-08-13 15:44:17]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvdabr]
C:\WINDOWS\inf\dvdabr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
"Notification Packages"= scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\System32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\System32\drivers\UdfReadr_xp.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\System32\DRIVERS\BCMSM.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\System32\drivers\EntDrv51.sys
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\System32\DRIVERS\tap0801co.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 21:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-07 18:03:06 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-10-07 18:03:05 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 19:35:33
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"}ïÁzî[8C:\\Program Files\\ISTsvc\\istsvc.exe\""="C:\\WINDOWS\\tulrdfur.exe"
"}ïÁzîžigÝC:\\Program Files\\ISTsvc\\istsvc.exe\""="C:\\WINDOWS\\tulrdfur.exe"
.
Completion time: 2007-10-13 19:38:45 - machine was rebooted
.
--- E O F ---
 
You must log in or register to reply here.
Back
Top