Sponsored By

angeloftheflames

Members
  • Content Count

    8
  • Joined

  • Last visited

Everything posted by angeloftheflames

  1. Logfile of HijackThis v1.98.2 Scan saved at 8:53:12 PM, on 12/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Morning Star\Application Data\swnr.exe C:\PROGRA~1\Serv-U\ServUDaemon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\MORNIN~1\LOCALS~1\Temp\Rar$EX00.323\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
  2. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    127.0.0.1 localhost 127.0.0.1 www.doubleclick.net 127.0.0.1 ad.preferances.com 127.0.0.1 ad.doubleclick.com 127.0.0.1 ads.web.aol.com 127.0.0.1 ad.doubleclick.net 127.0.0.1 ad.preferences.com 127.0.0.1 ad.washingtonpost.com 127.0.0.1 adpick.switchboard.com 127.0.0.1 ads.doubleclick.com 127.0.0.1 ads.infospace.com 127.0.0.1 ads.msn.com 127.0.0.1 ads.switchboard.com 127.0.0.1 ads.enliven.com 127.0.0.1 oz.valueclick.com 127.0.0.1 doubleclick.net 127.0.0.1 ads.doubleclick.net 127.0.0.1 ad2.doubleclick.net 127.0.0.1 ad3.doubleclick.net 127.0.0.1 ad4.doubleclick.net 127.0.0.1 ad5.doubleclick.net 127.0.0.1 ad6.doubleclick.net 127.0.0.1 ad7.doubleclick.net 127.0.0.1 ad8.doubleclick.net 127.0.0.1 ad9.doubleclick.net 127.0.0.1 ad10.doubleclick.net 127.0.0.1 ad11.doubleclick.net 127.0.0.1 ad12.doubleclick.net 127.0.0.1 ad13.doubleclick.net 127.0.0.1 ad14.doubleclick.net 127.0.0.1 ad15.doubleclick.net 127.0.0.1 ad16.doubleclick.net 127.0.0.1 ad17.doubleclick.net 127.0.0.1 ad18.doubleclick.net 127.0.0.1 ad19.doubleclick.net 127.0.0.1 ad20.doubleclick.net 127.0.0.1 ad.ch.doubleclick.net 127.0.0.1 ad.linkexchange.com 127.0.0.1 banner.linkexchange.com 127.0.0.1 ads*.focalink.com 127.0.0.1 ads.imdb.com 127.0.0.1 commonwealth.riddler.com 127.0.0.1 globaltrak.net 127.0.0.1 nrsite.com 127.0.0.1 www.nrsite.com 127.0.0.1 ad-up.com 127.0.0.1 ad.adsmart.net 127.0.0.1 ad.atlas.cz 127.0.0.1 ad.blm.net 127.0.0.1 ad.dogpile.com 127.0.0.1 ad.infoseek.com 127.0.0.1 ad.net-service.de 127.0.0.1 ad.preferences.com 127.0.0.1 ad.vol.at 127.0.0.1 adbot.com 127.0.0.1 adbureau.net 127.0.0.1 adcount.hollywood.com 127.0.0.1 add.yaho.com 127.0.0.1 adex3.flycast.com 127.0.0.1 adforce.adtech.de 127.0.0.1 adforce.imgis.com 127.0.0.1 adimage.blm.net 127.0.0.1 adlink.deh.de 127.0.0.1 ads.criticalmass.com 127.0.0.1 ads.csi.emcweb.com 127.0.0.1 ads.filez.com 127.0.0.1 ads.imagine-inc.com 127.0.0.1 ads.imdb.com 127.0.0.1 ads.infospace.com 127.0.0.1 ads.jwtt3.com 127.0.0.1 ads.mirrormedia.co.uk 127.0.0.1 ads.msn.com 127.0.0.1 ads.narrowline.com 127.0.0.1 ads.newcitynet.com 127.0.0.1 ads.realcities.com 127.0.0.1 ads.realmedia.com 127.0.0.1 ads.switchboard.com 127.0.0.1 ads.tripod.com 127.0.0.1 ads.usatoday.com 127.0.0.1 ads.washingtonpost.com 127.0.0.1 ads.web.de 127.0.0.1 ads.web21.com 127.0.0.1 adserv.newcentury.net 127.0.0.1 adservant.guj.de 127.0.0.1 adservant.mediapoint.de 127.0.0.1 adserver-espnet.sportszone.com 127.0.0.1 advert.heise.de 127.0.0.1 banners.internetextra.com 127.0.0.1 bannerswap.com 127.0.0.1 dino.mainz.ibm.de 127.0.0.1 ganges.imagine-inc.com 127.0.0.1 globaltrack.com 127.0.0.1 207-87-18-203.wsmg.digex.net 127.0.0.1 garden.ngadcenter.net 127.0.0.1 ogilvy.ngadcenter.net 127.0.0.1 responsemedia-ad.flycast.com 127.0.0.1 suissa-ad.flycast.com 127.0.0.1 ugo.eu-adcenter.net 127.0.0.1 vnu.eu-adcenter.net 127.0.0.1 ad-adex3.flycast.com 127.0.0.1 ad.adsmart.net 127.0.0.1 ad.ca.doubleclick.net 127.0.0.1 ad.de.doubleclick.net 127.0.0.1 ad.fr.doubleclick.net 127.0.0.1 ad.jp.doubleclick.net 127.0.0.1 ad.linkexchange.com 127.0.0.1 ad.linksynergy.com 127.0.0.1 ad.nl.doubleclick.net 127.0.0.1 ad.no.doubleclick.net 127.0.0.1 ad.sma.punto.net 127.0.0.1 ad.uk.doubleclick.net 127.0.0.1 ad.webprovider.com 127.0.0.1 ad08.focalink.com 127.0.0.1 adcontroller.unicast.com 127.0.0.1 adcreatives.imaginemedia.com 127.0.0.1 adforce.ads.imgis.com 127.0.0.1 adforce.imgis.com 127.0.0.1 adfu.blockstackers.com 127.0.0.1 adimages.earthweb.com 127.0.0.1 adimg.egroups.com 127.0.0.1 admedia.xoom.com 127.0.0.1 adremote.pathfinder.com 127.0.0.1 ads.admaximize.com 127.0.0.1 ads.bfast.com 127.0.0.1 ads.clickhouse.com 127.0.0.1 ads.fairfax.com.au 127.0.0.1 ads.fool.com 127.0.0.1 ads.freshmeat.net 127.0.0.1 ads.hollywood.com 127.0.0.1 ads.i33.com 127.0.0.1 ads.infi.net 127.0.0.1 ads.link4ads.com 127.0.0.1 ads.lycos.com 127.0.0.1 ads.madison.com 127.0.0.1 ads.mediaodyssey.com 127.0.0.1 ads.msn.com 127.0.0.1 ads.ninemsn.com.au 127.0.0.1 ads.seattletimes.com 127.0.0.1 ads.smartclicks.com 127.0.0.1 ads.smartclicks.net 127.0.0.1 ads.sptimes.com 127.0.0.1 ads.web.aol.com 127.0.0.1 ads.x10.com 127.0.0.1 ads.xtra.co.nz 127.0.0.1 ads.zdnet.com 127.0.0.1 ads01.focalink.com 127.0.0.1 ads02.focalink.com 127.0.0.1 ads03.focalink.com 127.0.0.1 ads04.focalink.com 127.0.0.1 ads05.focalink.com 127.0.0.1 ads06.focalink.com 127.0.0.1 ads08.focalink.com 127.0.0.1 ads09.focalink.com 127.0.0.1 ads1.activeagent.at 127.0.0.1 ads10.focalink.com 127.0.0.1 ads11.focalink.com 127.0.0.1 ads12.focalink.com 127.0.0.1 ads14.focalink.com 127.0.0.1 ads16.focalink.com 127.0.0.1 ads17.focalink.com 127.0.0.1 ads18.focalink.com 127.0.0.1 ads19.focalink.com 127.0.0.1 ads2.zdnet.com 127.0.0.1 ads20.focalink.com 127.0.0.1 ads21.focalink.com 127.0.0.1 ads22.focalink.com 127.0.0.1 ads23.focalink.com 127.0.0.1 ads24.focalink.com 127.0.0.1 ads25.focalink.com 127.0.0.1 ads3.zdnet.com 127.0.0.1 ads5.gamecity.net 127.0.0.1 adserv.iafrica.com 127.0.0.1 adserv.quality-channel.de 127.0.0.1 adserver.dbusiness.com 127.0.0.1 adserver.garden.com 127.0.0.1 adserver.janes.com 127.0.0.1 adserver.merc.com 127.0.0.1 adserver.monster.com 127.0.0.1 adserver.track-star.com 127.0.0.1 adserver1.ogilvy-interactive.de 127.0.0.1 adtegrity.spinbox.net 127.0.0.1 antfarm-ad.flycast.com 127.0.0.1 au.ads.link4ads.com 127.0.0.1 banner.media-system.de 127.0.0.1 banner.orb.net 127.0.0.1 banner.relcom.ru 127.0.0.1 banners.easydns.com 127.0.0.1 banners.looksmart.com 127.0.0.1 banners.wunderground.com 127.0.0.1 barnesandnoble.bfast.com 127.0.0.1 beseenad.looksmart.com 127.0.0.1 bizad.nikkeibp.co.jp 127.0.0.1 bn.bfast.com 127.0.0.1 c3.xxxcounter.com 127.0.0.1 califia.imaginemedia.com 127.0.0.1 cds.mediaplex.com 127.0.0.1 click.avenuea.com 127.0.0.1 click.go2net.com 127.0.0.1 click.linksynergy.com 127.0.0.1 cookies.cmpnet.com 127.0.0.1 cornflakes.pathfinder.com 127.0.0.1 counter.hitbox.com 127.0.0.1 crux.songline.com 127.0.0.1 erie.smartage.com 127.0.0.1 etad.telegraph.co.uk 127.0.0.1 fp.valueclick.com 127.0.0.1 gadgeteer.pdamart.com 127.0.0.1 gm.preferences.com 127.0.0.1 gp.dejanews.com 127.0.0.1 hg1.hitbox.com 127.0.0.1 image.click2net.com 127.0.0.1 image.eimg.com 127.0.0.1 images2.nytimes.com 127.0.0.1 jobkeys.ngadcenter.net 127.0.0.1 kansas.valueclick.com 127.0.0.1 leader.linkexchange.com 127.0.0.1 liquidad.narrowcastmedia.com 127.0.0.1 ln.doubleclick.net 127.0.0.1 m.doubleclick.net 127.0.0.1 macaddictads.snv.futurenet.com 127.0.0.1 maximumpcads.imaginemedia.com 127.0.0.1 media.preferences.com 127.0.0.1 mercury.rmuk.co.uk 127.0.0.1 mojofarm.sjc.mediaplex.com 127.0.0.1 nbc.adbureau.net 127.0.0.1 newads.cmpnet.com 127.0.0.1 ng3.ads.warnerbros.com 127.0.0.1 ngads.smartage.com 127.0.0.1 nsads.hotwired.com 127.0.0.1 ntbanner.digitalriver.com 127.0.0.1 ph-ad05.focalink.com 127.0.0.1 ph-ad07.focalink.com 127.0.0.1 ph-ad16.focalink.com 127.0.0.1 ph-ad17.focalink.com 127.0.0.1 ph-ad18.focalink.com 127.0.0.1 realads.realmedia.com 127.0.0.1 redherring.ngadcenter.net 127.0.0.1 redirect.click2net.com 127.0.0.1 retaildirect.realmedia.com 127.0.0.1 s2.focalink.com 127.0.0.1 sh4sure-images.adbureau.net 127.0.0.1 spin.spinbox.net 127.0.0.1 static.admaximize.com 127.0.0.1 stats.superstats.com 127.0.0.1 sview.avenuea.com 127.0.0.1 thinknyc.eu-adcenter.net 127.0.0.1 tracker.clicktrade.com 127.0.0.1 tsms-ad.tsms.com 127.0.0.1 v0.extreme-dm.com 127.0.0.1 v1.extreme-dm.com 127.0.0.1 van.ads.link4ads.com 127.0.0.1 view.accendo.com 127.0.0.1 view.avenuea.com 127.0.0.1 w113.hitbox.com 127.0.0.1 w25.hitbox.com 127.0.0.1 web2.deja.com 127.0.0.1 webads.bizservers.com 127.0.0.1 www.postmasterbannernet.com 127.0.0.1 www.ad-up.com 127.0.0.1 www.admex.com 127.0.0.1 www.alladvantage.com 127.0.0.1 www.burstnet.com 127.0.0.1 www.commission-junction.com 127.0.0.1 www.eads.com 127.0.0.1 www.freestats.com 127.0.0.1 www.imaginemedia.com 127.0.0.1 www.netdirect.nl 127.0.0.1 www.oneandonlynetwork.com 127.0.0.1 www.targetshop.com 127.0.0.1 www.teknosurf2.com 127.0.0.1 www.teknosurf3.com 127.0.0.1 www.valueclick.com 127.0.0.1 www.websitefinancing.com 127.0.0.1 www2.burstnet.com 127.0.0.1 www4.trix.net 127.0.0.1 www80.valueclick.com 127.0.0.1 z.extreme-dm.com 127.0.0.1 z0.extreme-dm.com 127.0.0.1 z1.extreme-dm.com 127.0.0.1 ads.forbes.net 127.0.0.1 ads.newcity.com 127.0.0.1 ads.ign.com 127.0.0.1 adserver.ign.com 127.0.0.1 ads.scifi.com 127.0.0.1 adengine.theglobe.com 127.0.0.1 ads.tucows.com 127.0.0.1 adcontent.gamespy.com 127.0.0.1 ads4.advance.net 127.0.0.1 ads1.advance.net 127.0.0.1 eur.yimg.com 127.0.0.1 us.a1.yimg.com 127.0.0.1 ad.harmony-central.com 127.0.0.1 sg.yimg.com 127.0.0.1 adverity.adverity.com 127.0.0.1 ads.bloomberg.com 127.0.0.1 mojofarm.mediaplex.com 127.0.0.1 ads.mysimon.com 127.0.0.1 ad.img.yahoo.co.kr 127.0.0.1 adimages.go.com 127.0.0.1 kr-adimage.lycos.co.kr 127.0.0.1 ad.kimo.com.tw 127.0.0.1 ads.paxnet.co.kr 127.0.0.1 ads.paxnet.com 127.0.0.1 ads.eu.msn.com 127.0.0.1 ads.admonitor.net 127.0.0.1 wwa.hitbox.com 127.0.0.1 ads.nytimes.com 127.0.0.1 ads.erotism.com 127.0.0.1 banner.rootsweb.com 127.0.0.1 ads.ole.com 127.0.0.1 adimg1.chosun.com 127.0.0.1 ss.mtree.com 127.0.0.1 adpulse.ads.targetnet.com 127.0.0.1 adserver.ugo.com 127.0.0.1 ad.sales.olympics.com 127.0.0.1 m2.doubleclick.net 127.0.0.1 ph-ad21.focalink.com 127.0.0.1 focusin.ads.targetnet.com 127.0.0.1 www.datais.com 127.0.0.1 oas.mmd.ch 127.0.0.1 pub-g.ifrance.com 127.0.0.1 ads.bianca.com 127.0.0.1 wap.adlink.de 127.0.0.1 click.adlink.de 127.0.0.1 banner.adlink.de 127.0.0.1 hurricane.adlink.de 127.0.0.1 west.adlink.de 127.0.0.1 scand.adlink.de 127.0.0.1 regio.adlink.de 127.0.0.1 direct.adlink.de 127.0.0.1 classic.adlink.de 127.0.0.1 adlui001.adlink.de 127.0.0.1 banner1.adlink.de 127.0.0.1 click.mp3.com 127.0.0.1 adcodes.bla-bla.com 127.0.0.1 icover.realmedia.com 127.0.0.1 ca.fp.sandpiper.net 127.0.0.1 adfarm.mediaplex.com 127.0.0.1 ads.tmcs.net 127.0.0.1 amedia.techies.com 127.0.0.1 www.exchange-it.com 127.0.0.1 www.ad.tomshardware.com 127.0.0.1 ad.tomshardware.com 127.0.0.1 ads.currantbun.com 127.0.0.1 phoenix-adrunner.mycomputer.com 127.0.0.1 ads15.focalink.com 127.0.0.1 ads13.focalink.com 127.0.0.1 adserver.colleges.com 127.0.0.1 ads.nwsource.com 127.0.0.1 ads.guardianunlimited.co.uk 127.0.0.1 ads.newsint.co.uk 127.0.0.1 ads.starnews.com 127.0.0.1 www.linksynergy.com 127.0.0.1 ieee-images.adbureau.net 127.0.0.1 connect.247media.ads.link4ads.com 127.0.0.1 ads.newsdigital.net 127.0.0.1 arc5.msn.com 127.0.0.1 arc4.msn.com 127.0.0.1 arc3.msn.com 127.0.0.1 arc2.msn.com 127.0.0.1 arc1.msn.com 127.0.0.1 ads.discovery.com 127.0.0.1 im.800.com 127.0.0.1 img.cmpnet.com 127.0.0.1 ad7.internetadserver.com 127.0.0.1 ads.dai.net 127.0.0.1 ads.cbc.ca 127.0.0.1 www75.valueclick.com 127.0.0.1 ads.clearbluemedia.com 127.0.0.1 ti.click2net.com 127.0.0.1 www.onresponse.com 127.0.0.1 ads.list-universe.com 127.0.0.1 advert.bayarea.com 127.0.0.1 www3.pagecount.com 127.0.0.1 www.netsponsors.com 127.0.0.1 adthru.com 127.0.0.1 ads.newtimes.com 127.0.0.1 ads.ugo.com 127.0.0.1 ads.belointeractive.com 127.0.0.1 wwb.hitbox.com 127.0.0.1 comtrack.comclick.com 127.0.0.1 www.24pm-affiliation.com 127.0.0.1 www.click-fr.com 127.0.0.1 www.cibleclick.com 127.0.0.1 reply.mediatris.net 127.0.0.1 cgi.declicnet.com 127.0.0.1 pubs.mgn.net 127.0.0.1 ads.mcafee.com 127.0.0.1 ads1.ad-flow.com 127.0.0.1 ad.be.doubleclick.net 127.0.0.1 ad.adtraq.com 127.0.0.1 ad.sg.doubleclick.net 127.0.0.1 adpop.theglobe.com 127.0.0.1 ads-03.tor.focusin.ads.targetnet.com 127.0.0.1 ads.adflight.com 127.0.0.1 ads.detelefoongids.nl 127.0.0.1 ads.ecircles.com 127.0.0.1 ads.god.co.uk 127.0.0.1 ads.hyperbanner.net 127.0.0.1 ads.jpost.com 127.0.0.1 ads.netmechanic.com 127.0.0.1 ads.webcash.nl 127.0.0.1 adserver.netcast.nl 127.0.0.1 adserver.webads.com 127.0.0.1 adserver.webads.nl 127.0.0.1 adserver1.realtracker.com 127.0.0.1 adserver2.realtracker.com 127.0.0.1 adserver3.realtracker.com 127.0.0.1 delivery1.ads.telegraaf.nl 127.0.0.1 holland.hyperbanner.net 127.0.0.1 images.webads.nl 127.0.0.1 sc.clicksupply.com 127.0.0.1 service.bfast.com 127.0.0.1 www.ad4ex.com 127.0.0.1 www.bannercampaign.com 127.0.0.1 www.cyberbounty.com 127.0.0.1 www.netvertising.be 127.0.0.1 www.speedyclick.com 127.0.0.1 www.webads.nl 127.0.0.1 ads.snowball.com 127.0.0.1 ads.amazingmedia.com 127.0.0.1 www10.valueclick.com 127.0.0.1 js1.hitbox.com 127.0.0.1 rd1.hitbox.com 127.0.0.1 mt37.mtree.com 127.0.0.1 ads.gameanswers.com 127.0.0.1 ads7.udc.advance.net 127.0.0.1 www23.valueclick.com 127.0.0.1 ads.fortunecity.com 127.0.0.1 banners.nextcard.com 127.0.0.1 ads.iwon.com 127.0.0.1 www.qksrv.net 127.0.0.1 clickserve.cc-dt.com 127.0.0.1 ads-b.focalink.com 127.0.0.1 ad2.peel.com 127.0.0.1 ads.floridatoday.com 127.0.0.1 stats.adultrevenueservice.com 127.0.0.1 ads18.bpath.com 127.0.0.1 ph-ad06.focalink.com 127.0.0.1 global.msads.net 127.0.0.1 pluto1.iserver.net 127.0.0.1 ads1.intelliads.com 127.0.0.1 primetime.ad.asap-asp.net 127.0.0.1 ads.stileproject.com 127.0.0.1 di.image.eshop.msn.com 127.0.0.1 www.blissnet.net 127.0.0.1 www.consumerinfo.com 127.0.0.1 ads.rottentomatoes.com 127.0.0.1 k5ads.osdn.com 127.0.0.1 actionsplash.com 127.0.0.1 campaigns.f2.com.au 127.0.0.1 adserver.news.com.au 127.0.0.1 servedby.advertising.com 127.0.0.1 java.yahoo.com 127.0.0.1 ad.howstuffworks.com 127.0.0.1 ads.1for1.com 127.0.0.1 images.ads.fairfax.com.au 127.0.0.1 ads.devx.com 127.0.0.1 utils.mediageneral.com 127.0.0.1 banners.friendfinder.com 127.0.0.1 adserver.matchcraft.com 127.0.0.1 www.dnps.com 127.0.0.1 creative.whi.co.nz 127.0.0.1 rmedia.boston.com 127.0.0.1 webaffiliate.covad.com 127.0.0.1 ad.iwin.com 127.0.0.1 www.nailitonline2.com 127.0.0.1 mds.centrport.net 127.0.0.1 oas.dispatch.com 127.0.0.1 adserver.ads360.com 127.0.0.1 banners.adultfriendfinder.com 127.0.0.1 ads.as4x.tmcs.net 127.0.0.1 ads.clickagents.com 127.0.0.1 banners.chek.com 127.0.0.1 zi.r.tv.com 127.0.0.1 ph-ad19.focalink.com 127.0.0.1 ads.greensboro.com 127.0.0.1 ad2.adcept.net 127.0.0.1 ads.colo.kiva.net 127.0.0.1 adsrv.iol.co.za 127.0.0.1 mjxads.internet.com 127.0.0.1 adimage.asiaone.com.sg 127.0.0.1 ads.vnuemedia.com 127.0.0.1 affiliate.doteasy.com 127.0.0.1 m.tribalfusion.com 127.0.0.1 oas.lee.net 127.0.0.1 www.banneroverdrive.com 127.0.0.1 ad3.peel.com 127.0.0.1 ad1.peel.comwww.xbn.ru 127.0.0.1 adserver.snowball.com 127.0.0.1 media15.fastclick.net 127.0.0.1 ads5.advance.net 127.0.0.1 ads3.advance.net 127.0.0.1 ads2.advance.net 127.0.0.1 ads.advance.net 127.0.0.1 usbytecom.orbitcycle.com 127.0.0.1 adbanner.sweepsclub.com 127.0.0.1 oas.villagevoice.com 127.0.0.1 www.ad-flow.com 127.0.0.1 ads.guardian.co.uk 127.0.0.1 ads.hitcents.com 127.0.0.1 media19.fastclick.net 127.0.0.1 a.tribalfusion.com 127.0.0.1 ads.nypost.com 127.0.0.1 ads.premiumnetwork.com 127.0.0.1 ads.ad-flow.com 127.0.0.1 adserver.hispavista.com 127.0.0.1 ads.musiccity.com 127.0.0.1 banners.revenuelink.com 127.0.0.1 ads1.sptimes.com 127.0.0.1 adserver.bizland-inc.net 127.0.0.1 ads.adtegrity.net 127.0.0.1 media13.fastclick.net 127.0.0.1 adserver.ukplus.co.uk 127.0.0.1 ads.live365.com 127.0.0.1 ads.fredericksburg.com 127.0.0.1 banners.affiliatefuel.com 127.0.0.1 ar.atwola.com 127.0.0.1 ads.bigcitytools.com 127.0.0.1 netshelter.adtrix.com 127.0.0.1 y.ibsys.com 127.0.0.1 adserver.nydailynews.com 127.0.0.1 s0b.bluestreak.com 127.0.0.1 images.scripps.com 127.0.0.1 images.cybereps.com 127.0.0.1 altfarm.mediaplex.com 127.0.0.1 krd.realcities.com 127.0.0.1 www3.bannerspace.com 127.0.0.1 view.atdmt.com 127.0.0.1 ads7.advance.net 127.0.0.1 ad.abcnews.com 127.0.0.1 ads.newsquest.co.uk 127.0.0.1 secure.webconnect.net 127.0.0.1 ads.nandomedia.com 127.0.0.1 banners.babylon-x.com 127.0.0.1 media17.fastclick.net 127.0.0.1 techreview-images.adbureau.net 127.0.0.1 ads.exhedra.com 127.0.0.1 ad.trafficmp.com 127.0.0.1 realmedia-a800.d4p.net 127.0.0.1 banner.northsky.com 127.0.0.1 ftp.nacorp.com 127.0.0.1 www.digitalbettingcasinos.com 127.0.0.1 c1.zedo.com 127.0.0.1 ads4.condenet.com 127.0.0.1 www.brilliantdigital.com 127.0.0.1 desktop.kazaa.com 127.0.0.1 shop.kazaa.com 127.0.0.1 www.bonzi.com 127.0.0.1 www.b3d.com 127.0.0.1 neighborhood.standard.net 127.0.0.1 ads.telegraph.co.uk 127.0.0.1 spinbox.techtracker.com 127.0.0.1 toads.osdn.com 127.0.0.1 ads.themes.org 127.0.0.1 adserver.trb.com 127.0.0.1 media.fastclick.net 127.0.0.1 banner.easyspace.com 127.0.0.1 www.banner2u.com 127.0.0.1 ads.thestar.com 127.0.0.1 ads.digitalmedianet.com 127.0.0.1 www.fineclicks.com 127.0.0.1 ads.mdchoice.com 127.0.0.1 ad.horvitznewspapers.net 127.0.0.1 adtegrity.thruport.com 127.0.0.1 a.mktw.net 127.0.0.1 ads.pennyweb.com 127.0.0.1 www3.ad.tomshardware.com 127.0.0.1 www4.ad.tomshardware.com 127.0.0.1 www6.ad.tomshardware.com 127.0.0.1 www8.ad.tomshardware.com 127.0.0.1 www15.ad.tomshardware.com 127.0.0.1 ads.forbes.com 127.0.0.1 ads.desmoinesregister.com 127.0.0.1 adserver.tribuneinteractive.com 127.0.0.1 bannerads.anytimenews.com 127.0.0.1 ads1.condenet.com 127.0.0.1 adserver.anm.co.uk 127.0.0.1 zrap.zdnet.com.com 127.0.0.1 bidclix.net 127.0.0.1 media.popuptraffic.com 127.0.0.1 coreg.flashtrack.net 127.0.0.1 rmads.msn.com 127.0.0.1 ads.icq.com 127.0.0.1 cb.icq.com 127.0.0.1 cf.icq.com 127.0.0.1 www2.newtopsites.com 127.0.0.1 adserv.internetfuel.com 127.0.0.1 images.fastclick.net 127.0.0.1 adserver.securityfocus.com 127.0.0.1 www.avsads.com 127.0.0.1 banners.moviegoods.com 127.0.0.1 ads.bitsonthewire.com 127.0.0.1 ads.iambic.com 127.0.0.1 sfads.osdn.com 127.0.0.1 fl01.ct2.comclick.com 127.0.0.1 adserver.phillyburbs.com 127.0.0.1 marketing.nyi.net 127.0.0.1 www.netflip.com 127.0.0.1 image.imgfarm.com 127.0.0.1 ads.viaarena.com 127.0.0.1 phpads2.cnpapers.com 127.0.0.1 ads.astalavista.us 127.0.0.1 banner.coza.com 127.0.0.1 adcreative.tribuneinteractive.com 127.0.0.1 ads.democratandchronicle.com 127.0.0.1 adlog.com.com 127.0.0.1 adimg.com.com 127.0.0.1 adimage.bankrate.com 127.0.0.1 ads.mediadevil.com 127.0.0.1 imageserv.adtech.de 127.0.0.1 ad.se.doubleclick.net 127.0.0.1 ads.cashsurfers.com 127.0.0.1 ads.specificpop.com 127.0.0.1 z1.adserver.com 127.0.0.1 images.bizrate.com 127.0.0.1 q.pni.com 127.0.0.1 ad01.mediacorpsingapore.com 127.0.0.1 adimage.asia1.com.sg 127.0.0.1 images.newsx.cc 127.0.0.1 www.adireland.com 127.0.0.1 ads.iafrica.com 127.0.0.1 ads.nyi.net 127.0.0.1 geoads.osdn.com 127.0.0.1 www.crisscross.com 127.0.0.1 netcomm.spinbox.net 127.0.0.1 i.i.com.com 127.0.0.1 ads.videoaxs.com 127.0.0.1 mediamgr.ugo.com 127.0.0.1 adserver.pollstar.com 127.0.0.1 information.gopher.com 127.0.0.1 ads.adviva.net 127.0.0.1 adsrv.bankrate.com 127.0.0.1 a207.p.f.qz3.net 127.0.0.1 ehg-bestbuy.hitbox.com 127.0.0.1 ehg-intel.hitbox.com 127.0.0.1 ehg-espn.hitbox.com 127.0.0.1 ehg-macromedia.hitbox.com 127.0.0.1 ehg-dig.hitbox.com 127.0.0.1 speed.pointroll.com 127.0.0.1 amch.questionmarket.com 127.0.0.1 ads.gamespy.com 127.0.0.1 spd.atdmt.com 127.0.0.1 ads.columbian.com 127.0.0.1 clickit.go2net.com 127.0.0.1 vpdc.ru4.com 127.0.0.1 ads.developershed.com 127.0.0.1 ads.globeandmail.com 127.0.0.1 ads.nerve.com 127.0.0.1 iv.doubleclick.net 127.0.0.1 ads2.condenet.com 127.0.0.1 www.burstnet.com 127.0.0.1 ads5.canoe.ca 127.0.0.1 askmen.thruport.com 127.0.0.1 adsrv2.gainesvillesun.com 127.0.0.1 ads.theolympian.com 127.0.0.1 ads.courierpostonline.com 127.0.0.1 i.timeinc.net 127.0.0.1 oasads.whitepages.com 127.0.0.1 rad.msn.com 127.0.0.1 serve.thisbanner.com 127.0.0.1 images.trafficmp.com 127.0.0.1 www.kaplanindex.com 127.0.0.1 kaplanindex.com 127.0.0.1 1.httpdads.com 127.0.0.1 spinbox.maccentral.com 127.0.0.1 akaads-abc.starwave.com 127.0.0.1 webad.ajeeb.com 127.0.0.1 ads.granadamedia.com 127.0.0.1 oas.uniontrib.com 127.0.0.1 ads.wnd.com 127.0.0.1 a3.suntimes.com 127.0.0.1 tmsads.tribune.com 127.0.0.1 ads.peel.com 127.0.0.1 ads.mh5.com 127.0.0.1 ad.usatoday.com 127.0.0.1 adserver.digitalpartners.com 127.0.0.1 ads.mediaturf.net 127.0.0.1 ads4.clearchannel.com 127.0.0.1 ads.clearchannel.com 127.0.0.1 ads2.clearchannel.com 127.0.0.1 ads.jacksonsun.com 127.0.0.1 servads.aip.org 127.0.0.1 ad.au.doubleclick.net 127.0.0.1 adng.ascii24.com 127.0.0.1 engage.speedera.net 127.0.0.1 ads.msn-ppe.com 127.0.0.1 ad.openfind.com.tw 127.0.0.1 adi.mainichi.co.jp 127.0.0.1 ads.northjersey.com 127.0.0.1 ad.moscowtimes.ru 127.0.0.1 banners.valuead.com 127.0.0.1 ad1.aaddzz.com 127.0.0.1 ds.eyeblaster.com 127.0.0.1 adserver.digitalpartners.com 127.0.0.1 oas.uniontrib.com 127.0.0.1 ads.statesmanjournal.com 127.0.0.1 ads.centralohio.com
  3. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    Logfile of HijackThis v1.98.2 Scan saved at 6:40:46 PM, on 12/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
  4. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    Logfile of HijackThis v1.98.2 Scan saved at 11:25:08 PM, on 12/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AIM\aim.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\eMule\eMule.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
  5. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    Thanks for posting Efwis, my browser is fixed but if you see anything more please tell me so i can remove it Logfile of HijackThis v1.98.2 Scan saved at 4:43:01 PM, on 12/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AIM\aim.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\eMule\eMule.exe C:\PROGRA~1\Serv-U\ServUDaemon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
  6. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    Logfile of HijackThis v1.98.2 Scan saved at 10:26:12 AM, on 12/8/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Morning Star\Application Data\swnr.exe C:\PROGRA~1\Serv-U\ServUDaemon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\mIRC\mirc.exe C:\WINDOWS\winampa.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.0\THGuard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
  7. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    Logfile of HijackThis v1.98.2 Scan saved at 9:56:36 PM, on 12/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Morning Star\Application Data\swnr.exe C:\PROGRA~1\Serv-U\ServUDaemon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
  8. angeloftheflames

    Browsers Hijacked To Search.findwhatevernow.com

    Logfile of HijackThis v1.98.2 Scan saved at 9:35:53 PM, on 12/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Documents and Settings\Morning Star\Application Data\swnr.exe C:\PROGRA~1\Serv-U\ServUDaemon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186