Help HiJack This Log, lets see what you can do =] Options

[dispn0ygonekrazy]

Logfile of HijackThis v1.99.1
Scan saved at 4:09:46 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\TrayTool.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\derek\local settings\temp\GXQQ.exe
C:\WINDOWS\System32\dktibs.exe
C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
C:\documents and settings\derek\local settings\temp\J.exe
C:\WINDOWS\BCMSMMSG.exe
C:\documents and settings\derek\local settings\temp\i.exe
C:\documents and settings\derek\local settings\temp\sH.exe
C:\documents and settings\derek\local settings\temp\DBB.exe
C:\program files\mcafee.com\shared\mcinfo.exe
C:\Documents and Settings\Derek\Application Data\ttuh.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\dktibs.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derek\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Derek\Local Settings\Temp\b2dTrQy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ToolExe] C:\Program Files\Dell\TrayTool.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe 1
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [GXQQ] C:\documents and settings\derek\local settings\temp\GXQQ.exe
O4 - HKLM\..\Run: [oN5oCW3P] C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
O4 - HKLM\..\Run: [J] C:\documents and settings\derek\local settings\temp\J.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [i] C:\documents and settings\derek\local settings\temp\i.exe
O4 - HKLM\..\Run: [sH] C:\documents and settings\derek\local settings\temp\sH.exe
O4 - HKLM\..\Run: [DBB] C:\documents and settings\derek\local settings\temp\DBB.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Derek\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Ftn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\panda software\panda platinum internet security\pavlsp.dll' missing
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - Trusted IP range: 209.8.20.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv342/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\lvp8097ue.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - c:\program files\netscape internet service\ncupdatesvc.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)

[ryanoman]

Logfile of HijackThis v1.99.1
Scan saved at 4:09:46 PM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Binn\sqlservr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\TrayTool.exe
C:\WINDOWS\System32\systime.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\documents and settings\derek\local settings\temp\GXQQ.exe
C:\WINDOWS\System32\dktibs.exe
C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
C:\documents and settings\derek\local settings\temp\J.exe
C:\WINDOWS\BCMSMMSG.exe
C:\documents and settings\derek\local settings\temp\i.exe
C:\documents and settings\derek\local settings\temp\sH.exe
C:\documents and settings\derek\local settings\temp\DBB.exe
C:\program files\mcafee.com\shared\mcinfo.exe
C:\Documents and Settings\Derek\Application Data\ttuh.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\dktibs.exe
C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derek\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Derek\Local Settings\Temp\b2dTrQy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ToolExe] C:\Program Files\Dell\TrayTool.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe 1
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [GXQQ] C:\documents and settings\derek\local settings\temp\GXQQ.exe
O4 - HKLM\..\Run: [oN5oCW3P] C:\documents and settings\derek\local settings\temp\oN5oCW3P.exe
O4 - HKLM\..\Run: [J] C:\documents and settings\derek\local settings\temp\J.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [i] C:\documents and settings\derek\local settings\temp\i.exe
O4 - HKLM\..\Run: [sH] C:\documents and settings\derek\local settings\temp\sH.exe
O4 - HKLM\..\Run: [DBB] C:\documents and settings\derek\local settings\temp\DBB.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msci] C:\program files\mcafee.com\shared\mcinfo.exe /insfin
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Derek\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Ftn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: ALLDATASC MSDE Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\panda software\panda platinum internet security\pavlsp.dll' missing
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 209.8.20.130
O15 - Trusted IP range: 209.8.20.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv342/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - file://c:\x.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\lvp8097ue.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - c:\program files\netscape internet service\ncupdatesvc.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)

The Bolded items are either QUESTIONABLE or BAD.

Please run a full system scan with Spybot S&D (download).

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page

1. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
2. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
3. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
4. Once the definitions have been updated:
5. Reconfigure Ad-Aware for Full Scan as per the following instructions:
   • Launch the program, and click on the Gear at the top of the start screen.
   • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
     • "Automatically save logfile"
     • Automatically quarantine objects prior to removal"
     • Safe Mode (always request confirmation)
     • Prompt to update outdated confirmation) - Change to 7 days.
   • Click the "Scanning" button (On the left side).
   • Under Drives & Folders, select "Scan within Archives"
   • Click "Click here to select Drives + folders" and select your installed hard drives.
   • Under Memory & Registry, select all options.
   • Click the "Advanced" button (On the left hand side).
   • Under "Shell Integration", select "Move deleted files to Recycle Bin".
   • Under "Log-file detail", select all options.
   • Click on the "Defaults" button on the left.
   • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
   • Click the "Tweak" button (Again, on the left hand side).
   • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
     • "Unload recognized processes during scanning."
     • "Obtain command line of scanned processes"
     • "Scan registry for all users instead of current user only"
   • Under "Cleaning Engine", select the following:
     • "Automatically try to unregister objects prior to deletion."
     • "During removal, unload explorer and IE if necessary"
     • "Let Windows remove files in use at next reboot."
     • "Delete quarrantined objects after restoring"
   • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
   • Click on "Proceed" to save these Preferences.
   • Click on the "Scan Now" button on the left.
   • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
6. Close all programs except ad-aware.
7. Click on "Next" in the bottom right corner to start the scan.
8. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
9. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

************************************

We need to bring the HOSTS file back to normal, please download and run: Reset your host file. Click Here to download HostsFileReader. To reset the host file to default, simply open the program, click the "reset default" button, and confirm the changes.

*************************************

That should fix most of your internet problems. Please post another log of HijackThis to be sure that the problems are fixed.)







(These are practice replies, just to help people learn how to clean their computer (If infected), and to help others.