Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

karate0kat

52 Posts

3066

February 27th, 2008 02:00

Problems with spyware

I posted a week ago or so, but I didn't get a response, which I understand.  But hopefully someone can help my this time.  I had a whole bunch of spyware and other stuff.  My brother managed to get most of it off, but Spybot Search and Destroy still reads something called Fast Click that won't go away no matter how many times I try and heal it.  So far the noticable 'symptoms' include warning messages from the spyware saying I'm infected that try and pass as Windows warnings and try to sell me stuff, and I can't use google.  Or rather, I can use it, but if I try to click on a link it opens a new window with more anti-spyware stuff for me to buy instead of following the link.  Oh, and to clean off what he managed to clean my brother had to run my laptop off of a cd so he could do stuff without having the spyware running.  We couldn't get rid of it any other way, but now I'm still stuck with this last thing.  Here's the hijack log:

 

 

Logfile of HijackThis v1.99.1
Scan saved at 10:36:00 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202662933.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD8677] cmd /c del "C:\Documents and Settings\s-cmackie2\Local Settings\Temp\i1FB.tmp_old"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188925426859
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

markamus

435 Posts

March 4th, 2008 15:00

Hi karate0kat,

Sorry for the delay.

If you still need assistance, please do the following:

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press " Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Important: Do NOT run option # 2 or any other options until asked to do so!
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

karate0kat

52 Posts

March 8th, 2008 19:00

Sorry it took so long to reply, I've been moving.  Here's the log as requested:

 

SmitFraudFix v2.300

Scan done at 14:55:35.19, Sat 03/08/2008
Run from C:\Documents and Settings\s-cmackie2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RiffTrax DVD Player\RiffTrax.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\wuuawkz.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\s-cmackie2


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\s-cmackie2\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\S-CMAC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ FOUND !
C:\Program Files\NetProject\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"

[HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
@="C:\WINDOWS\system32\wuuawkz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
@="C:\WINDOWS\system32\wuuawkz.dll"

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C3F3A7E-508D-46F3-8218-757271869D34}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C3F3A7E-508D-46F3-8218-757271869D34}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

markamus

435 Posts

March 8th, 2008 19:00

Hi karate0kat,

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exeSelect option #2 - Clean by typing 2 and press " Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

In your next reply, please include the following:
  • The new SmitfraudFix log
  • A fresh HijackThis log
  • A description of how the PC is running

karate0kat

52 Posts

March 8th, 2008 19:00

T

karate0kat

52 Posts

March 8th, 2008 20:00

The SmitfraudFix report came up while still in safe mode, not after I had restarted the computer.  Since the computer kept freezing whenever I tried to post that one I just ran the program again and got a new report, so hopefully this one will post.  As for how my PC is running, aside from the issues posting here, the two problems that I reported in the OP seem to have gone away.  It's running a bit slow now, but that's after I tried to post the other log and it froze.  The first couple times that happened I restarted and it was fine until I tried again, so after I post this I'm going to restart againg and it will probably run fine.

 

Here is the new log:

SmitFraudFix v2.300

Scan done at 16:23:48.01, Sat 03/08/2008
Run from C:\Documents and Settings\s-cmackie2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\s-cmackie2


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\s-cmackie2\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\S-CMAC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"

[HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
@="C:\WINDOWS\system32\wuuawkz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
@="C:\WINDOWS\system32\wuuawkz.dll"

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C3F3A7E-508D-46F3-8218-757271869D34}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C3F3A7E-508D-46F3-8218-757271869D34}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6C3F3A7E-508D-46F3-8218-757271869D34}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

karate0kat

52 Posts

March 8th, 2008 20:00

OK, I've tried to post the logs 3 times now, and it keeps freezing and telling me that a script on this page is making it run slow.  I'm going to try just posting the hijack this log first, since the problems seem to start when I past the other report. 

 

Logfile of HijackThis v1.99.1
Scan saved at 4:19:05 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202662933.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD8677] cmd /c del "C:\Documents and Settings\s-cmackie2\Local Settings\Temp\i1FB.tmp_old"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188925426859
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

markamus

435 Posts

March 8th, 2008 20:00

Hi karate0kat,

The log posted is for the first run of SmitfraudFix. I need to see the 2nd run, using option #2. The log should be saved at C:\rapport.txt. However, in Safe Mode, you won't be able to access the internet. You'll need to reboot into Windows normally. Once rebooted, post the contents of C:\rapport.txt. Please re-run the scan and post the contents here for me to see.

karate0kat

52 Posts

March 8th, 2008 20:00

And just to inform you as much as possible, the log that came up in safe mode that wouldn't post, it said ***inserted by Stopzilla*** next to some other stuff I don't understand, and then had a really long list of websites, none of which I've gone to, and some of which are most definitely porn judging by the title.  Next to all these sites (on the left hand side) is the number 127.0.0.1.   And then some more technical stuff that I don't understand.  When I tried to post that log here a lot of those sites showed up in blue as a link, so I'm guessing that's why it wouldn't post.  But then again, I don't know what I'm talking about.

karate0kat

52 Posts

March 8th, 2008 21:00

OK, so I get an error message telling me I can't post more than 20,000 characters in one post, and apparently the log has about 207,398 characters.  I tried to post it in several parts but it keeps telling me I've exceeded the limit when I know I haven't.  So I'm not sure what you want me to do.  I copied the log into word so I could get a count, and there are 177 pages.  I have no idea how small of sections I would have to break this into to get it to post, but I don't have that much time.  I'm not sure what else to try.

markamus

435 Posts

March 8th, 2008 21:00

Wow, that's quite a bit. Let's try this.

Please download ATF cleaner
This program is for XP and Windows 2000 only
Make sure that all browser windows are closed.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select AllClick the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select AllClick the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Once this has been done, please re-run the scan and see if it is any smaller. If there are still too many characters, you may split your reply up into more than one post.

karate0kat

52 Posts

March 9th, 2008 00:00

127.0.0.1    www.adipics.com
127.0.0.1    adipics.com
127.0.0.1    www.adlogix.com
127.0.0.1    adlogix.com
127.0.0.1    www.admin2cash.biz
127.0.0.1    admin2cash.biz
127.0.0.1    adnet-plus.com
127.0.0.1    www.adnetserver.com
127.0.0.1    adnetserver.com
127.0.0.1    adobe-download-now.com
127.0.0.1    www.adobe-downloads.com
127.0.0.1    adobe-downloads.com
127.0.0.1    www.adobe-reader-8.fr
127.0.0.1    adobe-reader-8.fr
127.0.0.1    www.adprotect.com
127.0.0.1    adprotect.com
127.0.0.1    ads.centralmedia.ws
127.0.0.1    ads.k8l.info
127.0.0.1    ads.kmpads.com
127.0.0.1    ads.kw.revenue.net
127.0.0.1    ads.marketingsector.com
127.0.0.1    ads.searchingbooth.com
127.0.0.1    ads.z-quest.com
127.0.0.1    ads1.revenue.net
127.0.0.1    www.ads183.com
127.0.0.1    ads183.com
127.0.0.1    www.adscontex.com
127.0.0.1    adscontex.com
127.0.0.1    www.adservices1.enhance.com
127.0.0.1    adservices1.enhance.com
127.0.0.1    adservs.com
127.0.0.1    www.ad*tend.net
127.0.0.1    ad*tend.net
127.0.0.1    www.adshttp.com
127.0.0.1    adshttp.com
127.0.0.1    www.adsniffer.com
127.0.0.1    adsniffer.com
127.0.0.1    www.adsonwww.com
127.0.0.1    adsonwww.com
127.0.0.1    www.adspics.com
127.0.0.1    adspics.com
127.0.0.1    www.adsrevenue.net
127.0.0.1    adsrevenue.net
127.0.0.1    www.adtrak.net
127.0.0.1    adtrak.net
127.0.0.1    adtrgt.com
127.0.0.1    www.adult777search.info
127.0.0.1    adult777search.info
127.0.0.1    www.adultan.com
127.0.0.1    adultan.com
127.0.0.1    www.adult-engine-search.com
127.0.0.1    adult-engine-search.com
127.0.0.1    www.adult-erotic-guide.net
127.0.0.1    adult-erotic-guide.net
127.0.0.1    www.adultfilmsite.com
127.0.0.1    adultfilmsite.com
127.0.0.1    www.adult-friends-finder.net
127.0.0.1    adult-friends-finder.net
127.0.0.1    adultgambling.org
127.0.0.1    adult-host.org
127.0.0.1    www.adulthyperlinks.com
127.0.0.1    adulthyperlinks.com
127.0.0.1    www.adultmovieplus.com
127.0.0.1    adultmovieplus.com
127.0.0.1    www.adult-mpg.net
127.0.0.1    adult-mpg.net
127.0.0.1    adult-personal.us
127.0.0.1    adultsgames.net
127.0.0.1    www.adultsonlyvids.com
127.0.0.1    adultsonlyvids.com
127.0.0.1    www.adultsper.com
127.0.0.1    adultsper.com
127.0.0.1    www.adulttds.com
127.0.0.1    adulttds.com
127.0.0.1    www.adultzoneworld.com
127.0.0.1    adultzoneworld.com
127.0.0.1    www.advcash.biz
127.0.0.1    advcash.biz
127.0.0.1    advert.exaccess.ru
127.0.0.1    www.advertisemoney.info
127.0.0.1    advertisemoney.info
127.0.0.1    advertising.paltalk.com
127.0.0.1    www.advertising-money.info
127.0.0.1    advertising-money.info
127.0.0.1    ad-ware.cc
127.0.0.1    www.ad-w-a-r-e.com
127.0.0.1    ad-w-a-r-e.com
127.0.0.1    www.a-d-w-a-r-e.com
127.0.0.1    a-d-w-a-r-e.com
127.0.0.1    www.adwarebazooka.com
127.0.0.1    adwarebazooka.com
127.0.0.1    www.adwarecommander.com
127.0.0.1    adwarecommander.com
127.0.0.1    www.adwarefinder.com
127.0.0.1    adwarefinder.com
127.0.0.1    www.adwaregold.com
127.0.0.1    adwaregold.com
127.0.0.1    www.adwarepatrol.com
127.0.0.1    adwarepatrol.com
127.0.0.1    www.adwareplatinum.com
127.0.0.1    adwareplatinum.com
127.0.0.1    www.adwareprotectionsite.com
127.0.0.1    adwareprotectionsite.com
127.0.0.1    www.adwarepunisher.com
127.0.0.1    adwarepunisher.com
127.0.0.1    www.adwareremover.ws
127.0.0.1    adwareremover.ws
127.0.0.1    www.adwaresafety.com
127.0.0.1    adwaresafety.com
127.0.0.1    www.adwarexp.com
127.0.0.1    adwarexp.com
127.0.0.1    affiliate.idownload.com
127.0.0.1    www.aflgate.com
127.0.0.1    aflgate.com
127.0.0.1    africaspromise.org
127.0.0.1    agava.com
127.0.0.1    agava.ru
127.0.0.1    agentstudio.com
127.0.0.1    www.aginegialle.it
127.0.0.1    aginegialle.it
127.0.0.1    aifind.info
127.0.0.1    www.aifind.info
127.0.0.1    www.airtleworld.com
127.0.0.1    airtleworld.com
127.0.0.1    www.aitalia.it
127.0.0.1    aitalia.it
127.0.0.1    akamai.downloadv3.com
127.0.0.1    www.aklitalia.it
127.0.0.1    aklitalia.it
127.0.0.1    akril.com
127.0.0.1    alcatel.ws
127.0.0.1    www.alertspy.com
127.0.0.1    alertspy.com
127.0.0.1    www.alfacleaner.com
127.0.0.1    alfacleaner.com
127.0.0.1    alfa-search.com
127.0.0.1    www.alialia.it
127.0.0.1    alialia.it
127.0.0.1    www.aliotalia.it
127.0.0.1    aliotalia.it
127.0.0.1    www.alirtalia.it
127.0.0.1    alirtalia.it
127.0.0.1    www.alitaia.it
127.0.0.1    alitaia.it
127.0.0.1    www.alitaklia.it
127.0.0.1    alitaklia.it
127.0.0.1    www.alitala.it
127.0.0.1    alitala.it
127.0.0.1    www.alitali.it
127.0.0.1    alitali.it
127.0.0.1    www.alitaliaq.it
127.0.0.1    alitaliaq.it
127.0.0.1    www.alitalias.it
127.0.0.1    alitalias.it
127.0.0.1    www.alitaliaz.it
127.0.0.1    alitaliaz.it
127.0.0.1    www.alitalioa.it
127.0.0.1    alitalioa.it
127.0.0.1    www.alitalisa.it
127.0.0.1    alitalisa.it
127.0.0.1    www.alitaliua.it
127.0.0.1    alitaliua.it
127.0.0.1    www.alitalkia.it
127.0.0.1    alitalkia.it
127.0.0.1    www.alitaloia.it
127.0.0.1    alitaloia.it
127.0.0.1    www.alitaluia.it
127.0.0.1    alitaluia.it
127.0.0.1    www.alitaslia.it
127.0.0.1    alitaslia.it
127.0.0.1    www.alitlia.it
127.0.0.1    alitlia.it
127.0.0.1    www.alitralia.it
127.0.0.1    alitralia.it
127.0.0.1    www.alitsalia.it
127.0.0.1    alitsalia.it
127.0.0.1    www.aliutalia.it
127.0.0.1    aliutalia.it
127.0.0.1    www.ALL1COUNT.NET
127.0.0.1    ALL1COUNT.NET
127.0.0.1    www.all4internet.com
127.0.0.1    all4internet.com
127.0.0.1    allabtcars.com
127.0.0.1    allabtjeeps.com
127.0.0.1    www.all-bittorrent.com
127.0.0.1    all-bittorrent.com
127.0.0.1    allcybersearch.com
127.0.0.1    www.allcybersearch.com
127.0.0.1    www.alldnserrors.com
127.0.0.1    alldnserrors.com
127.0.0.1    www.all-downloads-now.com
127.0.0.1    all-downloads-now.com
127.0.0.1    www.all-edonkey.com
127.0.0.1    all-edonkey.com
127.0.0.1    www.allertaminacce.com
127.0.0.1    allertaminacce.com
127.0.0.1    allforadult.com
127.0.0.1    allhyperlinks.com
127.0.0.1    www.alliesecurity.com
127.0.0.1    alliesecurity.com
127.0.0.1    all-inet.com
127.0.0.1    allinternetbusiness.com
127.0.0.1    www.all-limewire.com
127.0.0.1    all-limewire.com
127.0.0.1    www.allmegabucks.com
127.0.0.1    allmegabucks.com
127.0.0.1    www.allprotections.com
127.0.0.1    allprotections.com
127.0.0.1    www.allresultz.net
127.0.0.1    allresultz.net
127.0.0.1    www.allsearch.us
127.0.0.1    allsearch.us
127.0.0.1    www.allsecuritynotes.com
127.0.0.1    allsecuritynotes.com
127.0.0.1    www.allsecuritysite.com
127.0.0.1    allsecuritysite.com
127.0.0.1    www.allstarsvideos.net
127.0.0.1    allstarsvideos.net
127.0.0.1    www.alltiettantivirus.com
127.0.0.1    alltiettantivirus.com
127.0.0.1    www.alltruesoftware.com
127.0.0.1    alltruesoftware.com
127.0.0.1    www.allvideoactivex.com
127.0.0.1    allvideoactivex.com
127.0.0.1    www.almanah.biz
127.0.0.1    almanah.biz
127.0.0.1    almarvideos.com
127.0.0.1    www.aloitalia.it
127.0.0.1    aloitalia.it
127.0.0.1    www.aluitalia.it
127.0.0.1    aluitalia.it
127.0.0.1    www.amaena.com
127.0.0.1    amaena.com
127.0.0.1    amandamountains.com
127.0.0.1    www.amateurliveshow.com
127.0.0.1    amateurliveshow.com
127.0.0.1    www.amediasoftware.com
127.0.0.1    amediasoftware.com
127.0.0.1    www.amediasource.com
127.0.0.1    amediasource.com
127.0.0.1    www.americanautobargains.com
127.0.0.1    americanautobargains.com
127.0.0.1    www.americancarbargains.com
127.0.0.1    americancarbargains.com
127.0.0.1    american-teens.net
127.0.0.1    amigeek.com
127.0.0.1    www.amigobore.com
127.0.0.1    amigobore.com
127.0.0.1    amisbusiness.com
127.0.0.1    www.ampmsearch.com
127.0.0.1    ampmsearch.com
127.0.0.1    www.analcord.com
127.0.0.1    analcord.com
127.0.0.1    analmovi.com
127.0.0.1    www.anarchylolita.com
127.0.0.1    anarchylolita.com
127.0.0.1    anarchyporn.com
127.0.0.1    www.andromedical.com
127.0.0.1    andromedical.com
127.0.0.1    www.animepornmag.com
127.0.0.1    animepornmag.com
127.0.0.1    anin.org
127.0.0.1    www.anjpn-avxiz.biz
127.0.0.1    anjpn-avxiz.biz
127.0.0.1    www.anjpnzqav.biz
127.0.0.1    anjpnzqav.biz
127.0.0.1    www.anjpn-zqav.biz
127.0.0.1    anjpn-zqav.biz
127.0.0.1    annaromeo.com
127.0.0.1    www.antiddos.us
127.0.0.1    antiddos.us
127.0.0.1    www.Antiespiadorado.com
127.0.0.1    Antiespiadorado.com
127.0.0.1    www.Antiespionspack.com

karate0kat

52 Posts

March 9th, 2008 00:00

OK, that didn't shrink it at all, and when I tried to post it in several posts I still got an error message because there is a word used quite a few times that won't pass the language filter.  I would tell you what it is but then this post wouldn't be postable.

karate0kat

52 Posts

March 9th, 2008 00:00

127.0.0.1    www.g0oogle.it
127.0.0.1    g0oogle.it
127.0.0.1    www.g9oogle.it
127.0.0.1    g9oogle.it
127.0.0.1    ga31.com
127.0.0.1    www.gaazzetta.it
127.0.0.1    gaazzetta.it
127.0.0.1    gabrielscott.com
127.0.0.1    www.gad-network.com
127.0.0.1    gad-network.com
127.0.0.1    www.galleriesforporn.com
127.0.0.1    galleriesforporn.com
127.0.0.1    www.galleryclick.net
127.0.0.1    galleryclick.net
127.0.0.1    www.gallerypictures.net
127.0.0.1    gallerypictures.net
127.0.0.1    www.gallsforporn.com
127.0.0.1    gallsforporn.com
127.0.0.1    galpostgirls.com
127.0.0.1    gals-for-free.com
127.0.0.1    gambling-online4you.com
127.0.0.1    www.game4all.biz
127.0.0.1    game4all.biz
127.0.0.1    www.games.de.ag
127.0.0.1    games.de.ag
127.0.0.1    games.uzoogle.com
127.0.0.1    www.games-desktop.com
127.0.0.1    games-desktop.com
127.0.0.1    gameterror.net
127.0.0.1    www.gaqzzetta.it
127.0.0.1    gaqzzetta.it
127.0.0.1    www.garfirm.com
127.0.0.1    garfirm.com
127.0.0.1    www.gaszzetta.it
127.0.0.1    gaszzetta.it
127.0.0.1    www.gaxzetta.it
127.0.0.1    gaxzetta.it
127.0.0.1    www.gaxzzetta.it
127.0.0.1    gaxzzetta.it
127.0.0.1    *50.com
127.0.0.1    *-clan.com
127.0.0.1    www.*spornmag.com
127.0.0.1    *spornmag.com
127.0.0.1    www.*sto*.com
127.0.0.1    *sto*.com
127.0.0.1    www.gazxetta.it
127.0.0.1    gazxetta.it
127.0.0.1    www.gazxzetta.it
127.0.0.1    gazxzetta.it
127.0.0.1    www.gazzaetta.it
127.0.0.1    gazzaetta.it
127.0.0.1    www.gazzdetta.it
127.0.0.1    gazzdetta.it
127.0.0.1    www.gazzedtta.it
127.0.0.1    gazzedtta.it
127.0.0.1    www.gazzeetta.it
127.0.0.1    gazzeetta.it
127.0.0.1    www.gazzeftta.it
127.0.0.1    gazzeftta.it
127.0.0.1    www.gazzegtta.it
127.0.0.1    gazzegtta.it
127.0.0.1    www.gazzehtta.it
127.0.0.1    gazzehtta.it
127.0.0.1    www.gazzerta.it
127.0.0.1    gazzerta.it
127.0.0.1    www.gazzertta.it
127.0.0.1    gazzertta.it
127.0.0.1    www.gazzestta.it
127.0.0.1    gazzestta.it
127.0.0.1    www.gazzetra.it
127.0.0.1    gazzetra.it
127.0.0.1    www.gazzett.it
127.0.0.1    gazzett.it
127.0.0.1    www.gazzettaa.it
127.0.0.1    gazzettaa.it
127.0.0.1    www.gazzettaq.it
127.0.0.1    gazzettaq.it
127.0.0.1    www.gazzettas.it
127.0.0.1    gazzettas.it
127.0.0.1    www.gazzettaz.it
127.0.0.1    gazzettaz.it
127.0.0.1    www.gazzettfa.it
127.0.0.1    gazzettfa.it
127.0.0.1    www.gazzettga.it
127.0.0.1    gazzettga.it
127.0.0.1    www.gazzettha.it
127.0.0.1    gazzettha.it
127.0.0.1    www.gazzettqa.it
127.0.0.1    gazzettqa.it
127.0.0.1    www.gazzettra.it
127.0.0.1    gazzettra.it
127.0.0.1    www.gazzetts.it
127.0.0.1    gazzetts.it
127.0.0.1    www.gazzettsa.it
127.0.0.1    gazzettsa.it
127.0.0.1    www.gazzettya.it
127.0.0.1    gazzettya.it
127.0.0.1    www.gazzettza.it
127.0.0.1    gazzettza.it
127.0.0.1    www.gazzetya.it
127.0.0.1    gazzetya.it
127.0.0.1    www.gazzetyta.it
127.0.0.1    gazzetyta.it
127.0.0.1    www.gazzeyta.it
127.0.0.1    gazzeyta.it
127.0.0.1    www.gazzeytta.it
127.0.0.1    gazzeytta.it
127.0.0.1    www.gazzfetta.it
127.0.0.1    gazzfetta.it
127.0.0.1    www.gazzretta.it
127.0.0.1    gazzretta.it
127.0.0.1    www.gazzrtta.it
127.0.0.1    gazzrtta.it
127.0.0.1    www.gazzsetta.it
127.0.0.1    gazzsetta.it
127.0.0.1    www.gazztta.it
127.0.0.1    gazztta.it
127.0.0.1    www.gazzwetta.it
127.0.0.1    gazzwetta.it
127.0.0.1    www.gazzwtta.it
127.0.0.1    gazzwtta.it
127.0.0.1    www.gazzxetta.it
127.0.0.1    gazzxetta.it
127.0.0.1    www.gbazzetta.it
127.0.0.1    gbazzetta.it
127.0.0.1    www.gboogle.it
127.0.0.1    gboogle.it
127.0.0.1    www.ge.net
127.0.0.1    ge.net
127.0.0.1    www.geil-de.info
127.0.0.1    geil-de.info
127.0.0.1    generalsmeltingofcanada.com
127.0.0.1    www.generateskey.com
127.0.0.1    generateskey.com
127.0.0.1    germany.rub.to
127.0.0.1    www.gerrari.it
127.0.0.1    gerrari.it
127.0.0.1    get.adwarebazooka.com
127.0.0.1    get.hitvirus.com
127.0.0.1    www.get-access.host.sk
127.0.0.1    www.getanysoftware.com
127.0.0.1    getanysoftware.com
127.0.0.1    www.getbestloanrate.info
127.0.0.1    getbestloanrate.info
127.0.0.1    www.getdailyimages.com
127.0.0.1    getdailyimages.com
127.0.0.1    www.getdvdshrink2007.com
127.0.0.1    getdvdshrink2007.com
127.0.0.1    geteens.com
127.0.0.1    www.getfound.com
127.0.0.1    getfound.com
127.0.0.1    www.getfreepornvideo.com
127.0.0.1    getfreepornvideo.com
127.0.0.1    www.getimageactivex.com
127.0.0.1    getimageactivex.com
127.0.0.1    www.get-ipod-music.com
127.0.0.1    get-ipod-music.com
127.0.0.1    getmirar.com
127.0.0.1    www.get-mp3-onlined.com
127.0.0.1    get-mp3-onlined.com
127.0.0.1    www.getpatytoday.info
127.0.0.1    getpatytoday.info
127.0.0.1    www.getpcmusic.com
127.0.0.1    getpcmusic.com
127.0.0.1    www.getphotosets.com
127.0.0.1    getphotosets.com
127.0.0.1    getpicshere.com
127.0.0.1    www.getpornmag.com
127.0.0.1    getpornmag.com
127.0.0.1    www.getpornvideoz.com
127.0.0.1    getpornvideoz.com
127.0.0.1    www.get-realplayer.com
127.0.0.1    get-realplayer.com
127.0.0.1    www.get-spybot.com
127.0.0.1    get-spybot.com
127.0.0.1    www.getvaxobject.com
127.0.0.1    getvaxobject.com
127.0.0.1    www.getvideosource.com
127.0.0.1    getvideosource.com
127.0.0.1    www.get-winrar.com
127.0.0.1    get-winrar.com
127.0.0.1    www.getxmovies.com
127.0.0.1    getxmovies.com
127.0.0.1    www.getxxxphotos.com
127.0.0.1    getxxxphotos.com
127.0.0.1    www.get-zune.com
127.0.0.1    get-zune.com
127.0.0.1    www.gfazzetta.it
127.0.0.1    gfazzetta.it
127.0.0.1    www.gfoogle.it
127.0.0.1    gfoogle.it
127.0.0.1    www.gfxgraphics.net
127.0.0.1    gfxgraphics.net
127.0.0.1    www.ggazzetta.it
127.0.0.1    ggazzetta.it
127.0.0.1    www.ghazzetta.it
127.0.0.1    ghazzetta.it
127.0.0.1    www.ghktoolkit.com
127.0.0.1    ghktoolkit.com
127.0.0.1    www.ghoogle.it
127.0.0.1    ghoogle.it
127.0.0.1    www.giangho.biz
127.0.0.1    giangho.biz
127.0.0.1    www.gigacodec.net
127.0.0.1    gigacodec.net
127.0.0.1    www.gigaz.info
127.0.0.1    gigaz.info
127.0.0.1    gimmezamore.com
127.0.0.1    gimnasiaer.com
127.0.0.1    www.giogle.it
127.0.0.1    giogle.it
127.0.0.1    www.gioogle.it
127.0.0.1    gioogle.it
127.0.0.1    www.girgilio.it
127.0.0.1    girgilio.it
127.0.0.1    girls4rent.net
127.0.0.1    girls-porn-life.com
127.0.0.1    www.giscali.it
127.0.0.1    giscali.it
127.0.0.1    www.givecnt.info
127.0.0.1    givecnt.info
127.0.0.1    www.givemepornvids.com
127.0.0.1    givemepornvids.com
127.0.0.1    www.gkoogle.it
127.0.0.1    gkoogle.it
127.0.0.1    www.gl.secdep.info
127.0.0.1    gl.secdep.info
127.0.0.1    glbdf.org
127.0.0.1    www.globalefinder.com
127.0.0.1    globalefinder.com
127.0.0.1    global-finder.com
127.0.0.1    globalwebsearch.com
127.0.0.1    globe-finder.cc
127.0.0.1    globe-finder.com
127.0.0.1    www.globesearch.com
127.0.0.1    globesearch.com
127.0.0.1    www.glogle.it
127.0.0.1    glogle.it
127.0.0.1    www.gneprogram.com
127.0.0.1    gneprogram.com
127.0.0.1    go.drivecleaner.com
127.0.0.1    go.errorsafe.com

markamus

435 Posts

March 9th, 2008 00:00

Replace whatever word it is with the asterisk (*) and see if it will let you post it then.

karate0kat

52 Posts

March 9th, 2008 00:00

127.0.0.1    www.cirriere.it
127.0.0.1    cirriere.it
127.0.0.1    ckick4thumbs.com
127.0.0.1    cl55.biz
127.0.0.1    clackamasliteraryreview.com
127.0.0.1    www.clckm.com
127.0.0.1    clckm.com
127.0.0.1    www.cleancodec.com
127.0.0.1    cleancodec.com
127.0.0.1    www.cleansoftwares.com
127.0.0.1    cleansoftwares.com
127.0.0.1    clearsearch.cc
127.0.0.1    clearsearch.net
127.0.0.1    clickaire.com
127.0.0.1    www.click-codec.com
127.0.0.1    click-codec.com
127.0.0.1    www.clickhere4search.com
127.0.0.1    clickhere4search.com
127.0.0.1    www.click-new-download.com
127.0.0.1    click-new-download.com
127.0.0.1    click-now.net
127.0.0.1    www.clickspring.net
127.0.0.1    clickspring.net
127.0.0.1    www.click-to-download.com
127.0.0.1    click-to-download.com
127.0.0.1    www.clicktomakeasearch.com
127.0.0.1    clicktomakeasearch.com
127.0.0.1    clickyestoenter.net
127.0.0.1    client.exeupdate.com
127.0.0.1    client.myadultexplorer.com
127.0.0.1    www.cliks.org
127.0.0.1    cliks.org
127.0.0.1    www.clipsfestival.com
127.0.0.1    clipsfestival.com
127.0.0.1    www.clipsreality.com
127.0.0.1    clipsreality.com
127.0.0.1    www.clorriere.it
127.0.0.1    clorriere.it
127.0.0.1    clrsch.com
127.0.0.1    www.clubxxxvideo.com
127.0.0.1    clubxxxvideo.com
127.0.0.1    clusif.free.fr
127.0.0.1    cmtapestry.com
127.0.0.1    www.cnetadd.com
127.0.0.1    cnetadd.com
127.0.0.1    www.cnomy.com
127.0.0.1    cnomy.com
127.0.0.1    www.cnzz.com
127.0.0.1    cnzz.com
127.0.0.1    code.ignphrases.com
127.0.0.1    codec.ninoa.com
127.0.0.1    www.codecbsplay.com
127.0.0.1    codecbsplay.com
127.0.0.1    www.codecdvd.net
127.0.0.1    codecdvd.net
127.0.0.1    www.codecdvi.com
127.0.0.1    codecdvi.com
127.0.0.1    www.codec-fun.com
127.0.0.1    codec-fun.com
127.0.0.1    www.codechard.com
127.0.0.1    codechard.com
127.0.0.1    www.codechot.net
127.0.0.1    codechot.net
127.0.0.1    www.codechq.net
127.0.0.1    codechq.net
127.0.0.1    www.codecmeg.net
127.0.0.1    codecmeg.net
127.0.0.1    www.codecmega.net
127.0.0.1    codecmega.net
127.0.0.1    www.codecmpg.com
127.0.0.1    codecmpg.com
127.0.0.1    www.codecnice.net
127.0.0.1    codecnice.net
127.0.0.1    www.codecops.net
127.0.0.1    codecops.net
127.0.0.1    www.codecpretty.net
127.0.0.1    codecpretty.net
127.0.0.1    www.codecpro.net
127.0.0.1    codecpro.net
127.0.0.1    www.codecsoft.net
127.0.0.1    codecsoft.net
127.0.0.1    www.codectime.com
127.0.0.1    codectime.com
127.0.0.1    www.codecultra.net
127.0.0.1    codecultra.net
127.0.0.1    www.codecvids.com
127.0.0.1    codecvids.com
127.0.0.1    www.codecvip.com
127.0.0.1    codecvip.com
127.0.0.1    www.codecviva.com
127.0.0.1    codecviva.com
127.0.0.1    www.codeczang.net
127.0.0.1    codeczang.net
127.0.0.1    www.codrriere.it
127.0.0.1    codrriere.it
127.0.0.1    www.coeriere.it
127.0.0.1    coeriere.it
127.0.0.1    www.coerriere.it
127.0.0.1    coerriere.it
127.0.0.1    www.cofrriere.it
127.0.0.1    cofrriere.it
127.0.0.1    www.cogrriere.it
127.0.0.1    cogrriere.it
127.0.0.1    www.coirriere.it
127.0.0.1    coirriere.it
127.0.0.1    www.commonname.com
127.0.0.1    www.computerpcgames.net
127.0.0.1    computerpcgames.net
127.0.0.1    www.computerrecover.com
127.0.0.1    computerrecover.com
127.0.0.1    config.180solutions.com
127.0.0.1    www.content.dollarrevenue.com
127.0.0.1    www.content.ireit.com
127.0.0.1    content.ireit.com
127.0.0.1    content.onerateld.com
127.0.0.1    www.contentmatch.net
127.0.0.1    contentmatch.net
127.0.0.1    www.contextplus.net
127.0.0.1    contextplus.net
127.0.0.1    www.contra-virus.com
127.0.0.1    contra-virus.com
127.0.0.1    www.controlmeh.com
127.0.0.1    controlmeh.com
127.0.0.1    www.convenient-search.com
127.0.0.1    convenient-search.com
127.0.0.1    www.cooldeskalert.com
127.0.0.1    cooldeskalert.com
127.0.0.1    coolfetishsite.com
127.0.0.1    coolfreehost.com
127.0.0.1    coolfreepage.com
127.0.0.1    coolfreepages.com
127.0.0.1    cool-homepage.co
127.0.0.1    cool-homepage.com
127.0.0.1    coolmoneysearch.com
127.0.0.1    coolpornsearch.com
127.0.0.1    cool-search.net
127.0.0.1    cool-search.netfartpost.com
127.0.0.1    coolsearcher.info
127.0.0.1    www.coolservecorp.net
127.0.0.1    coolservecorp.net
127.0.0.1    cool-web-search.com
127.0.0.1    coolwebsearsh.com
127.0.0.1    www.coolwwwsearch.com
127.0.0.1    coolwwwsearch.com
127.0.0.1    cool-xxx.net
127.0.0.1    www.coorriere.it
127.0.0.1    coorriere.it
127.0.0.1    copmtraine.com
127.0.0.1    www.coprriere.it
127.0.0.1    coprriere.it
127.0.0.1    www.core.psyche-evolution.com
127.0.0.1    core.psyche-evolution.com
127.0.0.1    www.coreiere.it
127.0.0.1    coreiere.it
127.0.0.1    www.coreriere.it
127.0.0.1    coreriere.it
127.0.0.1    www.corrdiere.it
127.0.0.1    corrdiere.it
127.0.0.1    www.correiere.it
127.0.0.1    correiere.it
127.0.0.1    www.corrfiere.it
127.0.0.1    corrfiere.it
127.0.0.1    www.corrgiere.it
127.0.0.1    corrgiere.it
127.0.0.1    www.corridere.it
127.0.0.1    corridere.it
127.0.0.1    www.corriedre.it
127.0.0.1    corriedre.it
127.0.0.1    www.corriee.it
127.0.0.1    corriee.it
127.0.0.1    www.corrieere.it
127.0.0.1    corrieere.it
127.0.0.1    www.corriefre.it
127.0.0.1    corriefre.it
127.0.0.1    www.corriegre.it
127.0.0.1    corriegre.it
127.0.0.1    www.corrierde.it
127.0.0.1    corrierde.it
127.0.0.1    www.corriered.it
127.0.0.1    corriered.it
127.0.0.1    www.corrieree.it
127.0.0.1    corrieree.it
127.0.0.1    www.corrieref.it
127.0.0.1    corrieref.it
127.0.0.1    www.corrierer.it
127.0.0.1    corrierer.it
127.0.0.1    www.corrieres.it
127.0.0.1    corrieres.it
127.0.0.1    www.corrierew.it
127.0.0.1    corrierew.it
127.0.0.1    www.corrierfe.it
127.0.0.1    corrierfe.it
127.0.0.1    www.corrierge.it
127.0.0.1    corrierge.it
127.0.0.1    www.corrierr.it
127.0.0.1    corrierr.it
127.0.0.1    www.corrierre.it
127.0.0.1    corrierre.it
127.0.0.1    www.corrierse.it
127.0.0.1    corrierse.it
127.0.0.1    www.corrierte.it
127.0.0.1    corrierte.it
127.0.0.1    www.corrierw.it
127.0.0.1    corrierw.it
127.0.0.1    www.corrierwe.it
127.0.0.1    corrierwe.it
127.0.0.1    www.corriesre.it
127.0.0.1    corriesre.it
127.0.0.1    www.corriete.it
127.0.0.1    corriete.it
127.0.0.1    www.corrietre.it
127.0.0.1    corrietre.it
127.0.0.1    www.corriewre.it
127.0.0.1    corriewre.it
127.0.0.1    www.corrifere.it
127.0.0.1    corrifere.it
127.0.0.1    www.corriiere.it
127.0.0.1    corriiere.it
127.0.0.1    www.corrilere.it
127.0.0.1    corrilere.it
127.0.0.1    www.corrioere.it
127.0.0.1    corrioere.it
127.0.0.1    www.corrire.it
127.0.0.1    corrire.it
127.0.0.1    www.corrirere.it
127.0.0.1    corrirere.it
127.0.0.1    www.corrirre.it
127.0.0.1    corrirre.it
127.0.0.1    www.corrisere.it
127.0.0.1    corrisere.it
127.0.0.1    www.corriuere.it
127.0.0.1    corriuere.it
127.0.0.1    www.corriwere.it
127.0.0.1    corriwere.it
127.0.0.1    www.corriwre.it
127.0.0.1    corriwre.it
127.0.0.1    www.corrliere.it
127.0.0.1    corrliere.it
127.0.0.1    www.corroere.it
127.0.0.1    corroere.it
127.0.0.1    www.corroiere.it
127.0.0.1    corroiere.it
127.0.0.1    www.corrriere.it
127.0.0.1    corrriere.it
127.0.0.1    www.corrtiere.it
127.0.0.1    corrtiere.it
127.0.0.1    www.corruere.it
127.0.0.1    corruere.it
127.0.0.1    www.corruiere.it
127.0.0.1    corruiere.it
127.0.0.1    www.cortiere.it
127.0.0.1    cortiere.it
127.0.0.1    www.cortriere.it
127.0.0.1    cortriere.it
127.0.0.1    www.costrike.com
127.0.0.1    costrike.com
127.0.0.1    www.cotriere.it
127.0.0.1    cotriere.it
127.0.0.1    www.cotrriere.it
127.0.0.1    cotrriere.it
127.0.0.1    couldnotfind.com
127.0.0.1    count.cc
127.0.0.1    count.hitscount.net
127.0.0.1    count-all.com
127.0.0.1    www.countdutycall.info
127.0.0.1    countdutycall.info
127.0.0.1    counter.*maniack.com
127.0.0.1    www.courtrecordslookup.com
127.0.0.1    courtrecordslookup.com
127.0.0.1    www.cporriere.it
127.0.0.1    cporriere.it
127.0.0.1    www.cprriere.it
127.0.0.1    cprriere.it
127.0.0.1    cpvfeed.com
127.0.0.1    cracks.me.uk
127.0.0.1    www.cracks4all.com
127.0.0.1    cracks4all.com
127.0.0.1    www.*sgold.info
127.0.0.1    *sgold.info
127.0.0.1    Crazygirls-world.com
127.0.0.1    www.crazywinnings.com
127.0.0.1    crazywinnings.com
127.0.0.1    creamedcutties.com
127.0.0.1    www.createaccesskey.com
127.0.0.1    createaccesskey.com
127.0.0.1    creditsearchonline.com
127.0.0.1    crestring.com
127.0.0.1    crooder.com
127.0.0.1    www.crriere.it
127.0.0.1    crriere.it
127.0.0.1    www.cryptdrive.com
127.0.0.1    cryptdrive.com
127.0.0.1    www.crystalysmedia.com
127.0.0.1    crystalysmedia.com
127.0.0.1    www.csx.adservs.com
127.0.0.1    csx.adservs.com
127.0.0.1    cts.180solutions.com
127.0.0.1    www.cuisinartoven.com
127.0.0.1    cuisinartoven.com
127.0.0.1    www.curedc.info
127.0.0.1    curedc.info
127.0.0.1    www.curepcsolutions.com
127.0.0.1    curepcsolutions.com
127.0.0.1    curvedspaces.com
127.0.0.1    www.cutadult.com
127.0.0.1    cutadult.com
127.0.0.1    www.cvirgilio.it
127.0.0.1    cvirgilio.it
127.0.0.1    www.cvorriere.it
127.0.0.1    cvorriere.it
127.0.0.1    cvs.jps.ru
127.0.0.1    cvsymphony.com
127.0.0.1    www.cxorriere.it
127.0.0.1    cxorriere.it
127.0.0.1    www.cyberrape.com
127.0.0.1    cyberrape.com
127.0.0.1    cydom.com
127.0.0.1    www.cydoor.com
127.0.0.1    cydoor.com
127.0.0.1    www.daily3xlinks.com
127.0.0.1    daily3xlinks.com
127.0.0.1    www.dailybestclips.com
127.0.0.1    dailybestclips.com
127.0.0.1    daily-gals.com
127.0.0.1    www.dailyhugemovs.com
127.0.0.1    dailyhugemovs.com
127.0.0.1    www.dailykeys.com
127.0.0.1    dailykeys.com
127.0.0.1    www.dailypornmag.com
127.0.0.1    dailypornmag.com
127.0.0.1    dailyteenspic.com
127.0.0.1    www.dailytoolbar.com
127.0.0.1    dailytoolbar.com
127.0.0.1    www.dailyxvids.com
127.0.0.1    dailyxvids.com
127.0.0.1    dancingbabycd.com
127.0.0.1    www.dapsol.com
127.0.0.1    dapsol.com
127.0.0.1    www.dapsolution.com
127.0.0.1    dapsolution.com
127.0.0.1    www.data-hoster.com
127.0.0.1    data-hoster.com
127.0.0.1    datanotary.com
127.0.0.1    datareco.com
127.0.0.1    www.dateanybabe.com
127.0.0.1    dateanybabe.com
127.0.0.1    www.dateanychick.com
127.0.0.1    dateanychick.com
127.0.0.1    www.datingdoctorsite.com
127.0.0.1    datingdoctorsite.com
127.0.0.1    www.dating-galaxy.info
127.0.0.1    dating-galaxy.info
127.0.0.1    dating-search.net
127.0.0.1    davemarshall.org
127.0.0.1    db105.com
127.0.0.1    www.dbdecicated.com

View More

View All

No Events found!

Top