Browsers Hijacked To Search.findwhatevernow.com

[angeloftheflames]

Logfile of HijackThis v1.98.2

Scan saved at 8:53:12 PM, on 12/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Documents and Settings\Morning Star\Application Data\swnr.exe

C:\PROGRA~1\Serv-U\ServUDaemon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\MORNIN~1\LOCALS~1\Temp\Rar$EX00.323\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe

O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[angeloftheflames]

Logfile of HijackThis v1.98.2

Scan saved at 9:35:53 PM, on 12/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Documents and Settings\Morning Star\Application Data\swnr.exe

C:\PROGRA~1\Serv-U\ServUDaemon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe

O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[Dragon]

You have a Large Amount of Trojans and Viruses on Your Computer.

Download a Free Trial of Trojan Hunter at http://www.misec.net/products/TrojanHunter.exe first. Next, take a free Online Virus scan at http://www.housecall.trendmicro.com or http://www3.ca.com/virusinfo/virusscan.aspx. After this, Reboot and Post a fresh HijackThis log.

We still have a long way to go.

[angeloftheflames]

Logfile of HijackThis v1.98.2

Scan saved at 9:56:36 PM, on 12/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Documents and Settings\Morning Star\Application Data\swnr.exe

C:\PROGRA~1\Serv-U\ServUDaemon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe

O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[angeloftheflames]

Logfile of HijackThis v1.98.2

Scan saved at 10:26:12 AM, on 12/8/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Documents and Settings\Morning Star\Application Data\swnr.exe

C:\PROGRA~1\Serv-U\ServUDaemon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\mIRC\mirc.exe

C:\WINDOWS\winampa.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.0\THGuard.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe

O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[Besttechie]

Hi,

Please be patient. Efwis will be back to finish your log as soon as possible.

B

[Dragon]

Hello sorry for the delay;

Please look over the Following Entries I have listed, run Hijack This again and check them and then, making sure you have No Internet Explorer Windows open, including this one, Press the "Fix Checked" Button with HijackThis.

Reboot If I have specified below, and Post a Fresh HijackThis log.

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe

did you set these up? if not go ahead and click on these and fix them too.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After this, Reboot and Delete the following files:

C:\WINDOWS\System32\sdq.dll

C:\PROGRA~1\NEWDOT~1

C:\Documents and Settings\Morning Star

Note: Make sure you have Set Windows to show Hidden Files & Folders before you Start Sending Them to us For Analysis, or you're deleting them. This can be done by looking at the instructions at This Webpage http://www.xtra.co.nz/help/0,,4155-1916458,00.html

To Delete These Files/Folders, You Will need to Boot into Safe Mode. This can be done by tapping F8 while your machine restarts.

Then reboot into normal mode and post a new Hijack this log.

[angeloftheflames]

Thanks for posting Efwis, my browser is fixed but if you see anything more please tell me so i can remove it

Logfile of HijackThis v1.98.2

Scan saved at 4:43:01 PM, on 12/9/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\eMule\eMule.exe

C:\PROGRA~1\Serv-U\ServUDaemon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[Dragon]

fixing via chatroom at #killspyware

[angeloftheflames]

Logfile of HijackThis v1.98.2

Scan saved at 11:25:08 PM, on 12/9/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\eMule\eMule.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[Dragon]

Your Log is Clean, But You Need to Update Windows and IE to get all the Latest Security Patches that Protects Your Computer.

This can be accessed by going to http://www.windowsupdate.com/ and following the prompts Get SP2.

For Future Protection

Download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD

Both are very small free programs that you run once, and then just occasionally to check for updates.

And also see

So how did I get infected in the first place?

[Dragon]

As it seems that this is straightened out, i am locking this thread. If you need this thread re-opened please contact a moderator with a link to this thread to have it reopened.

If this is not your thread, please start a new topic

Thank you

[Psykel]

there seem,s to be anohter problem so Im gonna take over..

[angeloftheflames]

Logfile of HijackThis v1.98.2

Scan saved at 6:40:46 PM, on 12/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\CTSvcCDA.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\AIM\aim.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186

[angeloftheflames]

127.0.0.1 localhost

127.0.0.1 www.doubleclick.net

127.0.0.1 ad.preferances.com

127.0.0.1 ad.doubleclick.com

127.0.0.1 ads.web.aol.com

127.0.0.1 ad.doubleclick.net

127.0.0.1 ad.preferences.com

127.0.0.1 ad.washingtonpost.com

127.0.0.1 adpick.switchboard.com

127.0.0.1 ads.doubleclick.com

127.0.0.1 ads.infospace.com

127.0.0.1 ads.msn.com

127.0.0.1 ads.switchboard.com

127.0.0.1 ads.enliven.com

127.0.0.1 oz.valueclick.com

127.0.0.1 doubleclick.net

127.0.0.1 ads.doubleclick.net

127.0.0.1 ad2.doubleclick.net

127.0.0.1 ad3.doubleclick.net

127.0.0.1 ad4.doubleclick.net

127.0.0.1 ad5.doubleclick.net

127.0.0.1 ad6.doubleclick.net

127.0.0.1 ad7.doubleclick.net

127.0.0.1 ad8.doubleclick.net

127.0.0.1 ad9.doubleclick.net

127.0.0.1 ad10.doubleclick.net

127.0.0.1 ad11.doubleclick.net

127.0.0.1 ad12.doubleclick.net

127.0.0.1 ad13.doubleclick.net

127.0.0.1 ad14.doubleclick.net

127.0.0.1 ad15.doubleclick.net

127.0.0.1 ad16.doubleclick.net

127.0.0.1 ad17.doubleclick.net

127.0.0.1 ad18.doubleclick.net

127.0.0.1 ad19.doubleclick.net

127.0.0.1 ad20.doubleclick.net

127.0.0.1 ad.ch.doubleclick.net

127.0.0.1 ad.linkexchange.com

127.0.0.1 banner.linkexchange.com

127.0.0.1 ads*.focalink.com

127.0.0.1 ads.imdb.com

127.0.0.1 commonwealth.riddler.com

127.0.0.1 globaltrak.net

127.0.0.1 nrsite.com

127.0.0.1 www.nrsite.com

127.0.0.1 ad-up.com

127.0.0.1 ad.adsmart.net

127.0.0.1 ad.atlas.cz

127.0.0.1 ad.blm.net

127.0.0.1 ad.dogpile.com

127.0.0.1 ad.infoseek.com

127.0.0.1 ad.net-service.de

127.0.0.1 ad.preferences.com

127.0.0.1 ad.vol.at

127.0.0.1 adbot.com

127.0.0.1 adbureau.net

127.0.0.1 adcount.hollywood.com

127.0.0.1 add.yaho.com

127.0.0.1 adex3.flycast.com

127.0.0.1 adforce.adtech.de

127.0.0.1 adforce.imgis.com

127.0.0.1 adimage.blm.net

127.0.0.1 adlink.deh.de

127.0.0.1 ads.criticalmass.com

127.0.0.1 ads.csi.emcweb.com

127.0.0.1 ads.filez.com

127.0.0.1 ads.imagine-inc.com

127.0.0.1 ads.imdb.com

127.0.0.1 ads.infospace.com

127.0.0.1 ads.jwtt3.com

127.0.0.1 ads.mirrormedia.co.uk

127.0.0.1 ads.msn.com

127.0.0.1 ads.narrowline.com

127.0.0.1 ads.newcitynet.com

127.0.0.1 ads.realcities.com

127.0.0.1 ads.realmedia.com

127.0.0.1 ads.switchboard.com

127.0.0.1 ads.tripod.com

127.0.0.1 ads.usatoday.com

127.0.0.1 ads.washingtonpost.com

127.0.0.1 ads.web.de

127.0.0.1 ads.web21.com

127.0.0.1 adserv.newcentury.net

127.0.0.1 adservant.guj.de

127.0.0.1 adservant.mediapoint.de

127.0.0.1 adserver-espnet.sportszone.com

127.0.0.1 advert.heise.de

127.0.0.1 banners.internetextra.com

127.0.0.1 bannerswap.com

127.0.0.1 dino.mainz.ibm.de

127.0.0.1 ganges.imagine-inc.com

127.0.0.1 globaltrack.com

127.0.0.1 207-87-18-203.wsmg.digex.net

127.0.0.1 garden.ngadcenter.net

127.0.0.1 ogilvy.ngadcenter.net

127.0.0.1 responsemedia-ad.flycast.com

127.0.0.1 suissa-ad.flycast.com

127.0.0.1 ugo.eu-adcenter.net

127.0.0.1 vnu.eu-adcenter.net

127.0.0.1 ad-adex3.flycast.com

127.0.0.1 ad.adsmart.net

127.0.0.1 ad.ca.doubleclick.net

127.0.0.1 ad.de.doubleclick.net

127.0.0.1 ad.fr.doubleclick.net

127.0.0.1 ad.jp.doubleclick.net

127.0.0.1 ad.linkexchange.com

127.0.0.1 ad.linksynergy.com

127.0.0.1 ad.nl.doubleclick.net

127.0.0.1 ad.no.doubleclick.net

127.0.0.1 ad.sma.punto.net

127.0.0.1 ad.uk.doubleclick.net

127.0.0.1 ad.webprovider.com

127.0.0.1 ad08.focalink.com

127.0.0.1 adcontroller.unicast.com

127.0.0.1 adcreatives.imaginemedia.com

127.0.0.1 adforce.ads.imgis.com

127.0.0.1 adforce.imgis.com

127.0.0.1 adfu.blockstackers.com

127.0.0.1 adimages.earthweb.com

127.0.0.1 adimg.egroups.com

127.0.0.1 admedia.xoom.com

127.0.0.1 adremote.pathfinder.com

127.0.0.1 ads.admaximize.com

127.0.0.1 ads.bfast.com

127.0.0.1 ads.clickhouse.com

127.0.0.1 ads.fairfax.com.au

127.0.0.1 ads.fool.com

127.0.0.1 ads.freshmeat.net

127.0.0.1 ads.hollywood.com

127.0.0.1 ads.i33.com

127.0.0.1 ads.infi.net

127.0.0.1 ads.link4ads.com

127.0.0.1 ads.lycos.com

127.0.0.1 ads.madison.com

127.0.0.1 ads.mediaodyssey.com

127.0.0.1 ads.msn.com

127.0.0.1 ads.ninemsn.com.au

127.0.0.1 ads.seattletimes.com

127.0.0.1 ads.smartclicks.com

127.0.0.1 ads.smartclicks.net

127.0.0.1 ads.sptimes.com

127.0.0.1 ads.web.aol.com

127.0.0.1 ads.x10.com

127.0.0.1 ads.xtra.co.nz

127.0.0.1 ads.zdnet.com

127.0.0.1 ads01.focalink.com

127.0.0.1 ads02.focalink.com

127.0.0.1 ads03.focalink.com

127.0.0.1 ads04.focalink.com

127.0.0.1 ads05.focalink.com

127.0.0.1 ads06.focalink.com

127.0.0.1 ads08.focalink.com

127.0.0.1 ads09.focalink.com

127.0.0.1 ads1.activeagent.at

127.0.0.1 ads10.focalink.com

127.0.0.1 ads11.focalink.com

127.0.0.1 ads12.focalink.com

127.0.0.1 ads14.focalink.com

127.0.0.1 ads16.focalink.com

127.0.0.1 ads17.focalink.com

127.0.0.1 ads18.focalink.com

127.0.0.1 ads19.focalink.com

127.0.0.1 ads2.zdnet.com

127.0.0.1 ads20.focalink.com

127.0.0.1 ads21.focalink.com

127.0.0.1 ads22.focalink.com

127.0.0.1 ads23.focalink.com

127.0.0.1 ads24.focalink.com

127.0.0.1 ads25.focalink.com

127.0.0.1 ads3.zdnet.com

127.0.0.1 ads5.gamecity.net

127.0.0.1 adserv.iafrica.com

127.0.0.1 adserv.quality-channel.de

127.0.0.1 adserver.dbusiness.com

127.0.0.1 adserver.garden.com

127.0.0.1 adserver.janes.com

127.0.0.1 adserver.merc.com

127.0.0.1 adserver.monster.com

127.0.0.1 adserver.track-star.com

127.0.0.1 adserver1.ogilvy-interactive.de

127.0.0.1 adtegrity.spinbox.net

127.0.0.1 antfarm-ad.flycast.com

127.0.0.1 au.ads.link4ads.com

127.0.0.1 banner.media-system.de

127.0.0.1 banner.orb.net

127.0.0.1 banner.relcom.ru

127.0.0.1 banners.easydns.com

127.0.0.1 banners.looksmart.com

127.0.0.1 banners.wunderground.com

127.0.0.1 barnesandnoble.bfast.com

127.0.0.1 beseenad.looksmart.com

127.0.0.1 bizad.nikkeibp.co.jp

127.0.0.1 bn.bfast.com

127.0.0.1 c3.xxxcounter.com

127.0.0.1 califia.imaginemedia.com

127.0.0.1 cds.mediaplex.com

127.0.0.1 click.avenuea.com

127.0.0.1 click.go2net.com

127.0.0.1 click.linksynergy.com

127.0.0.1 cookies.cmpnet.com

127.0.0.1 cornflakes.pathfinder.com

127.0.0.1 counter.hitbox.com

127.0.0.1 crux.songline.com

127.0.0.1 erie.smartage.com

127.0.0.1 etad.telegraph.co.uk

127.0.0.1 fp.valueclick.com

127.0.0.1 gadgeteer.pdamart.com

127.0.0.1 gm.preferences.com

127.0.0.1 gp.dejanews.com

127.0.0.1 hg1.hitbox.com

127.0.0.1 image.click2net.com

127.0.0.1 image.eimg.com

127.0.0.1 images2.nytimes.com

127.0.0.1 jobkeys.ngadcenter.net

127.0.0.1 kansas.valueclick.com

127.0.0.1 leader.linkexchange.com

127.0.0.1 liquidad.narrowcastmedia.com

127.0.0.1 ln.doubleclick.net

127.0.0.1 m.doubleclick.net

127.0.0.1 macaddictads.snv.futurenet.com

127.0.0.1 maximumpcads.imaginemedia.com

127.0.0.1 media.preferences.com

127.0.0.1 mercury.rmuk.co.uk

127.0.0.1 mojofarm.sjc.mediaplex.com

127.0.0.1 nbc.adbureau.net

127.0.0.1 newads.cmpnet.com

127.0.0.1 ng3.ads.warnerbros.com

127.0.0.1 ngads.smartage.com

127.0.0.1 nsads.hotwired.com

127.0.0.1 ntbanner.digitalriver.com

127.0.0.1 ph-ad05.focalink.com

127.0.0.1 ph-ad07.focalink.com

127.0.0.1 ph-ad16.focalink.com

127.0.0.1 ph-ad17.focalink.com

127.0.0.1 ph-ad18.focalink.com

127.0.0.1 realads.realmedia.com

127.0.0.1 redherring.ngadcenter.net

127.0.0.1 redirect.click2net.com

127.0.0.1 retaildirect.realmedia.com

127.0.0.1 s2.focalink.com

127.0.0.1 sh4sure-images.adbureau.net

127.0.0.1 spin.spinbox.net

127.0.0.1 static.admaximize.com

127.0.0.1 stats.superstats.com

127.0.0.1 sview.avenuea.com

127.0.0.1 thinknyc.eu-adcenter.net

127.0.0.1 tracker.clicktrade.com

127.0.0.1 tsms-ad.tsms.com

127.0.0.1 v0.extreme-dm.com

127.0.0.1 v1.extreme-dm.com

127.0.0.1 van.ads.link4ads.com

127.0.0.1 view.accendo.com

127.0.0.1 view.avenuea.com

127.0.0.1 w113.hitbox.com

127.0.0.1 w25.hitbox.com

127.0.0.1 web2.deja.com

127.0.0.1 webads.bizservers.com

127.0.0.1 www.postmasterbannernet.com

127.0.0.1 www.ad-up.com

127.0.0.1 www.admex.com

127.0.0.1 www.alladvantage.com

127.0.0.1 www.burstnet.com

127.0.0.1 www.commission-junction.com

127.0.0.1 www.eads.com

127.0.0.1 www.freestats.com

127.0.0.1 www.imaginemedia.com

127.0.0.1 www.netdirect.nl

127.0.0.1 www.oneandonlynetwork.com

127.0.0.1 www.targetshop.com

127.0.0.1 www.teknosurf2.com

127.0.0.1 www.teknosurf3.com

127.0.0.1 www.valueclick.com

127.0.0.1 www.websitefinancing.com

127.0.0.1 www2.burstnet.com

127.0.0.1 www4.trix.net

127.0.0.1 www80.valueclick.com

127.0.0.1 z.extreme-dm.com

127.0.0.1 z0.extreme-dm.com

127.0.0.1 z1.extreme-dm.com

127.0.0.1 ads.forbes.net

127.0.0.1 ads.newcity.com

127.0.0.1 ads.ign.com

127.0.0.1 adserver.ign.com

127.0.0.1 ads.scifi.com

127.0.0.1 adengine.theglobe.com

127.0.0.1 ads.tucows.com

127.0.0.1 adcontent.gamespy.com

127.0.0.1 ads4.advance.net

127.0.0.1 ads1.advance.net

127.0.0.1 eur.yimg.com

127.0.0.1 us.a1.yimg.com

127.0.0.1 ad.harmony-central.com

127.0.0.1 sg.yimg.com

127.0.0.1 adverity.adverity.com

127.0.0.1 ads.bloomberg.com

127.0.0.1 mojofarm.mediaplex.com

127.0.0.1 ads.mysimon.com

127.0.0.1 ad.img.yahoo.co.kr

127.0.0.1 adimages.go.com

127.0.0.1 kr-adimage.lycos.co.kr

127.0.0.1 ad.kimo.com.tw

127.0.0.1 ads.paxnet.co.kr

127.0.0.1 ads.paxnet.com

127.0.0.1 ads.eu.msn.com

127.0.0.1 ads.admonitor.net

127.0.0.1 wwa.hitbox.com

127.0.0.1 ads.nytimes.com

127.0.0.1 ads.erotism.com

127.0.0.1 banner.rootsweb.com

127.0.0.1 ads.ole.com

127.0.0.1 adimg1.chosun.com

127.0.0.1 ss.mtree.com

127.0.0.1 adpulse.ads.targetnet.com

127.0.0.1 adserver.ugo.com

127.0.0.1 ad.sales.olympics.com

127.0.0.1 m2.doubleclick.net

127.0.0.1 ph-ad21.focalink.com

127.0.0.1 focusin.ads.targetnet.com

127.0.0.1 www.datais.com

127.0.0.1 oas.mmd.ch

127.0.0.1 pub-g.ifrance.com

127.0.0.1 ads.bianca.com

127.0.0.1 wap.adlink.de

127.0.0.1 click.adlink.de

127.0.0.1 banner.adlink.de

127.0.0.1 hurricane.adlink.de

127.0.0.1 west.adlink.de

127.0.0.1 scand.adlink.de

127.0.0.1 regio.adlink.de

127.0.0.1 direct.adlink.de

127.0.0.1 classic.adlink.de

127.0.0.1 adlui001.adlink.de

127.0.0.1 banner1.adlink.de

127.0.0.1 click.mp3.com

127.0.0.1 adcodes.bla-bla.com

127.0.0.1 icover.realmedia.com

127.0.0.1 ca.fp.sandpiper.net

127.0.0.1 adfarm.mediaplex.com

127.0.0.1 ads.tmcs.net

127.0.0.1 amedia.techies.com

127.0.0.1 www.exchange-it.com

127.0.0.1 www.ad.tomshardware.com

127.0.0.1 ad.tomshardware.com

127.0.0.1 ads.currantbun.com

127.0.0.1 phoenix-adrunner.mycomputer.com

127.0.0.1 ads15.focalink.com

127.0.0.1 ads13.focalink.com

127.0.0.1 adserver.colleges.com

127.0.0.1 ads.nwsource.com

127.0.0.1 ads.guardianunlimited.co.uk

127.0.0.1 ads.newsint.co.uk

127.0.0.1 ads.starnews.com

127.0.0.1 www.linksynergy.com

127.0.0.1 ieee-images.adbureau.net

127.0.0.1 connect.247media.ads.link4ads.com

127.0.0.1 ads.newsdigital.net

127.0.0.1 arc5.msn.com

127.0.0.1 arc4.msn.com

127.0.0.1 arc3.msn.com

127.0.0.1 arc2.msn.com

127.0.0.1 arc1.msn.com

127.0.0.1 ads.discovery.com

127.0.0.1 im.800.com

127.0.0.1 img.cmpnet.com

127.0.0.1 ad7.internetadserver.com

127.0.0.1 ads.dai.net

127.0.0.1 ads.cbc.ca

127.0.0.1 www75.valueclick.com

127.0.0.1 ads.clearbluemedia.com

127.0.0.1 ti.click2net.com

127.0.0.1 www.onresponse.com

127.0.0.1 ads.list-universe.com

127.0.0.1 advert.bayarea.com

127.0.0.1 www3.pagecount.com

127.0.0.1 www.netsponsors.com

127.0.0.1 adthru.com

127.0.0.1 ads.newtimes.com

127.0.0.1 ads.ugo.com

127.0.0.1 ads.belointeractive.com

127.0.0.1 wwb.hitbox.com

127.0.0.1 comtrack.comclick.com

127.0.0.1 www.24pm-affiliation.com

127.0.0.1 www.click-fr.com

127.0.0.1 www.cibleclick.com

127.0.0.1 reply.mediatris.net

127.0.0.1 cgi.declicnet.com

127.0.0.1 pubs.mgn.net

127.0.0.1 ads.mcafee.com

127.0.0.1 ads1.ad-flow.com

127.0.0.1 ad.be.doubleclick.net

127.0.0.1 ad.adtraq.com

127.0.0.1 ad.sg.doubleclick.net

127.0.0.1 adpop.theglobe.com

127.0.0.1 ads-03.tor.focusin.ads.targetnet.com

127.0.0.1 ads.adflight.com

127.0.0.1 ads.detelefoongids.nl

127.0.0.1 ads.ecircles.com

127.0.0.1 ads.god.co.uk

127.0.0.1 ads.hyperbanner.net

127.0.0.1 ads.jpost.com

127.0.0.1 ads.netmechanic.com

127.0.0.1 ads.webcash.nl

127.0.0.1 adserver.netcast.nl

127.0.0.1 adserver.webads.com

127.0.0.1 adserver.webads.nl

127.0.0.1 adserver1.realtracker.com

127.0.0.1 adserver2.realtracker.com

127.0.0.1 adserver3.realtracker.com

127.0.0.1 delivery1.ads.telegraaf.nl

127.0.0.1 holland.hyperbanner.net

127.0.0.1 images.webads.nl

127.0.0.1 sc.clicksupply.com

127.0.0.1 service.bfast.com

127.0.0.1 www.ad4ex.com

127.0.0.1 www.bannercampaign.com

127.0.0.1 www.cyberbounty.com

127.0.0.1 www.netvertising.be

127.0.0.1 www.speedyclick.com

127.0.0.1 www.webads.nl

127.0.0.1 ads.snowball.com

127.0.0.1 ads.amazingmedia.com

127.0.0.1 www10.valueclick.com

127.0.0.1 js1.hitbox.com

127.0.0.1 rd1.hitbox.com

127.0.0.1 mt37.mtree.com

127.0.0.1 ads.gameanswers.com

127.0.0.1 ads7.udc.advance.net

127.0.0.1 www23.valueclick.com

127.0.0.1 ads.fortunecity.com

127.0.0.1 banners.nextcard.com

127.0.0.1 ads.iwon.com

127.0.0.1 www.qksrv.net

127.0.0.1 clickserve.cc-dt.com

127.0.0.1 ads-b.focalink.com

127.0.0.1 ad2.peel.com

127.0.0.1 ads.floridatoday.com

127.0.0.1 stats.adultrevenueservice.com

127.0.0.1 ads18.bpath.com

127.0.0.1 ph-ad06.focalink.com

127.0.0.1 global.msads.net

127.0.0.1 pluto1.iserver.net

127.0.0.1 ads1.intelliads.com

127.0.0.1 primetime.ad.asap-asp.net

127.0.0.1 ads.stileproject.com

127.0.0.1 di.image.eshop.msn.com

127.0.0.1 www.blissnet.net

127.0.0.1 www.consumerinfo.com

127.0.0.1 ads.rottentomatoes.com

127.0.0.1 k5ads.osdn.com

127.0.0.1 actionsplash.com

127.0.0.1 campaigns.f2.com.au

127.0.0.1 adserver.news.com.au

127.0.0.1 servedby.advertising.com

127.0.0.1 java.yahoo.com

127.0.0.1 ad.howstuffworks.com

127.0.0.1 ads.1for1.com

127.0.0.1 images.ads.fairfax.com.au

127.0.0.1 ads.devx.com

127.0.0.1 utils.mediageneral.com

127.0.0.1 banners.friendfinder.com

127.0.0.1 adserver.matchcraft.com

127.0.0.1 www.dnps.com

127.0.0.1 creative.whi.co.nz

127.0.0.1 rmedia.boston.com

127.0.0.1 webaffiliate.covad.com

127.0.0.1 ad.iwin.com

127.0.0.1 www.nailitonline2.com

127.0.0.1 mds.centrport.net

127.0.0.1 oas.dispatch.com

127.0.0.1 adserver.ads360.com

127.0.0.1 banners.adultfriendfinder.com

127.0.0.1 ads.as4x.tmcs.net

127.0.0.1 ads.clickagents.com

127.0.0.1 banners.chek.com

127.0.0.1 zi.r.tv.com

127.0.0.1 ph-ad19.focalink.com

127.0.0.1 ads.greensboro.com

127.0.0.1 ad2.adcept.net

127.0.0.1 ads.colo.kiva.net

127.0.0.1 adsrv.iol.co.za

127.0.0.1 mjxads.internet.com

127.0.0.1 adimage.asiaone.com.sg

127.0.0.1 ads.vnuemedia.com

127.0.0.1 affiliate.doteasy.com

127.0.0.1 m.tribalfusion.com

127.0.0.1 oas.lee.net

127.0.0.1 www.banneroverdrive.com

127.0.0.1 ad3.peel.com

127.0.0.1 ad1.peel.comwww.xbn.ru

127.0.0.1 adserver.snowball.com

127.0.0.1 media15.fastclick.net

127.0.0.1 ads5.advance.net

127.0.0.1 ads3.advance.net

127.0.0.1 ads2.advance.net

127.0.0.1 ads.advance.net

127.0.0.1 usbytecom.orbitcycle.com

127.0.0.1 adbanner.sweepsclub.com

127.0.0.1 oas.villagevoice.com

127.0.0.1 www.ad-flow.com

127.0.0.1 ads.guardian.co.uk

127.0.0.1 ads.hitcents.com

127.0.0.1 media19.fastclick.net

127.0.0.1 a.tribalfusion.com

127.0.0.1 ads.nypost.com

127.0.0.1 ads.premiumnetwork.com

127.0.0.1 ads.ad-flow.com

127.0.0.1 adserver.hispavista.com

127.0.0.1 ads.musiccity.com

127.0.0.1 banners.revenuelink.com

127.0.0.1 ads1.sptimes.com

127.0.0.1 adserver.bizland-inc.net

127.0.0.1 ads.adtegrity.net

127.0.0.1 media13.fastclick.net

127.0.0.1 adserver.ukplus.co.uk

127.0.0.1 ads.live365.com

127.0.0.1 ads.fredericksburg.com

127.0.0.1 banners.affiliatefuel.com

127.0.0.1 ar.atwola.com

127.0.0.1 ads.bigcitytools.com

127.0.0.1 netshelter.adtrix.com

127.0.0.1 y.ibsys.com

127.0.0.1 adserver.nydailynews.com

127.0.0.1 s0b.bluestreak.com

127.0.0.1 images.scripps.com

127.0.0.1 images.cybereps.com

127.0.0.1 altfarm.mediaplex.com

127.0.0.1 krd.realcities.com

127.0.0.1 www3.bannerspace.com

127.0.0.1 view.atdmt.com

127.0.0.1 ads7.advance.net

127.0.0.1 ad.abcnews.com

127.0.0.1 ads.newsquest.co.uk

127.0.0.1 secure.webconnect.net

127.0.0.1 ads.nandomedia.com

127.0.0.1 banners.babylon-x.com

127.0.0.1 media17.fastclick.net

127.0.0.1 techreview-images.adbureau.net

127.0.0.1 ads.exhedra.com

127.0.0.1 ad.trafficmp.com

127.0.0.1 realmedia-a800.d4p.net

127.0.0.1 banner.northsky.com

127.0.0.1 ftp.nacorp.com

127.0.0.1 www.digitalbettingcasinos.com

127.0.0.1 c1.zedo.com

127.0.0.1 ads4.condenet.com

127.0.0.1 www.brilliantdigital.com

127.0.0.1 desktop.kazaa.com

127.0.0.1 shop.kazaa.com

127.0.0.1 www.bonzi.com

127.0.0.1 www.b3d.com

127.0.0.1 neighborhood.standard.net

127.0.0.1 ads.telegraph.co.uk

127.0.0.1 spinbox.techtracker.com

127.0.0.1 toads.osdn.com

127.0.0.1 ads.themes.org

127.0.0.1 adserver.trb.com

127.0.0.1 media.fastclick.net

127.0.0.1 banner.easyspace.com

127.0.0.1 www.banner2u.com

127.0.0.1 ads.thestar.com

127.0.0.1 ads.digitalmedianet.com

127.0.0.1 www.fineclicks.com

127.0.0.1 ads.mdchoice.com

127.0.0.1 ad.horvitznewspapers.net

127.0.0.1 adtegrity.thruport.com

127.0.0.1 a.mktw.net

127.0.0.1 ads.pennyweb.com

127.0.0.1 www3.ad.tomshardware.com

127.0.0.1 www4.ad.tomshardware.com

127.0.0.1 www6.ad.tomshardware.com

127.0.0.1 www8.ad.tomshardware.com

127.0.0.1 www15.ad.tomshardware.com

127.0.0.1 ads.forbes.com

127.0.0.1 ads.desmoinesregister.com

127.0.0.1 adserver.tribuneinteractive.com

127.0.0.1 bannerads.anytimenews.com

127.0.0.1 ads1.condenet.com

127.0.0.1 adserver.anm.co.uk

127.0.0.1 zrap.zdnet.com.com

127.0.0.1 bidclix.net

127.0.0.1 media.popuptraffic.com

127.0.0.1 coreg.flashtrack.net

127.0.0.1 rmads.msn.com

127.0.0.1 ads.icq.com

127.0.0.1 cb.icq.com

127.0.0.1 cf.icq.com

127.0.0.1 www2.newtopsites.com

127.0.0.1 adserv.internetfuel.com

127.0.0.1 images.fastclick.net

127.0.0.1 adserver.securityfocus.com

127.0.0.1 www.avsads.com

127.0.0.1 banners.moviegoods.com

127.0.0.1 ads.bitsonthewire.com

127.0.0.1 ads.iambic.com

127.0.0.1 sfads.osdn.com

127.0.0.1 fl01.ct2.comclick.com

127.0.0.1 adserver.phillyburbs.com

127.0.0.1 marketing.nyi.net

127.0.0.1 www.netflip.com

127.0.0.1 image.imgfarm.com

127.0.0.1 ads.viaarena.com

127.0.0.1 phpads2.cnpapers.com

127.0.0.1 ads.astalavista.us

127.0.0.1 banner.coza.com

127.0.0.1 adcreative.tribuneinteractive.com

127.0.0.1 ads.democratandchronicle.com

127.0.0.1 adlog.com.com

127.0.0.1 adimg.com.com

127.0.0.1 adimage.bankrate.com

127.0.0.1 ads.mediadevil.com

127.0.0.1 imageserv.adtech.de

127.0.0.1 ad.se.doubleclick.net

127.0.0.1 ads.cashsurfers.com

127.0.0.1 ads.specificpop.com

127.0.0.1 z1.adserver.com

127.0.0.1 images.bizrate.com

127.0.0.1 q.pni.com

127.0.0.1 ad01.mediacorpsingapore.com

127.0.0.1 adimage.asia1.com.sg

127.0.0.1 images.newsx.cc

127.0.0.1 www.adireland.com

127.0.0.1 ads.iafrica.com

127.0.0.1 ads.nyi.net

127.0.0.1 geoads.osdn.com

127.0.0.1 www.crisscross.com

127.0.0.1 netcomm.spinbox.net

127.0.0.1 i.i.com.com

127.0.0.1 ads.videoaxs.com

127.0.0.1 mediamgr.ugo.com

127.0.0.1 adserver.pollstar.com

127.0.0.1 information.gopher.com

127.0.0.1 ads.adviva.net

127.0.0.1 adsrv.bankrate.com

127.0.0.1 a207.p.f.qz3.net

127.0.0.1 ehg-bestbuy.hitbox.com

127.0.0.1 ehg-intel.hitbox.com

127.0.0.1 ehg-espn.hitbox.com

127.0.0.1 ehg-macromedia.hitbox.com

127.0.0.1 ehg-dig.hitbox.com

127.0.0.1 speed.pointroll.com

127.0.0.1 amch.questionmarket.com

127.0.0.1 ads.gamespy.com

127.0.0.1 spd.atdmt.com

127.0.0.1 ads.columbian.com

127.0.0.1 clickit.go2net.com

127.0.0.1 vpdc.ru4.com

127.0.0.1 ads.developershed.com

127.0.0.1 ads.globeandmail.com

127.0.0.1 ads.nerve.com

127.0.0.1 iv.doubleclick.net

127.0.0.1 ads2.condenet.com

127.0.0.1 www.burstnet.com

127.0.0.1 ads5.canoe.ca

127.0.0.1 askmen.thruport.com

127.0.0.1 adsrv2.gainesvillesun.com

127.0.0.1 ads.theolympian.com

127.0.0.1 ads.courierpostonline.com

127.0.0.1 i.timeinc.net

127.0.0.1 oasads.whitepages.com

127.0.0.1 rad.msn.com

127.0.0.1 serve.thisbanner.com

127.0.0.1 images.trafficmp.com

127.0.0.1 www.kaplanindex.com

127.0.0.1 kaplanindex.com

127.0.0.1 1.httpdads.com

127.0.0.1 spinbox.maccentral.com

127.0.0.1 akaads-abc.starwave.com

127.0.0.1 webad.ajeeb.com

127.0.0.1 ads.granadamedia.com

127.0.0.1 oas.uniontrib.com

127.0.0.1 ads.wnd.com

127.0.0.1 a3.suntimes.com

127.0.0.1 tmsads.tribune.com

127.0.0.1 ads.peel.com

127.0.0.1 ads.mh5.com

127.0.0.1 ad.usatoday.com

127.0.0.1 adserver.digitalpartners.com

127.0.0.1 ads.mediaturf.net

127.0.0.1 ads4.clearchannel.com

127.0.0.1 ads.clearchannel.com

127.0.0.1 ads2.clearchannel.com

127.0.0.1 ads.jacksonsun.com

127.0.0.1 servads.aip.org

127.0.0.1 ad.au.doubleclick.net

127.0.0.1 adng.ascii24.com

127.0.0.1 engage.speedera.net

127.0.0.1 ads.msn-ppe.com

127.0.0.1 ad.openfind.com.tw

127.0.0.1 adi.mainichi.co.jp

127.0.0.1 ads.northjersey.com

127.0.0.1 ad.moscowtimes.ru

127.0.0.1 banners.valuead.com

127.0.0.1 ad1.aaddzz.com

127.0.0.1 ds.eyeblaster.com

127.0.0.1 adserver.digitalpartners.com

127.0.0.1 oas.uniontrib.com

127.0.0.1 ads.statesmanjournal.com

127.0.0.1 ads.centralohio.com

[Atribune]

Angeloftheflames, Efwis, Psykel

I ended up helping angeloftheflames in chat.

It would seem as though Search.findwhatevernow.com changes the primary and secondary DNS. We reset it to his isp's DNS and all seems good now.

Good luck Akio and happy surfing.