Jump to content

can't access google,yahoo,myspace,facebook


Recommended Posts

Earlier today I got a popup saying 'intervalhehehe intervalhehehe intervalhehehe!!' I red X'd it and ran AVG anti virus, Malwarebytes and Superantispyware. Apart from a few ad cookies nothing was found. I don't get the pop up anymore but I can no longer go to Google,Myspace,Yahoo,Facebook. When I do it goes to a fake microsoft page that says

Microsoft security center : Your computer have been attacked by spyware or viruses! Download antispy ware.

It doesn't look at all offical so I haven't clicked the link.

What can I do?

Thank you

Link to post
Share on other sites

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I need you to follow the instructions provided here
first.
I also need for you to download this program
http://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow">
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.
Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.30

Database version: 1427

Windows 5.1.2600 Service Pack 2

27/11/2008 15:38:32

mbam-log-2008-11-27 (15-38-32).txt

Scan type: Quick Scan

Objects scanned: 44154

Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

Link to post
Share on other sites

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-27 16:21:54

PROTECTIONS: 1

MALWARE: 0

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location q

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description q

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002 q

184379 MEDIUM MS08-001 q

182048 HIGH MS07-069 q

182046 HIGH MS07-067 q

182043 HIGH MS07-064 q

179553 HIGH MS07-061 q

176382 HIGH MS07-057 q

176383 HIGH MS07-058 q

170911 HIGH MS07-050 q

170907 HIGH MS07-046 q

170906 HIGH MS07-045 q

170904 HIGH MS07-043 q

164915 HIGH MS07-035 q

164913 HIGH MS07-033 q

164911 HIGH MS07-031 q

160623 HIGH MS07-027 q

157262 HIGH MS07-022 q

157261 HIGH MS07-021 q

157260 HIGH MS07-020 q

157259 HIGH MS07-019 q

156477 HIGH MS07-017 q

150253 HIGH MS07-016 q

150249 HIGH MS07-013 q

150248 HIGH MS07-012 q

150247 HIGH MS07-011 q

150243 HIGH MS07-008 q

150242 HIGH MS07-007 q

150241 MEDIUM MS07-006 q

141034 HIGH MS06-076 q

141033 MEDIUM MS06-075 q

141030 HIGH MS06-072 q

137571 HIGH MS06-070 q

137568 HIGH MS06-067 q

133387 MEDIUM MS06-065 q

133386 MEDIUM MS06-064 q

133385 MEDIUM MS06-063 q

133379 HIGH MS06-057 q

131654 HIGH MS06-055 q

129977 MEDIUM MS06-053 q

129976 MEDIUM MS06-052 q

126093 HIGH MS06-051 q

126092 MEDIUM MS06-050 q

126087 HIGH MS06-046 q

126086 MEDIUM MS06-045 q

126083 HIGH MS06-042 q

126082 HIGH MS06-041 q

126081 HIGH MS06-040 q

123421 HIGH MS06-036 q

123420 HIGH MS06-035 q

120825 MEDIUM MS06-032 q

120823 MEDIUM MS06-030 q

120818 HIGH MS06-025 q

120815 HIGH MS06-022 q

120814 HIGH MS06-021 q

117384 MEDIUM MS06-018 q

114666 HIGH MS06-015 q

114664 HIGH MS06-013 q

108744 MEDIUM MS06-008 q

108743 MEDIUM MS06-007 q

108742 MEDIUM MS06-006 q

104567 HIGH MS06-002 q

104237 HIGH MS06-001 q

96574 HIGH MS05-053 q

93395 HIGH MS05-051 q

93394 HIGH MS05-050 q

93454 MEDIUM MS05-049 q

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

OTListIt logfile created on: 27/11/2008 16:32:52 - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\ERI\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 635.87 Mb Available Physical Memory | 62.13% Memory free

2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.47% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 90.96 Gb Total Space | 82.44 Gb Free Space | 90.63% Space Free | Partition Type: NTFS

Drive D: | 91.43 Gb Total Space | 7.01 Gb Free Space | 7.67% Space Free | Partition Type: FAT32

Drive E: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ELAINE

Current User Name: ERI

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2005/09/21 13:46:56 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

[2008/11/23 10:32:58 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

[1999/12/12 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

[2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe

[2005/09/21 16:42:24 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

[2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[2005/08/26 18:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

[2005/06/06 09:40:48 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe

[2004/03/30 11:08:00 | 00,077,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2005/09/29 16:07:10 | 00,114,688 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eMode Management\AspireService.exe

[2005/09/21 13:48:42 | 00,425,984 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaSync.exe

[2005/11/16 17:00:50 | 00,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[2004/07/02 16:27:26 | 00,295,001 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

[2008/11/27 08:30:40 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2008/11/23 10:33:00 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

[2004/08/03 21:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2007/09/06 14:53:40 | 00,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[2006/06/12 14:32:26 | 00,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[2008/11/23 11:04:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

[2004/09/23 18:36:28 | 00,303,104 | ---- | M] () -- C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

[2004/11/19 10:34:00 | 00,425,984 | ---- | M] () -- C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2007/10/08 13:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe

[2008/11/27 15:27:48 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ERI\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2005/09/21 13:46:56 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server [Auto | Running])

[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/11/23 11:04:55 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])

[2008/11/23 10:32:58 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

[1999/12/12 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])

[2007/09/28 12:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service [Auto | Running])

[2004/03/30 11:08:00 | 00,077,824 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

========== Driver Services ==========

[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])

[2005/09/21 16:34:18 | 03,727,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])

[2008/11/23 11:04:58 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2008/11/23 10:33:03 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2008/11/23 11:04:58 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])

[2005/05/19 00:47:00 | 00,349,824 | R--- | M] (THOMSON Corporation.) -- C:\WINDOWS\system32\drivers\BT4501G.sys -- (BT4501G [On_Demand | Running])

[2004/08/03 15:07:44 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\GAGP30KX.SYS -- (gagp30kx [boot | Running])

[2004/08/03 21:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008/11/23 17:27:48 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])

[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

[2007/05/03 13:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])

[2005/12/06 05:17:38 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])

[2004/03/30 11:12:00 | 01,893,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2008/11/23 17:23:42 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5 [On_Demand | Stopped])

[2004/08/03 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/03/04 03:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004/08/03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])

[2008/07/11 14:22:18 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\ERI\My Documents\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [system | Running])

[2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Documents and Settings\ERI\My Documents\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])

[2008/07/11 14:22:18 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\ERI\My Documents\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2004/08/03 21:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005/06/06 09:43:04 | 00,925,192 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])

[2008/11/26 19:37:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

[2004/12/17 17:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [system | Running])

[2003/07/01 20:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2004/09/29 11:00:00 | 00,247,296 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS) [On_Demand | Stopped])

[2005/01/13 14:46:16 | 00,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys [Auto | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\S-1-5-21-3417539924-3303459129-2230202793-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (2209 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 204.16.197.121 www.asfvb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.3.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.657.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.34.com

O1 - Hosts: 47 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key does not exist or could not be opened. File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

O4 - HKLM..\Run: [LaunchApp] Alaunch (Acer Inc.)

O4 - HKLM..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()

O4 - HKLM..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" (Maxtor Corporation)

O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.)

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)

O4 - HKLM..\Run: [sMSERIAL] sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)

O4 - HKCU..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" ()

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-3417539924-3303459129-2230202793-1006..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)

O4 - HKU\S-1-5-21-3417539924-3303459129-2230202793-1006..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" ()

O4 - HKU\S-1-5-21-3417539924-3303459129-2230202793-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3417539924-3303459129-2230202793-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls" = avgrsstx.dll

>[2008/11/23 10:33:08 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\Documents and Settings\ERI\My Documents\SUPERAntiSpyware\SASWINLO.DLL -- C:\Documents and Settings\ERI\My Documents\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]

[2005/12/06 05:18:22 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008/11/27 15:27:47 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ERI\Desktop\OTListIt.exe

[2008/11/27 01:28:05 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\HijackThis.lnk

[2008/11/27 01:28:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2008/11/27 01:27:54 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ERI\Desktop\HJTInstall.exe

[2008/11/26 21:07:36 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\Spybot - Search & Destroy.lnk

[2008/11/26 21:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/26 21:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/26 21:06:48 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/11/26 21:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/11/26 21:05:08 | 00,175,648 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\activescan2_en.exe

[2008/11/26 19:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Malwarebytes

[2008/11/26 19:55:36 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/26 19:55:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/26 19:55:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/26 19:55:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/11/26 19:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/11/26 19:53:37 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ERI\Desktop\mbam-setup.exe

[2008/11/26 19:38:39 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2008/11/26 19:37:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2008/11/26 19:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Sun

[2008/11/26 18:52:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\NEWS-Winter Party Diamond

[2008/11/26 18:52:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\WinRAR

[2008/11/26 18:52:27 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2008/11/26 18:49:15 | 70,626,691 | ---- | C] () -- C:\Documents and Settings\ERI\My Documents\NEWS-Winter Party Diamond.rar

[2008/11/26 18:32:42 | 70,626,691 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\NEWS-Winter Party Diamond.rar

[2008/11/24 23:13:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Template

[2008/11/24 23:13:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ERI\Application Data\wklnhst.dat

[2008/11/24 16:23:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008/11/24 15:03:18 | 04,759,556 | ---- | C] () -- C:\Documents and Settings\ERI\My Documents\Shabake UsoUso CM.mpg

[2008/11/24 14:15:22 | 00,178,688 | ---- | C] () -- C:\Documents and Settings\ERI\My Documents\hjsplit.exe

[2008/11/24 14:15:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\JPOP FICS

[2008/11/24 12:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2008/11/24 12:24:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2008/11/24 12:21:50 | 00,000,000 | ---D | C] -- C:\Program Files\iPhoto Plus 4

[2008/11/24 12:19:22 | 00,002,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk

[2008/11/24 12:19:10 | 00,000,000 | ---D | C] -- C:\Program Files\Maxtor

[2008/11/24 12:19:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Maxtor

[2008/11/24 12:18:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2008/11/24 12:18:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2008/11/24 12:17:51 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[2008/11/24 04:23:51 | 00,051,432 | ---- | C] () -- C:\Documents and Settings\ERI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/24 04:22:31 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\ERI\My Documents\Recycle Bin.lnk

[2008/11/24 04:19:28 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys

[2008/11/24 03:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2008/11/24 03:05:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2008/11/24 03:03:49 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008/11/24 03:03:48 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008/11/24 03:03:47 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2008/11/24 03:03:47 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008/11/24 03:02:22 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/24 03:00:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2008/11/23 21:38:34 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$

[2008/11/23 17:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism

[2008/11/23 17:28:17 | 00,001,063 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk

[2008/11/23 17:28:17 | 00,000,000 | ---D | C] -- C:\Program Files\Thomson SpeedTouch

[2008/11/23 17:28:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2008/11/23 17:27:41 | 00,349,824 | R--- | C] (THOMSON Corporation.) -- C:\WINDOWS\System32\drivers\BT4501G.sys

[2008/11/23 17:23:42 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll

[2008/11/23 17:23:42 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll

[2008/11/23 17:23:41 | 00,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N50.dll

[2008/11/23 17:23:41 | 00,017,134 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.sys

[2008/11/23 17:18:40 | 00,000,681 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini

[2008/11/23 17:14:41 | 00,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe

[2008/11/23 17:14:37 | 00,000,000 | ---D | C] -- C:\Acer

[2008/11/23 17:14:23 | 00,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys

[2008/11/23 17:14:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft

[2008/11/23 17:13:44 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL

[2008/11/23 17:13:38 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2008/11/23 17:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Acer

[2008/11/23 17:12:38 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll

[2008/11/23 17:12:38 | 00,000,790 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\Windows Media Player.lnk

[2008/11/23 17:12:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ERI\Application Data\desktop.ini

[2008/11/23 17:12:14 | 05,857,668 | -H-- | C] () -- C:\Documents and Settings\ERI\Local Settings\Application Data\IconCache.db

[2008/11/23 17:12:14 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\ERI\Start Menu\Programs\Startup\desktop.ini

[2008/11/23 17:12:14 | 00,000,074 | -HS- | C] () -- C:\Documents and Settings\ERI\My Documents\desktop.ini

[2008/11/23 17:12:14 | 00,000,000 | --SD | C] -- C:\Documents and Settings\ERI\Application Data\Microsoft

[2008/11/23 17:12:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\ApplicationHistory

[2008/11/23 17:12:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Symantec

[2008/11/23 17:12:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Identities

[2008/11/23 17:12:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ERI\My Documents\My Pictures

[2008/11/23 17:12:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ERI\My Documents\My Music

[2008/11/23 17:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\Microsoft

[2008/11/23 17:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}

[2008/11/23 17:07:15 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2008/11/23 17:07:00 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys

[2008/11/23 17:06:58 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS

[2008/11/23 17:06:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Motorola

[2008/11/23 16:01:06 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2008/11/23 12:35:16 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\Shortcut to GoldWave.lnk

[2008/11/23 12:35:06 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\Shortcut to VideoConverter.lnk

[2008/11/23 12:34:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Creative

[2008/11/23 12:22:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp

[2008/11/23 12:22:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2008/11/23 12:21:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/11/23 11:59:22 | 00,008,116 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/11/23 11:58:40 | 00,012,196 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu

[2008/11/23 11:58:40 | 00,003,860 | R--- | C] () -- C:\WINDOWS\System32\nvapps.xml

[2008/11/23 11:58:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview

[2008/11/23 11:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\SecondLife

[2008/11/23 11:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\Yahoo

[2008/11/23 11:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Adobe

[2008/11/23 11:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Yahoo!

[2008/11/23 11:47:51 | 00,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2008/11/23 11:47:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\AIMLogger

[2008/11/23 11:47:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2008/11/23 11:47:19 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2008/11/23 11:33:17 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomct2.ocx

[2008/11/23 11:32:02 | 00,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative MediaSource 5 Organizer.lnk

[2008/11/23 11:31:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative

[2008/11/23 11:31:12 | 00,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information

[2008/11/23 11:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative

[2008/11/23 11:28:18 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZEN Vision M Series Media Explorer.lnk

[2008/11/23 11:27:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages

[2008/11/23 11:26:55 | 00,000,000 | ---D | C] -- C:\Program Files\Creative

[2008/11/23 11:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\Any Video Converter

[2008/11/23 11:19:58 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Second Life.lnk

[2008/11/23 11:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife

[2008/11/23 11:04:59 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk

[2008/11/23 10:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Desktop\Misc icons

[2008/11/23 10:55:30 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\ERI\Desktop\Shortcut to SUPERANTISPYWARE.lnk

[2008/11/23 10:52:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\acccore

[2008/11/23 10:51:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\AOL OCP

[2008/11/23 10:51:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\AOL

[2008/11/23 10:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/11/23 10:51:40 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint

[2008/11/23 10:51:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore

[2008/11/23 10:51:38 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

[2008/11/23 10:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP

[2008/11/23 10:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL

[2008/11/23 10:51:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL

[2008/11/23 10:50:40 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6

[2008/11/23 10:50:34 | 00,000,469 | -H-- | C] () -- C:\IPH.PH

[2008/11/23 10:38:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\SUPERAntiSpyware.com

[2008/11/23 10:38:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2008/11/23 10:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\SUPERAntiSpyware

[2008/11/23 10:37:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\GoldWave

[2008/11/23 10:37:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\My Documents\Free MP3 Converter

[2008/11/23 10:34:09 | 00,050,685 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2008/11/23 10:33:08 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2008/11/23 10:33:07 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2008/11/23 10:33:03 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2008/11/23 10:33:03 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2008/11/23 10:33:02 | 30,388,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2008/11/23 10:33:02 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2008/11/23 10:33:02 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2008/11/23 10:33:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2008/11/23 10:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2008/11/23 10:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2008/11/23 10:30:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/11/23 10:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Local Settings\Application Data\Mozilla

[2008/11/23 10:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Mozilla

[2008/11/23 10:30:39 | 00,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2008/11/23 10:30:36 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2008/11/23 10:23:49 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\ERI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/23 10:22:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2008/11/23 09:31:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ERI\Application Data\Macromedia

[2008/11/23 09:30:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008/11/27 15:27:48 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/27 15:27:48 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ERI\Desktop\OTListIt.exe

[2008/11/27 15:27:48 | 00,382,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/27 15:27:48 | 00,053,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/27 15:25:14 | 30,388,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2008/11/27 15:24:08 | 00,000,681 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini

[2008/11/27 15:23:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/27 15:22:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/27 15:22:47 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys

[2008/11/27 01:28:05 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\HijackThis.lnk

[2008/11/27 01:27:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ERI\Desktop\HJTInstall.exe

[2008/11/26 21:57:58 | 05,857,668 | -H-- | M] () -- C:\Documents and Settings\ERI\Local Settings\Application Data\IconCache.db

[2008/11/26 21:07:36 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\Spybot - Search & Destroy.lnk

[2008/11/26 21:05:09 | 00,175,648 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\activescan2_en.exe

[2008/11/26 20:01:31 | 00,002,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008/11/26 19:55:36 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/26 19:54:49 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ERI\Desktop\mbam-setup.exe

[2008/11/26 19:37:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2008/11/26 18:48:48 | 70,626,691 | ---- | M] () -- C:\Documents and Settings\ERI\My Documents\NEWS-Winter Party Diamond.rar

[2008/11/26 18:48:48 | 70,626,691 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\NEWS-Winter Party Diamond.rar

[2008/11/25 00:29:55 | 00,051,432 | ---- | M] () -- C:\Documents and Settings\ERI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/24 23:13:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\ERI\Application Data\wklnhst.dat

[2008/11/24 19:25:03 | 00,050,685 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2008/11/24 16:44:19 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\ERI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/24 16:25:05 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/24 16:25:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/11/24 16:25:05 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2008/11/24 15:03:37 | 04,759,556 | ---- | M] () -- C:\Documents and Settings\ERI\My Documents\Shabake UsoUso CM.mpg

[2008/11/24 14:14:03 | 00,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxtor Manager.lnk

[2008/11/24 14:11:10 | 00,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/24 04:22:31 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\ERI\My Documents\Recycle Bin.lnk

[2008/11/24 03:14:35 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/23 17:28:17 | 00,001,063 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk

[2008/11/23 17:23:42 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll

[2008/11/23 17:23:42 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll

[2008/11/23 17:23:42 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.sys

[2008/11/23 17:23:41 | 00,081,920 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N50.dll

[2008/11/23 17:18:39 | 00,000,083 | ---- | M] () -- C:\WINDOWS\ALaunch.ini

[2008/11/23 17:12:43 | 00,000,074 | -HS- | M] () -- C:\Documents and Settings\ERI\My Documents\desktop.ini

[2008/11/23 17:12:38 | 00,000,790 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\Windows Media Player.lnk

[2008/11/23 17:11:20 | 00,000,998 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2008/11/23 17:07:15 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2008/11/23 12:35:16 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\Shortcut to GoldWave.lnk

[2008/11/23 12:35:06 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\Shortcut to VideoConverter.lnk

[2008/11/23 12:21:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/23 11:59:22 | 00,008,116 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/11/23 11:47:51 | 00,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2008/11/23 11:32:02 | 00,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative MediaSource 5 Organizer.lnk

[2008/11/23 11:30:19 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2008/11/23 11:30:19 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2008/11/23 11:30:02 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2008/11/23 11:19:58 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Second Life.lnk

[2008/11/23 11:08:51 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2008/11/23 11:04:59 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk

[2008/11/23 11:04:58 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2008/11/23 11:04:58 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2008/11/23 10:55:30 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\ERI\Desktop\Shortcut to SUPERANTISPYWARE.lnk

[2008/11/23 10:51:52 | 00,000,469 | -H-- | M] () -- C:\IPH.PH

[2008/11/23 10:51:38 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

[2008/11/23 10:33:08 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2008/11/23 10:33:03 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2008/11/23 10:33:02 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2008/11/23 10:30:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2008/11/23 10:30:39 | 00,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

< End of report >

Link to post
Share on other sites

Okay. Fire up Hijackthis, hit scan, select these lines and fix them.

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 204.16.197.121 www.asfvb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.3.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.657.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.34.com

O1 - Hosts: 47 more lines...

Let me know if your system will let you surf to the sites it wouldn't previously.

Link to post
Share on other sites

After scanning with hijack this and fixing the lines it's letting me surf. Thank you, you guys here are great <3

Good to hear. You may wish to open the hosts. file yourself with notepad and erase any lines left in it. The only line you even sort of need is

127.0.0.1 localhost

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand
how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
http://www.malwarebytes.org/forums/index.php?showtopic=2936' rel="external nofollow">
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.