Hey guys; a friend of mine needs help with his friend's PC so I let him use my account, I tried to help him as much as I could but it's a pretty stubborn spyware prog. As usual, thanks for any help. Try to ignore the pr0n sites as best you can. =\
-Groov
Hardcore adware/scumware on my desktop, have hijackthis log.
Well, I'll qualify that a little... it's not my computer, but my friend's. He is out of town for a week or so and I've been housesitting for him. The last thing I want is for him to come home and rip me a new one for screwing up his pc.
OK, here's the scenario: a nasty piece of malware/adware/scumware has plopped a big fat ad right on my friend's pc's desktop and none of the 5 or 6 adware removal utilities i've tried can manage to do anything about it. It's like they can't even see it or something. I have since scanned with hijack this and i have a log with a whole lot of stuff in it. A lot of it is teh pr0n (not that I'm suprised, knowing this guy) but the log in it's entirety is posted below. This has happened once before when he was here and I managed to fix it using system restore. This time, however, I tried to fix it it the 1337 h4x0r way and in the process managed to lose all system restore points. *sigh* Sometimes the easiest way is the best way, que no?
Point being, if somebody who knows what they're doing could please
take a look at the log below and let me know what is causing this and what in there I can tell hijackthis to "fix" I'd really appreciate it. Oh, and you'd be saving me from a severe ball-busting, which is good Karma or something.
Thanks.
Logfile of HijackThis v1.98.0
Scan saved at 4:04:23 AM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Erick\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.31.79.100/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.31.79.100/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 sublimedirectory.com
O1 - Hosts: 66.197.93.224 www.sublimedirectory.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 teeniefiles.com
O1 - Hosts: 66.197.93.224 www.teeniefiles.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 al4a.com
O1 - Hosts: 66.197.93.224 www.al4a.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O1 - Hosts: 66.197.93.224 easypic.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAdware] "C:\Program Files\NoAdware1\NoAdware.exe" /s
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B2BA1C8-B0AA-4657-BDBF-83BD08258793}: NameServer = 198.81.19.134
-Groov
Hardcore adware/scumware on my desktop, have hijackthis log.
Well, I'll qualify that a little... it's not my computer, but my friend's. He is out of town for a week or so and I've been housesitting for him. The last thing I want is for him to come home and rip me a new one for screwing up his pc.
OK, here's the scenario: a nasty piece of malware/adware/scumware has plopped a big fat ad right on my friend's pc's desktop and none of the 5 or 6 adware removal utilities i've tried can manage to do anything about it. It's like they can't even see it or something. I have since scanned with hijack this and i have a log with a whole lot of stuff in it. A lot of it is teh pr0n (not that I'm suprised, knowing this guy) but the log in it's entirety is posted below. This has happened once before when he was here and I managed to fix it using system restore. This time, however, I tried to fix it it the 1337 h4x0r way and in the process managed to lose all system restore points. *sigh* Sometimes the easiest way is the best way, que no?
Point being, if somebody who knows what they're doing could please
take a look at the log below and let me know what is causing this and what in there I can tell hijackthis to "fix" I'd really appreciate it. Oh, and you'd be saving me from a severe ball-busting, which is good Karma or something.
Thanks.
Logfile of HijackThis v1.98.0
Scan saved at 4:04:23 AM, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Erick\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.31.79.100/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.100/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.31.79.100/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.100/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.100/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: 66.197.26.230 www.adultrevenueservice.com
O1 - Hosts: 66.197.26.230 www.ccbill.com
O1 - Hosts: 66.197.26.230 www.maximumcash.com
O1 - Hosts: 66.197.26.230 www.freeezinebucks.com
O1 - Hosts: 66.197.26.230 www.silvercash.com
O1 - Hosts: 66.197.26.230 www.freeticketcash.com
O1 - Hosts: 66.197.26.230 www.epiccash.com
O1 - Hosts: 66.197.26.230 www.aebn.net
O1 - Hosts: 66.197.26.230 www.lightspeedcash.com
O1 - Hosts: 66.197.26.230 www.fatpockets.com
O1 - Hosts: 66.197.26.230 www.adultplatinum.com
O1 - Hosts: 66.197.26.230 www.vidsandtoys.com
O1 - Hosts: 66.197.26.230 www.cumfiesta.com
O1 - Hosts: 66.197.26.230 www.nastydollars.com
O1 - Hosts: 66.197.26.230 www.hawgscash.com
O1 - Hosts: 66.197.26.230 www.pure-pornstars.com
O1 - Hosts: 66.197.26.230 www.oxcash.com
O1 - Hosts: 66.197.26.230 www.amateurpages.com
O1 - Hosts: 66.197.26.230 www.milfhunter.com
O1 - Hosts: 66.197.26.230 www.gammae.com
O1 - Hosts: 66.197.26.230 www.captainstabbin.com
O1 - Hosts: 66.197.26.230 www.bignaturals.com
O1 - Hosts: 66.197.26.230 www.sweetmoney.com
O1 - Hosts: 66.197.26.230 www.karasxxx.com
O1 - Hosts: 66.197.26.230 www.albionmedical.com
O1 - Hosts: 66.197.26.230 www.wegcash.com
O1 - Hosts: 66.197.26.230 www.karupspc.com
O1 - Hosts: 66.197.26.230 www.pillsmoney.com
O1 - Hosts: 66.197.26.230 adultrevenueservice.com
O1 - Hosts: 66.197.26.230 ccbill.com
O1 - Hosts: 66.197.26.230 maximumcash.com
O1 - Hosts: 66.197.26.230 freeezinebucks.com
O1 - Hosts: 66.197.26.230 silvercash.com
O1 - Hosts: 66.197.26.230 freeticketcash.com
O1 - Hosts: 66.197.26.230 epiccash.com
O1 - Hosts: 66.197.26.230 aebn.net
O1 - Hosts: 66.197.26.230 lightspeedcash.com
O1 - Hosts: 66.197.26.230 fatpockets.com
O1 - Hosts: 66.197.26.230 adultplatinum.com
O1 - Hosts: 66.197.26.230 vidsandtoys.com
O1 - Hosts: 66.197.26.230 cumfiesta.com
O1 - Hosts: 66.197.26.230 nastydollars.com
O1 - Hosts: 66.197.26.230 hawgscash.com
O1 - Hosts: 66.197.26.230 pure-pornstars.com
O1 - Hosts: 66.197.26.230 oxcash.com
O1 - Hosts: 66.197.26.230 amateurpages.com
O1 - Hosts: 66.197.26.230 milfhunter.com
O1 - Hosts: 66.197.26.230 gammae.com
O1 - Hosts: 66.197.26.230 captainstabbin.com
O1 - Hosts: 66.197.26.230 bignaturals.com
O1 - Hosts: 66.197.26.230 sweetmoney.com
O1 - Hosts: 66.197.26.230 karasxxx.com
O1 - Hosts: 66.197.26.230 albionmedical.com
O1 - Hosts: 66.197.26.230 wegcash.com
O1 - Hosts: 66.197.26.230 karupspc.com
O1 - Hosts: 66.197.26.230 pillsmoney.com
O1 - Hosts: 66.197.93.224 sublimedirectory.com
O1 - Hosts: 66.197.93.224 www.sublimedirectory.com
O1 - Hosts: 66.197.93.224 uh-oh.net
O1 - Hosts: 66.197.93.224 www.uh-oh.net
O1 - Hosts: 66.197.93.224 wetcircle.com
O1 - Hosts: 66.197.93.224 www.wetcircle.com
O1 - Hosts: 66.197.93.224 free64all.com
O1 - Hosts: 66.197.93.224 www.free64all.com
O1 - Hosts: 66.197.93.224 teeniefiles.com
O1 - Hosts: 66.197.93.224 www.teeniefiles.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 richards-realm.com
O1 - Hosts: 66.197.93.224 www.richards-realm.com
O1 - Hosts: 66.197.93.224 hardcorejunky.net
O1 - Hosts: 66.197.93.224 www.hardcorejunky.net
O1 - Hosts: 66.197.93.224 mmm100.com
O1 - Hosts: 66.197.93.224 www.mmm100.com
O1 - Hosts: 66.197.93.224 mature-post.com
O1 - Hosts: 66.197.93.224 www.mature-post.com
O1 - Hosts: 66.197.93.224 elephant-list.com
O1 - Hosts: 66.197.93.224 www.elephant-list.com
O1 - Hosts: 66.197.93.224 sleazydream.com
O1 - Hosts: 66.197.93.224 www.sleazydream.com
O1 - Hosts: 66.197.93.224 al4a.com
O1 - Hosts: 66.197.93.224 www.al4a.com
O1 - Hosts: 66.197.93.224 call-kelly.com
O1 - Hosts: 66.197.93.224 www.call-kelly.com
O1 - Hosts: 66.197.93.224 chubbyland.com
O1 - Hosts: 66.197.93.224 www.chubbyland.com
O1 - Hosts: 66.197.93.224 blitzpics.com
O1 - Hosts: 66.197.93.224 www.blitzpics.com
O1 - Hosts: 66.197.93.224 bondagewizard.com
O1 - Hosts: 66.197.93.224 www.bondagewizard.com
O1 - Hosts: 66.197.93.224 pichunter.com
O1 - Hosts: 66.197.93.224 www.pichunter.com
O1 - Hosts: 66.197.93.224 male-movies.com
O1 - Hosts: 66.197.93.224 www.male-movies.com
O1 - Hosts: 66.197.93.224 silent-screams.com
O1 - Hosts: 66.197.93.224 www.silent-screams.com
O1 - Hosts: 66.197.93.224 citizencane.org
O1 - Hosts: 66.197.93.224 www.citizencane.org
O1 - Hosts: 66.197.93.224 persiankitty.com
O1 - Hosts: 66.197.93.224 www.persiankitty.com
O1 - Hosts: 66.197.93.224 easypic.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAdware] "C:\Program Files\NoAdware1\NoAdware.exe" /s
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.252/bonus.chm::/winpromo.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B2BA1C8-B0AA-4657-BDBF-83BD08258793}: NameServer = 198.81.19.134
Never fails.
Facebook
Twitter