Help HiJack This Log, lets see what you can do =] Options

[dispn0ygonekrazy]

Logfile of HijackThis v1.99.1
Scan saved at 4:09:46 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\TrayTool.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\derek\local settings\temp\GXQQ.exe
C:\WINDOWS\System32\dktibs.exe
C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
C:\documents and settings\derek\local settings\temp\J.exe
C:\WINDOWS\BCMSMMSG.exe
C:\documents and settings\derek\local settings\temp\i.exe
C:\documents and settings\derek\local settings\temp\sH.exe
C:\documents and settings\derek\local settings\temp\DBB.exe
C:\program files\mcafee.com\shared\mcinfo.exe
C:\Documents and Settings\Derek\Application Data\ttuh.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\dktibs.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derek\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Derek\Local Settings\Temp\b2dTrQy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ToolExe] C:\Program Files\Dell\TrayTool.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe 1
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [GXQQ] C:\documents and settings\derek\local settings\temp\GXQQ.exe
O4 - HKLM\..\Run: [oN5oCW3P] C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
O4 - HKLM\..\Run: [J] C:\documents and settings\derek\local settings\temp\J.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [i] C:\documents and settings\derek\local settings\temp\i.exe
O4 - HKLM\..\Run: [sH] C:\documents and settings\derek\local settings\temp\sH.exe
O4 - HKLM\..\Run: [DBB] C:\documents and settings\derek\local settings\temp\DBB.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Derek\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Ftn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\panda software\panda platinum internet security\pavlsp.dll' missing
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - Trusted IP range: 209.8.20.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv342/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\lvp8097ue.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - c:\program files\netscape internet service\ncupdatesvc.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)

[ryanoman]

Logfile of HijackThis v1.99.1
Scan saved at 4:09:46 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\TrayTool.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\derek\local settings\temp\GXQQ.exe
C:\WINDOWS\System32\dktibs.exe
C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
C:\documents and settings\derek\local settings\temp\J.exe
C:\WINDOWS\BCMSMMSG.exe
C:\documents and settings\derek\local settings\temp\i.exe
C:\documents and settings\derek\local settings\temp\sH.exe
C:\documents and settings\derek\local settings\temp\DBB.exe
C:\program files\mcafee.com\shared\mcinfo.exe
C:\Documents and Settings\Derek\Application Data\ttuh.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\dktibs.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derek\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Derek\Local Settings\Temp\b2dTrQy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ToolExe] C:\Program Files\Dell\TrayTool.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe 1
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [GXQQ] C:\documents and settings\derek\local settings\temp\GXQQ.exe
O4 - HKLM\..\Run: [oN5oCW3P] C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
O4 - HKLM\..\Run: [J] C:\documents and settings\derek\local settings\temp\J.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [i] C:\documents and settings\derek\local settings\temp\i.exe
O4 - HKLM\..\Run: [sH] C:\documents and settings\derek\local settings\temp\sH.exe
O4 - HKLM\..\Run: [DBB] C:\documents and settings\derek\local settings\temp\DBB.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Derek\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Ftn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\panda software\panda platinum internet security\pavlsp.dll' missing
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - Trusted IP range: 209.8.20.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv342/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\lvp8097ue.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - c:\program files\netscape internet service\ncupdatesvc.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)

The Bolded items are either QUESTIONABLE or BAD.

Please run a full system scan with Spybot S&D (download).

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page

1. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
2. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
3. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
4. Once the definitions have been updated:
5. Reconfigure Ad-Aware for Full Scan as per the following instructions:
   • Launch the program, and click on the Gear at the top of the start screen.
   • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
     • "Automatically save logfile"
     • Automatically quarantine objects prior to removal"
     • Safe Mode (always request confirmation)
     • Prompt to update outdated confirmation) - Change to 7 days.
   • Click the "Scanning" button (On the left side).
   • Under Drives & Folders, select "Scan within Archives"
   • Click "Click here to select Drives + folders" and select your installed hard drives.
   • Under Memory & Registry, select all options.
   • Click the "Advanced" button (On the left hand side).
   • Under "Shell Integration", select "Move deleted files to Recycle Bin".
   • Under "Log-file detail", select all options.
   • Click on the "Defaults" button on the left.
   • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
   • Click the "Tweak" button (Again, on the left hand side).
   • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
     • "Unload recognized processes during scanning."
     • "Obtain command line of scanned processes"
     • "Scan registry for all users instead of current user only"
   • Under "Cleaning Engine", select the following:
     • "Automatically try to unregister objects prior to deletion."
     • "During removal, unload explorer and IE if necessary"
     • "Let Windows remove files in use at next reboot."
     • "Delete quarrantined objects after restoring"
   • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
   • Click on "Proceed" to save these Preferences.
   • Click on the "Scan Now" button on the left.
   • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
6. Close all programs except ad-aware.
7. Click on "Next" in the bottom right corner to start the scan.
8. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
9. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

************************************

We need to bring the HOSTS file back to normal, please download and run: Reset your host file. Click Here to download HostsFileReader. To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.

*************************************

That should fix most of your internet problems. Please post another log of HijackThis to be sure that the problems are fixed.)







(These are practice replies, just to help people learn how to clean their computer (If infected), and to help others.

[dispn0ygonekrazy]

All right Im gonna show my Fix so you can learn how to format and learn what is needed and why i put them there ok

*****************************************************************

Hi (USER) and welcome to GeeksToGo! My name is dispn0ygonekrazy and I will be helping you today.

I noticed that your HiJackthis.exe is in a temp folder, make sure to save HijackThis in its own folder (i.e. C:\HJT). DO NOT run it from within a zip manager (Winzip), as no backups will be saved.

After reviewing your HiJack log file I can see that you have some Malware issues.
So lets get these things take care of.


A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of winlspak.dll. and pavlsp.dll
5. Select every instance of winlspak.dll and pavlsp.dll' and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.
7. Reboot and please post a fresh HiJackThis log.

Post#2----------------------------------------------------------------------------

You have the latest version of VX2. Download L2mfix from one of these two locations:

One
Two

• Save the file to your desktop and double click l2mfix.exe.
• Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.
• Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
  
  IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  
  
  Then post a HijackThis log (not attach) together with the log of the L2Mfix
  
  post#3-----------------------------------------------------------------------------
  
  Close any programs you have open since this step requires a reboot.
• From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter
• Press any key to reboot your computer.
• After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.
• Copy the contents of log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :)

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Post#4-----------------------------------------------------------------------------


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


1. Download CWShredder Here.
Do NOT run it yet.
Update CWShredder[/b]

• Open CWShredder and click I AGREE
• Click Check For Update
• Close CWShredder

2. Please Download the Host Here
Do NOT run it yet.

3. Download and install CleanUp! Here Do NOT run it yet.

4. Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

5. Download FixVundo Here
Please do the following

• Close all the running programs.
• If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet
• Locate the FixVundo.exe file that you just downloaded
• Double-click the FixVundo.exe file to start the removal tool
• Click Start to begin the process, and then allow the tool to run
• Important Note: Do not launch any new applications while the tool is running
• Restart the computer.
• Run the removal tool again to ensure that the system is clean.

6. Click this link to be sure you can view hidden files.

7. Ensure you are NOT connected to the internet.

8. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about

9. Open up the Host program.

• Make sure that the "make hosts writable?" button in the upper right corner is enabled.
• Click back up Host files
• then click Restore orginal host files
• close program

10. Now run the CleanUp! program.

11. Close all browsers, windows and unneeded programs.

12. Open HiJack and do a scan.

13. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Derek\Local Settings\Temp\b2dTrQy.dll
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe 1
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Derek\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Ftn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv342/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\lvp8097ue.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - c:\program files\netscape internet service\ncupdatesvc.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)

The following are optional fixes. This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

14. click the Fix Checked box

15. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

16. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

VBouncerDL
eZmmod
Web Offer

17. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\VBouncer
C:\PROGRA~1\ezula
C:\PROGRA~1\Web Offer

18. Please remove just the files from the following paths using Windows Explorer (if present):
C:\WINDOWS\svchost.exe 1
C:\WINDOWS\System32\mcc.exe
C:\WINDOWS\System32\systime.exe
C:\Documents and Settings\Derek\Application Data\ttuh.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\WINDOWS\System32\dktibs.exe

19. Reboot in normal mode and Please post a new log to verify all is good. Ensure you rehide your “hidden files and folders” back to the way they were

Post #5------------------------------------------------------
(assuming Log is Clean)

Congratualtions your log is clean

How do I prevent myself in the Future?

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
• Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
• More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.