|
| |||||||
| |
 |
| | Thread Tools |
|
#16
13-01-2008, 11:22 AM
| ||||
| ||||
 Explorer.exe messing up. 127.0.0.1 www.errorsafe.com 127.0.0.1 errorsdns.com 127.0.0.1 www.errorsdns.com 127.0.0.1 ert0003.e76.163ns.com 127.0.0.1 ertikadeswiokinganfujas.com 127.0.0.1 www.ertikadeswiokinganfujas.com 127.0.0.1 es.winantivirus.com 127.0.0.1 es0-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es1-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es2-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es3-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es4-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es5-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es6-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es7-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es8-www.5zgmu7o20kt5d8yq.com 127.0.0.1 es9-www.5zgmu7o20kt5d8yq.com 127.0.0.1 esafetylist.com 127.0.0.1 www.esafetylist.com 127.0.0.1 esafetypage.com 127.0.0.1 www.esafetypage.com 127.0.0.1 esbay.it 127.0.0.1 www.esbay.it 127.0.0.1 esearch2005.com 127.0.0.1 www.esearch2005.com 127.0.0.1 esecuritynote.com 127.0.0.1 www.esecuritynote.com 127.0.0.1 esecuritypage.com 127.0.0.1 www.esecuritypage.com 127.0.0.1 esupereva.it 127.0.0.1 www.esupereva.it 127.0.0.1 etomi.all-downloads-now.com 127.0.0.1 www.etomi.all-downloads-now.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 euuu.com 127.0.0.1 evbay.it 127.0.0.1 www.evbay.it 127.0.0.1 evidence-detector.biz 127.0.0.1 evilspidercomics.com 127.0.0.1 evko.biz 127.0.0.1 www.evko.biz 127.0.0.1 ewbay.it 127.0.0.1 www.ewbay.it 127.0.0.1 ewebsearch.net 127.0.0.1 e-websitesolutions.com 127.0.0.1 ewizard.cc 127.0.0.1 exaccess.ru 127.0.0.1 www.exaccess.ru 127.0.0.1 excellentsckin.com 127.0.0.1 exeupdate.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exflow.org 127.0.0.1 www.exflow.org 127.0.0.1 exit.megago.com 127.0.0.1 expandvideo.com 127.0.0.1 www.expandvideo.com 127.0.0.1 exportplay.com 127.0.0.1 www.exportplay.com 127.0.0.1 extremepaidsurveys.com 127.0.0.1 www.extremepaidsurveys.com 127.0.0.1 extremeseek.net 127.0.0.1 eza1netsearch.com 127.0.0.1 www.eza1netsearch.com 127.0.0.1 ezcybersearch.com 127.0.0.1 www.ezcybersearch.com 127.0.0.1 ez-searching.com 127.0.0.1 ezwebsearching.com 127.0.0.1 www.ezwebsearching.com 127.0.0.1 f1.bestmanage.org 127.0.0.1 f1.truth-is-out-there.org 127.0.0.1 f1organizer.com 127.0.0.1 www.f1organizer.com 127.0.0.1 f2.bestmanage.org 127.0.0.1 f2.truth-is-out-there.org 127.0.0.1 f3.bestmanage.org 127.0.0.1 f3.truth-is-out-there.org 127.0.0.1 f4.bestmanage.org 127.0.0.1 f4.truth-is-out-there.org 127.0.0.1 f5.bestmanage.org 127.0.0.1 f5.truth-is-out-there.org 127.0.0.1 f6.bestmanage.org 127.0.0.1 f7.bestmanage.org 127.0.0.1 f7.truth-is-out-there.org 127.0.0.1 f8.bestmanage.org 127.0.0.1 f8.truth-is-out-there.org 127.0.0.1 f9.bestmanage.org 127.0.0.1 f9.truth-is-out-there.org 127.0.0.1 fairsearcher.com 127.0.0.1 www.fairsearcher.com 127.0.0.1 faithstevens.com 127.0.0.1 fantasiewelten.com 127.0.0.1 farmacept32.phpnet.us 127.0.0.1 farmsteadbandb.com 127.0.0.1 farse.com 127.0.0.1 fartpost.com 127.0.0.1 fastfreedownload.com 127.0.0.1 fastmetasearch.com 127.0.0.1 www.fastmetasearch.com 127.0.0.1 fastssearch.com 127.0.0.1 www.fastssearch.com 127.0.0.1 fastwebfinder.com 127.0.0.1 faxporn.com 127.0.0.1 fazzetta.it 127.0.0.1 www.fazzetta.it 127.0.0.1 fcorriere.it 127.0.0.1 www.fcorriere.it 127.0.0.1 featured-results.com 127.0.0.1 febay.it 127.0.0.1 www.febay.it 127.0.0.1 feed.dedsearch.com 127.0.0.1 feeds.2search.com 127.0.0.1 www.feeds.2search.com 127.0.0.1 feeds2.2search.org 127.0.0.1 www.feeds2.2search.org 127.0.0.1 ferraeri.it 127.0.0.1 www.ferraeri.it 127.0.0.1 ferrai.it 127.0.0.1 www.ferrai.it 127.0.0.1 ferrarei.it 127.0.0.1 www.ferrarei.it 127.0.0.1 ferrarti.it 127.0.0.1 www.ferrarti.it 127.0.0.1 ferrasri.it 127.0.0.1 www.ferrasri.it 127.0.0.1 ferratri.it 127.0.0.1 www.ferratri.it 127.0.0.1 ferreari.it 127.0.0.1 www.ferreari.it 127.0.0.1 ferrri.it 127.0.0.1 www.ferrri.it 127.0.0.1 ferrsari.it 127.0.0.1 www.ferrsari.it 127.0.0.1 ferrtari.it 127.0.0.1 www.ferrtari.it 127.0.0.1 fetrrari.it 127.0.0.1 www.fetrrari.it 127.0.0.1 fgazzetta.it 127.0.0.1 www.fgazzetta.it 127.0.0.1 fgoogle.it 127.0.0.1 www.fgoogle.it 127.0.0.1 fhg.panet.org 127.0.0.1 fhgate.com 127.0.0.1 www.fhgate.com 127.0.0.1 fickenisgeil.de 127.0.0.1 file.unionsms.net 127.0.0.1 filestore.com 127.0.0.1 www.filestore.com 127.0.0.1 filetretporn.com 127.0.0.1 www.filetretporn.com 127.0.0.1 Filtrodetrojan.com 127.0.0.1 www.Filtrodetrojan.com 127.0.0.1 finalfantasyactionfigures.com 127.0.0.1 www.finalfantasyactionfigures.com 127.0.0.1 finance-loans.com 127.0.0.1 find4u.net 127.0.0.1 find-52.com 127.0.0.1 www.find-52.com 127.0.0.1 findanyshow.org 127.0.0.1 www.findanyshow.org 127.0.0.1 find-find-777.net 127.0.0.1 www.find-find-777.net 127.0.0.1 find-itnow.com 127.0.0.1 findit-now.com 127.0.0.1 findloss.com 127.0.0.1 findthesite.com 127.0.0.1 findthewebsiteyouneed.com 127.0.0.1 www.findthewebsiteyouneed.com 127.0.0.1 find-uk-health.co.uk 127.0.0.1 findwapsite.org 127.0.0.1 www.findwapsite.org 127.0.0.1 findwhatevernow.com 127.0.0.1 www.findwhatevernow.com 127.0.0.1 fined.biz 127.0.0.1 fine-search.net 127.0.0.1 fionasteel.com 127.0.0.1 firefoxdownload-now.com 127.0.0.1 www.firefoxdownload-now.com 127.0.0.1 firehunt.com 127.0.0.1 www.firehunt.com 127.0.0.1 firgilio.it 127.0.0.1 www.firgilio.it 127.0.0.1 firstbookmark.net 127.0.0.1 firstgoodsearch.com 127.0.0.1 www.firstgoodsearch.com 127.0.0.1 fitness-free.com 127.0.0.1 fixerantispy.com 127.0.0.1 www.fixerantispy.com 127.0.0.1 fjsynebcod.com 127.0.0.1 www.fjsynebcod.com 127.0.0.1 flashdollars.com 127.0.0.1 www.flashdollars.com 127.0.0.1 flashflashmx.3322.org 127.0.0.1 floorsovertexas.com 127.0.0.1 www.floorsovertexas.com 127.0.0.1 floproject.com 127.0.0.1 www.floproject.com 127.0.0.1 flrxtools.greatnuke.com 127.0.0.1 flrx-tools.net 127.0.0.1 www.flrx-tools.net 127.0.0.1 fn777.greatbahamas.com 127.0.0.1 www.fn777.greatbahamas.com 127.0.0.1 foodvacations.net 127.0.0.1 forex.jps.ru 127.0.0.1 forexcredit.com 127.0.0.1 forexcredit.ru 127.0.0.1 formingfusions.com 127.0.0.1 forsythfire.net 127.0.0.1 forthline.com 127.0.0.1 foxmin.com 127.0.0.1 www.foxmin.com 127.0.0.1 fp.gad-network.com 127.0.0.1 fr.drivecleaner.com 127.0.0.1 www.fr.drivecleaner.com 127.0.0.1 fr.winantivirus.com 127.0.0.1 fr.winfixer.com 127.0.0.1 frame.crazywinnings.com 127.0.0.1 free4porno.net 127.0.0.1 free64all.com 127.0.0.1 free-adobe-download-support.com 127.0.0.1 www.free-adobe-download-support.com 127.0.0.1 free-avg.org 127.0.0.1 www.free-avg.org 127.0.0.1 free-avg-download.com 127.0.0.1 www.free-avg-download.com 127.0.0.1 free-bearshares.com 127.0.0.1 www.free-bearshares.com 127.0.0.1 freebookmark.net 127.0.0.1 freebookmarks.net 127.0.0.1 freecat.biz 127.0.0.1 www.freecat.biz 127.0.0.1 freecategories.com 127.0.0.1 free-chipes.com 127.0.0.1 freecj.com 127.0.0.1 freecoolhost.com 127.0.0.1 freedownloadhq.com 127.0.0.1 www.freedownloadhq.com 127.0.0.1 freedownloadpage.com 127.0.0.1 www.freedownloadpage.com 127.0.0.1 free-download-place.com 127.0.0.1 www.free-download-place.com 127.0.0.1 free-download-support.com 127.0.0.1 www.free-download-support.com 127.0.0.1 freedownloadzone.com 127.0.0.1 www.freedownloadzone.com 127.0.0.1 free-hit.com 127.0.0.1 freehqmovies.com 127.0.0.1 freeimageheaven.com 127.0.0.1 www.freeimageheaven.com 127.0.0.1 freemp3access.com 127.0.0.1 www.freemp3access.com 127.0.0.1 free-music-network.com 127.0.0.1 www.free-music-network.com 127.0.0.1 free-pics-and-movies.com 127.0.0.1 free-popup-killer.com 127.0.0.1 www.free-popup-killer.com 127.0.0.1 free-porn-movies.info 127.0.0.1 www.free-porn-movies.info 127.0.0.1 free-program-download.com 127.0.0.1 www.free-program-download.com 127.0.0.1 freerbhost.com 127.0.0.1 freescratchandwin.com 127.0.0.1 free-sex-movie-clips.net 127.0.0.1 freeshemalepics.net 127.0.0.1 free-software-center.com 127.0.0.1 www.free-software-center.com 127.0.0.1 free-spybot.com 127.0.0.1 www.free-spybot.com 127.0.0.1 freeunlimitedskype.com 127.0.0.1 www.freeunlimitedskype.com 127.0.0.1 freeyaho.com 127.0.0.1 fregat.drocherway.com 127.0.0.1 frepubblica.it 127.0.0.1 www.frepubblica.it 127.0.0.1 freshseek.com 127.0.0.1 freshteensite.com 127.0.0.1 fric.cn 127.0.0.1 frrari.it 127.0.0.1 www.frrari.it 127.0.0.1 frrrari.it 127.0.0.1 www.frrrari.it 127.0.0.1 ftiscali.it 127.0.0.1 www.ftiscali.it 127.0.0.1 ftrenitalia.it 127.0.0.1 www.ftrenitalia.it 127.0.0.1 ftuttogratis.it 127.0.0.1 www.ftuttogratis.it 127.0.0.1 full-search.net 127.0.0.1 fullsoftwaredownloadz.com 127.0.0.1 www.fullsoftwaredownloadz.com 127.0.0.1 full-tgp.net 127.0.0.1 funcodec.com 127.0.0.1 www.funcodec.com 127.0.0.1 funny-girls.com 127.0.0.1 funnysuperxxx.com 127.0.0.1 www.funnysuperxxx.com 127.0.0.1 fun-photo.com 127.0.0.1 www.fun-photo.com 127.0.0.1 fvirgilio.it 127.0.0.1 www.fvirgilio.it 127.0.0.1 fwrrari.it 127.0.0.1 www.fwrrari.it 127.0.0.1 g0oogle.it 127.0.0.1 www.g0oogle.it 127.0.0.1 g9oogle.it 127.0.0.1 www.g9oogle.it 127.0.0.1 ga31.com 127.0.0.1 gaazzetta.it 127.0.0.1 www.gaazzetta.it 127.0.0.1 gabrielscott.com 127.0.0.1 gad-network.com 127.0.0.1 www.gad-network.com 127.0.0.1 galleryclick.net 127.0.0.1 www.galleryclick.net 127.0.0.1 gallerypictures.net 127.0.0.1 www.gallerypictures.net 127.0.0.1 galpostgirls.com 127.0.0.1 gals-for-free.com 127.0.0.1 gambling-online4you.com 127.0.0.1 game4all.biz 127.0.0.1 www.game4all.biz 127.0.0.1 games.de.ag 127.0.0.1 www.games.de.ag 127.0.0.1 games.uzoogle.com 127.0.0.1 games-desktop.com 127.0.0.1 www.games-desktop.com 127.0.0.1 gameterror.net 127.0.0.1 gaqzzetta.it 127.0.0.1 www.gaqzzetta.it 127.0.0.1 gaszzetta.it 127.0.0.1 www.gaszzetta.it 127.0.0.1 gaxzetta.it 127.0.0.1 www.gaxzetta.it 127.0.0.1 gaxzzetta.it 127.0.0.1 www.gaxzzetta.it 127.0.0.1 gay50.com 127.0.0.1 gay-clan.com 127.0.0.1 gayspornmag.com 127.0.0.1 www.gayspornmag.com 127.0.0.1 gaystogay.com 127.0.0.1 www.gaystogay.com 127.0.0.1 gazxetta.it 127.0.0.1 www.gazxetta.it 127.0.0.1 gazxzetta.it 127.0.0.1 www.gazxzetta.it 127.0.0.1 gazzaetta.it 127.0.0.1 www.gazzaetta.it 127.0.0.1 gazzdetta.it 127.0.0.1 www.gazzdetta.it 127.0.0.1 gazzedtta.it 127.0.0.1 www.gazzedtta.it 127.0.0.1 gazzeetta.it 127.0.0.1 www.gazzeetta.it 127.0.0.1 gazzeftta.it 127.0.0.1 www.gazzeftta.it 127.0.0.1 gazzegtta.it 127.0.0.1 www.gazzegtta.it 127.0.0.1 gazzehtta.it 127.0.0.1 www.gazzehtta.it 127.0.0.1 gazzerta.it 127.0.0.1 www.gazzerta.it 127.0.0.1 gazzertta.it 127.0.0.1 www.gazzertta.it 127.0.0.1 gazzestta.it 127.0.0.1 www.gazzestta.it 127.0.0.1 gazzetra.it 127.0.0.1 www.gazzetra.it 127.0.0.1 gazzett.it 127.0.0.1 www.gazzett.it 127.0.0.1 gazzettaa.it 127.0.0.1 www.gazzettaa.it 127.0.0.1 gazzettaq.it 127.0.0.1 www.gazzettaq.it 127.0.0.1 gazzettas.it 127.0.0.1 www.gazzettas.it 127.0.0.1 gazzettaz.it 127.0.0.1 www.gazzettaz.it 127.0.0.1 gazzettfa.it 127.0.0.1 www.gazzettfa.it 127.0.0.1 gazzettga.it 127.0.0.1 www.gazzettga.it 127.0.0.1 gazzettha.it 127.0.0.1 www.gazzettha.it 127.0.0.1 gazzettqa.it 127.0.0.1 www.gazzettqa.it 127.0.0.1 gazzettra.it 127.0.0.1 www.gazzettra.it 127.0.0.1 gazzetts.it 127.0.0.1 www.gazzetts.it 127.0.0.1 gazzettsa.it 127.0.0.1 www.gazzettsa.it 127.0.0.1 gazzettya.it 127.0.0.1 www.gazzettya.it 127.0.0.1 gazzettza.it 127.0.0.1 www.gazzettza.it 127.0.0.1 gazzetya.it 127.0.0.1 www.gazzetya.it 127.0.0.1 gazzetyta.it 127.0.0.1 www.gazzetyta.it 127.0.0.1 gazzeyta.it 127.0.0.1 www.gazzeyta.it 127.0.0.1 gazzeytta.it 127.0.0.1 www.gazzeytta.it 127.0.0.1 gazzfetta.it 127.0.0.1 www.gazzfetta.it 127.0.0.1 gazzretta.it 127.0.0.1 www.gazzretta.it 127.0.0.1 gazzrtta.it 127.0.0.1 www.gazzrtta.it 127.0.0.1 gazzsetta.it 127.0.0.1 www.gazzsetta.it 127.0.0.1 gazztta.it 127.0.0.1 www.gazztta.it 127.0.0.1 gazzwetta.it 127.0.0.1 www.gazzwetta.it 127.0.0.1 gazzwtta.it 127.0.0.1 www.gazzwtta.it 127.0.0.1 gazzxetta.it 127.0.0.1 www.gazzxetta.it 127.0.0.1 gbazzetta.it 127.0.0.1 www.gbazzetta.it 127.0.0.1 gboogle.it 127.0.0.1 www.gboogle.it 127.0.0.1 geil-de.info 127.0.0.1 www.geil-de.info 127.0.0.1 generalsmeltingofcanada.com 127.0.0.1 generateskey.com 127.0.0.1 www.generateskey.com 127.0.0.1 germany.rub.to 127.0.0.1 gerrari.it 127.0.0.1 www.gerrari.it 127.0.0.1 get.adwarebazooka.com 127.0.0.1 get.hitvirus.com 127.0.0.1 www.get-access.host.sk 127.0.0.1 getanysoftware.com 127.0.0.1 www.getanysoftware.com 127.0.0.1 getbestloanrate.info 127.0.0.1 www.getbestloanrate.info 127.0.0.1 getdvdshrink2007.com 127.0.0.1 www.getdvdshrink2007.com 127.0.0.1 geteens.com 127.0.0.1 getfound.com 127.0.0.1 www.getfound.com 127.0.0.1 getimageactivex.com 127.0.0.1 www.getimageactivex.com 127.0.0.1 get-ipod-music.com 127.0.0.1 www.get-ipod-music.com 127.0.0.1 getmirar.com 127.0.0.1 get-mp3-onlined.com 127.0.0.1 www.get-mp3-onlined.com 127.0.0.1 getpatytoday.info 127.0.0.1 www.getpatytoday.info 127.0.0.1 getphotosets.com 127.0.0.1 www.getphotosets.com 127.0.0.1 getpicshere.com 127.0.0.1 getpornmag.com 127.0.0.1 www.getpornmag.com 127.0.0.1 get-realplayer.com 127.0.0.1 www.get-realplayer.com 127.0.0.1 get-spybot.com 127.0.0.1 www.get-spybot.com 127.0.0.1 getvaxobject.com 127.0.0.1 www.getvaxobject.com 127.0.0.1 getvideosource.com 127.0.0.1 www.getvideosource.com 127.0.0.1 get-winrar.com 127.0.0.1 www.get-winrar.com 127.0.0.1 gfazzetta.it 127.0.0.1 www.gfazzetta.it 127.0.0.1 gfoogle.it 127.0.0.1 www.gfoogle.it 127.0.0.1 gfxgraphics.net 127.0.0.1 www.gfxgraphics.net 127.0.0.1 ggazzetta.it 127.0.0.1 www.ggazzetta.it 127.0.0.1 ghazzetta.it 127.0.0.1 www.ghazzetta.it 127.0.0.1 ghoogle.it 127.0.0.1 www.ghoogle.it 127.0.0.1 giangho.biz 127.0.0.1 www.giangho.biz 127.0.0.1 gigaz.info 127.0.0.1 www.gigaz.info 127.0.0.1 gimmezamore.com 127.0.0.1 gimnasiaer.com 127.0.0.1 giogle.it 127.0.0.1 www.giogle.it 127.0.0.1 gioogle.it 127.0.0.1 www.gioogle.it 127.0.0.1 girgilio.it 127.0.0.1 www.girgilio.it 127.0.0.1 girls4rent.net 127.0.0.1 girls-porn-life.com 127.0.0.1 giscali.it 127.0.0.1 www.giscali.it 127.0.0.1 givecnt.info 127.0.0.1 www.givecnt.info 127.0.0.1 gkoogle.it 127.0.0.1 www.gkoogle.it 127.0.0.1 gl.secdep.info 127.0.0.1 www.gl.secdep.info 127.0.0.1 glbdf.org 127.0.0.1 globalefinder.com 127.0.0.1 www.globalefinder.com 127.0.0.1 global-finder.com 127.0.0.1 globalwebsearch.com 127.0.0.1 globe-finder.cc 127.0.0.1 globe-finder.com 127.0.0.1 globesearch.com 127.0.0.1 www.globesearch.com 127.0.0.1 glogle.it 127.0.0.1 www.glogle.it 127.0.0.1 go.drivecleaner.com 127.0.0.1 go.errorsafe.com 127.0.0.1 go.systemdoctor.com 127.0.0.1 go.winantispyware.com 127.0.0.1 go.winantivirus.com 127.0.0.1 go0ogle.it 127.0.0.1 www.go0ogle.it 127.0.0.1 go2realsearch.com 127.0.0.1 www.go2realsearch.com 127.0.0.1 go2-search.com 127.0.0.1 go9ogle.it 127.0.0.1 www.go9ogle.it 127.0.0.1 goclick.com 127.0.0.1 www.goclick.com 127.0.0.1 gocodec.com 127.0.0.1 www.gocodec.com 127.0.0.1 gocybersearch.com 127.0.0.1 www.gocybersearch.com 127.0.0.1 gohip.com 127.0.0.1 www.gohip.com 127.0.0.1 goigle.it 127.0.0.1 www.goigle.it 127.0.0.1 goiogle.it 127.0.0.1 www.goiogle.it 127.0.0.1 gokogle.it 127.0.0.1 www.gokogle.it 127.0.0.1 goldbaccarat.info 127.0.0.1 goldcodec.com 127.0.0.1 www.goldcodec.com 127.0.0.1 gold-craps.info 127.0.0.1 www.gold-craps.info 127.0.0.1 Goldenantispy.com 127.0.0.1 www.Goldenantispy.com 127.0.0.1 goldenfreehost.com 127.0.0.1 www.goldenfreehost.com 127.0.0.1 goldengr.hypermart.net 127.0.0.1 golftennis.net 127.0.0.1 golgle.it 127.0.0.1 www.golgle.it 127.0.0.1 gologle.it 127.0.0.1 www.gologle.it 127.0.0.1 Gomusic.com 127.0.0.1 www.Gomusic.com 127.0.0.1 gomyron.com 127.0.0.1 www.gomyron.com 127.0.0.1 goo0gle.it 127.0.0.1 www.goo0gle.it 127.0.0.1 goo9gle.it 127.0.0.1 www.goo9gle.it 127.0.0.1 goobgle.it 127.0.0.1 www.goobgle.it 127.0.0.1 gooble.it 127.0.0.1 www.gooble.it 127.0.0.1 good-casino.net 127.0.0.1 www.good-casino.net 127.0.0.1 good-mortgages.net 127.0.0.1 good-mortgages-calculator.com 127.0.0.1 goodmovielaugh.com 127.0.0.1 www.goodmovielaugh.com 127.0.0.1 good-movie-play.com 127.0.0.1 goodsexs.com 127.0.0.1 goofgle.it 127.0.0.1 www.goofgle.it 127.0.0.1 googble.it 127.0.0.1 www.googble.it 127.0.0.1 googel.it 127.0.0.1 www.googel.it 127.0.0.1 googfle.it 127.0.0.1 www.googfle.it 127.0.0.1 googhle.it 127.0.0.1 www.googhle.it 127.0.0.1 googkle.it 127.0.0.1 www.googkle.it 127.0.0.1 googl3e.it 127.0.0.1 www.googl3e.it 127.0.0.1 googl4e.it 127.0.0.1 www.googl4e.it 127.0.0.1 googld.it 127.0.0.1 www.googld.it 127.0.0.1 googlde.it 127.0.0.1 www.googlde.it 127.0.0.1 google.panet.org 127.0.0.1 google123.web1000.com 127.0.0.1 google3.it 127.0.0.1 www.google3.it 127.0.0.1 google4.it 127.0.0.1 www.google4.it 127.0.0.1 googlebar.jps.ru 127.0.0.1 googled.it 127.0.0.1 www.googled.it 127.0.0.1 googlef.it 127.0.0.1 www.googlef.it 127.0.0.1 googler.it 127.0.0.1 www.googler.it 127.0.0.1 googles.it 127.0.0.1 www.googles.it 127.0.0.1 googlew.it 127.0.0.1 www.googlew.it 127.0.0.1 googlf.com 127.0.0.1 googlf.it 127.0.0.1 www.googlf.it 127.0.0.1 googlfe.it 127.0.0.1 www.googlfe.it 127.0.0.1 googlke.it 127.0.0.1 www.googlke.it 127.0.0.1 googloe.it 127.0.0.1 www.googloe.it 127.0.0.1 googlpe.it 127.0.0.1 www.googlpe.it 127.0.0.1 googlre.it 127.0.0.1 www.googlre.it 127.0.0.1 googlse.it 127.0.0.1 www.googlse.it 127.0.0.1 googlus.com 127.0.0.1 www.googlus.com 127.0.0.1 googlwe.it 127.0.0.1 www.googlwe.it 127.0.0.1 googole.it 127.0.0.1 www.googole.it 127.0.0.1 googple.it 127.0.0.1 www.googple.it 127.0.0.1 googtle.it 127.0.0.1 www.googtle.it 127.0.0.1 googvle.it 127.0.0.1 www.googvle.it 127.0.0.1 googyle.it 127.0.0.1 www.googyle.it 127.0.0.1 goohgle.it 127.0.0.1 www.goohgle.it 127.0.0.1 goohle.it 127.0.0.1 www.goohle.it 127.0.0.1 gooigle.it 127.0.0.1 www.gooigle.it 127.0.0.1 gookgle.it 127.0.0.1 www.gookgle.it 127.0.0.1 gooogle.bz 127.0.0.1 www.gooogle.bz 127.0.0.1 goopgle.it 127.0.0.1 www.goopgle.it 127.0.0.1 gootgle.it 127.0.0.1 www.gootgle.it 127.0.0.1 gootle.it 127.0.0.1 www.gootle.it 127.0.0.1 goovgle.it 127.0.0.1 www.goovgle.it 127.0.0.1 goovle.it 127.0.0.1 www.goovle.it 127.0.0.1 gooygle.it 127.0.0.1 www.gooygle.it 127.0.0.1 gopgle.it 127.0.0.1 www.gopgle.it 127.0.0.1 gopogle.it 127.0.0.1 www.gopogle.it 127.0.0.1 gorecord.com 127.0.0.1 www.gorecord.com 127.0.0.1 Go-turf.com 127.0.0.1 www.Go-turf.com 127.0.0.1 gpogle.it 127.0.0.1 www.gpogle.it 127.0.0.1 gpoogle.it 127.0.0.1 www.gpoogle.it 127.0.0.1 gqazzetta.it 127.0.0.1 www.gqazzetta.it 127.0.0.1 grab-it-today.net 127.0.0.1 graceinthedesert.org 127.0.0.1 www.graceinthedesert.org 127.0.0.1 gradforum.org 127.0.0.1 gratisdownloads.nl 127.0.0.1 gratis-porn-movie.com 127.0.0.1 gratis-pornopics.com 127.0.0.1 greatadultvideo.com 127.0.0.1 www.greatadultvideo.com 127.0.0.1 greatbahamas.com 127.0.0.1 www.greatbahamas.com 127.0.0.1 greatcodec.com 127.0.0.1 www.greatcodec.com 127.0.0.1 great-ticket.net 127.0.0.1 www.great-ticket.net 127.0.0.1 greencardspouse.com 127.0.0.1 www.greencardspouse.com 127.0.0.1 greg-search.com 127.0.0.1 greg-tut.com 127.0.0.1 grepubblica.it 127.0.0.1 www.grepubblica.it 127.0.0.1 gsazzetta.it 127.0.0.1 www.gsazzetta.it 127.0.0.1 gszzetta.it 127.0.0.1 www.gszzetta.it 127.0.0.1 gtawarehouse.com 127.0.0.1 gtazzetta.it 127.0.0.1 www.gtazzetta.it 127.0.0.1 gtiscali.it 127.0.0.1 www.gtiscali.it 127.0.0.1 gtoogle.it 127.0.0.1 www.gtoogle.it 127.0.0.1 gtrenitalia.it 127.0.0.1 www.gtrenitalia.it 127.0.0.1 gtuttogratis.it 127.0.0.1 www.gtuttogratis.it 127.0.0.1 gueb.com 127.0.0.1 www.gueb.com 127.0.0.1 guzzycats.com 127.0.0.1 gvazzetta.it 127.0.0.1 www.gvazzetta.it 127.0.0.1 gvirgilio.it 127.0.0.1 www.gvirgilio.it 127.0.0.1 gvoogle.it 127.0.0.1 www.gvoogle.it 127.0.0.1 gyoogle.it 127.0.0.1 www.gyoogle.it 127.0.0.1 gzazzetta.it 127.0.0.1 www.gzazzetta.it 127.0.0.1 gzphoenix.com 127.0.0.1 gzzetta.it 127.0.0.1 www.gzzetta.it 127.0.0.1 H24413.tfil.com 127.0.0.1 hachimitsu-lemon.com 127.0.0.1 www.hachimitsu-lemon.com 127.0.0.1 hadesunharuikeya.com 127.0.0.1 hallnetaccolade.com 127.0.0.1 hand-book.com 127.0.0.1 happyanal.com 127.0.0.1 hardbodytgp.com 127.0.0.1 hardcorefantasyland.com 127.0.0.1 www.hardcorefantasyland.com 127.0.0.1 hardcoreover.com 127.0.0.1 hardcorepornmag.com 127.0.0.1 www.hardcorepornmag.com 127.0.0.1 hardcorevideosite.com 127.0.0.1 www.hardcorevideosite.com 127.0.0.1 hardfootballbabes.com 127.0.0.1 www.hardfootballbabes.com 127.0.0.1 hard-gals.com 127.0.0.1 hardloved.com 127.0.0.1 hardwareseek.net 127.0.0.1 harukaigawa.com 127.0.0.1 hastalavista.com 127.0.0.1 www.hastalavista.com 127.0.0.1 havy.biz 127.0.0.1 hazzetta.it 127.0.0.1 www.hazzetta.it 127.0.0.1 hccsolanonapa.org 127.0.0.1 headlinesandnews.com 127.0.0.1 www.headlinesandnews.com 127.0.0.1 health-protein.com 127.0.0.1 helpcodec.com 127.0.0.1 www.helpcodec.com 127.0.0.1 helpyourpcnow.com 127.0.0.1 www.helpyourpcnow.com 127.0.0.1 helpyoursearch.com 127.0.0.1 hentai4u.net 127.0.0.1 here4search.biz 127.0.0.1 www.here4search.biz 127.0.0.1 here4search.com 127.0.0.1 hervam.com 127.0.0.1 www.hervam.com 127.0.0.1 heyrichy.com 127.0.0.1 hgazzetta.it 127.0.0.1 www.hgazzetta.it 127.0.0.1 hgoogle.it 127.0.0.1 www.hgoogle.it 127.0.0.1 hi.studioaperto.net 127.0.0.1 www.hi.studioaperto.net 127.0.0.1 hiboss.com 127.0.0.1 www.hiboss.com 127.0.0.1 hiddenguides.com 127.0.0.1 highdialer.com 127.0.0.1 www.highdialer.com 127.0.0.1 hijack-this.net 127.0.0.1 www.hijack-this.net 127.0.0.1 himen.biz 127.0.0.1 hiscali.it 127.0.0.1 www.hiscali.it 127.0.0.1 hi-search.com 127.0.0.1 hitlistlyrics.com 127.0.0.1 hitscount.net 127.0.0.1 hitsdriving.com 127.0.0.1 www.hitsdriving.com 127.0.0.1 hitvirus.com 127.0.0.1 www.hitvirus.com 127.0.0.1 hityou.com 127.0.0.1 www.hityou.com 127.0.0.1 hk.winantivirus.com 127.0.0.1 hobbypesca.com.br 127.0.0.1 www.hobbypesca.com.br 127.0.0.1 holidayautostr.com 127.0.0.1 homelandnetwork.COM 127.0.0.1 www.homelandnetwork.COM 127.0.0.1 homemortage.ws 127.0.0.1 hoogle.it 127.0.0.1 www.hoogle.it 127.0.0.1 host.sk 127.0.0.1 hostance.net 127.0.0.1 www.hostance.net 127.0.0.1 host-codec.com 127.0.0.1 www.host-codec.com 127.0.0.1 hostssp.com 127.0.0.1 hostthesky.com 127.0.0.1 www.hostthesky.com 127.0.0.1 hotbar.com 127.0.0.1 hotbookmark.com 127.0.0.1 hot-cartoon-sex.anime.american-teens.net 127.0.0.1 hotelcodec.com 127.0.0.1 www.hotelcodec.com 127.0.0.1 hotels-list.net 127.0.0.1 hotelxxxcams.com 127.0.0.1 hotfreebies.com 127.0.0.1 www.hotfreebies.com 127.0.0.1 hotlolitas.underagehost.com 127.0.0.1 hotmp3music.com 127.0.0.1 www.hotmp3music.com 127.0.0.1 hotpopup.com 127.0.0.1 hotsearchbox.com 127.0.0.1 hotsex-series.com 127.0.0.1 hotstartpage.com 127.0.0.1 Hot-tv.com 127.0.0.1 www.Hot-tv.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hq-downloads.com 127.0.0.1 www.hq-downloads.com 127.0.0.1 hqsex.biz 127.0.0.1 hqthefilmsxxx.com 127.0.0.1 www.hqthefilmsxxx.com 127.0.0.1 htiscali.it 127.0.0.1 www.htiscali.it 127.0.0.1 httpwwwads.com 127.0.0.1 www.httpwwwads.com 127.0.0.1 hu15.ru 127.0.0.1 hugeinvention.com 127.0.0.1 www.hugeinvention.com 127.0.0.1 hugeporn4u.net 127.0.0.1 hugevideoszone.com 127.0.0.1 www.hugevideoszone.com 127.0.0.1 hunacsa.com 127.0.0.1 huntbar.com 127.0.0.1 www.huntbar.com 127.0.0.1 huoche.com.cn 127.0.0.1 www.huoche.com.cn 127.0.0.1 hupacasath.com 127.0.0.1 hut1.ru 127.0.0.1 hwgate.com 127.0.0.1 www.hwgate.com 127.0.0.1 hypoteches.com 127.0.0.1 www.hypoteches.com 127.0.0.1 hzsx.com 127.0.0.1 iaxobjectdownload.com 127.0.0.1 www.iaxobjectdownload.com 127.0.0.1 ibankis.org 127.0.0.1 www.ibankis.org 127.0.0.1 ibm.dmcast.com 127.0.0.1 ibmx.com 127.0.0.1 icansearch.net 127.0.0.1 iconfessonline.com       |
| |
|
#17
13-01-2008, 11:39 AM
| ||||
| ||||
| Explorer.exe messing up. I'll put it up on sendspace instead, these long posts look unnessecary and huge. Here's the link: http://www.sendspace.com/file/mg6iew |
|
#18
13-01-2008, 04:14 PM
| ||||
| ||||
| Explorer.exe messing up. ......wow that was alot of stuff from smitfraudfix. Download HostsXpert
--------------- Open Spybot and do the following.
Now go ahead and run Combofix and post that log. It should fit in one post. If it takes two then please use two. It makes it easier for me to work out the fixes that will likely follow. |
|
#19
13-01-2008, 04:59 PM
| ||||
| ||||
| Explorer.exe messing up. All steps followed and completed successfully. Here's the log from Combofix: ComboFix 08-01-09.2 - Kurt 2008-01-13 17:42:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1543 [GMT 0:00] Running from: C:\Documents and Settings\Kurt\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\ssprs.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\core -------\NPF ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 17:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 01:54 . 2008-01-13 01:54 2,176 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-13 01:52 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-13 01:52 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-13 01:52 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-13 01:52 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-13 01:52 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-13 01:52 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-12 22:51 . 2008-01-12 22:51 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-12 08:25 . 2008-01-12 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-11 20:43 . 2008-01-11 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-11 20:43 . 2008-01-11 20:43 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-08 12:57 . 2003-07-05 23:38 2,084,864 -ra------ C:\particleIllusion.exe 2008-01-08 12:36 . 2008-01-08 12:37 <DIR> d-------- C:\Program Files\Karen's Alarm Clock 2008-01-08 12:36 . 2008-01-08 12:36 249,856 --------- C:\WINDOWS\Setup1.exe 2008-01-08 12:36 . 2008-01-08 12:36 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-08 09:44 . 2008-01-08 09:44 116 -r-hs---- C:\PCGWIN32.LI3 2008-01-08 09:38 . 2008-01-08 09:43 <DIR> d-------- C:\Program Files\particleIllusion_3 2008-01-08 09:38 . 2008-01-08 09:38 <DIR> d-------- C:\Documents and Settings\Kurt\WINDOWS 2008-01-05 19:03 . 2008-01-05 19:03 <DIR> d-------- C:\Program Files\Opera 2008-01-04 16:51 . 2008-01-04 16:51 <DIR> d-------- C:\Program Files\Edirol 2008-01-04 06:33 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-01-04 06:33 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-01-03 20:22 . 2008-01-03 20:22 <DIR> d-------- C:\Documents and Settings\Kurt\Application Data\Steinberg 2008-01-03 20:02 . 2005-06-04 09:08 487,936 --a------ C:\WINDOWS\system32\rmbe3260.dll 2008-01-03 20:02 . 2005-06-04 09:09 352,768 --a------ C:\WINDOWS\system32\pngu3263.dll 2008-01-03 20:02 . 2005-06-04 09:09 131,072 --a------ C:\WINDOWS\system32\pneng50.dll 2008-01-03 20:02 . 2005-06-04 09:09 130,560 --a------ C:\WINDOWS\system32\pnc3250.dll 2008-01-03 20:02 . 2005-06-04 09:08 87,040 --a------ C:\WINDOWS\system32\ra32sipr.dll 2008-01-03 20:02 . 2005-06-04 09:11 85,504 --a------ C:\WINDOWS\system32\encdnet.dll 2008-01-03 20:02 . 2005-06-04 09:09 81,920 --a------ C:\WINDOWS\system32\ra3214_4.dll 2008-01-03 20:02 . 2005-06-04 09:09 72,704 --a------ C:\WINDOWS\system32\ra3228_8.dll 2008-01-03 20:02 . 2005-06-04 09:09 61,952 --a------ C:\WINDOWS\system32\decdnet.dll 2008-01-03 20:02 . 2005-06-04 09:09 21,504 --a------ C:\WINDOWS\system32\ra32dnet.dll 2008-01-03 20:01 . 2008-01-04 16:52 <DIR> d-------- C:\Program Files\Steinberg 2008-01-03 20:00 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2008-01-03 19:59 . 2008-01-03 20:00 <DIR> d-------- C:\Program Files\Syncrosoft 2008-01-03 19:59 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-01-03 19:59 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2008-01-03 19:59 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2008-01-03 19:59 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2008-01-03 19:59 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2008-01-03 19:59 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2008-01-03 19:59 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys 2008-01-02 15:14 . 2008-01-02 15:14 <DIR> d-------- C:\Program Files\PixiePack Codec Pack 2008-01-02 15:10 . 2008-01-02 15:15 <DIR> d-------- C:\Documents and Settings\Kurt\Application Data\Tunebite 2008-01-02 15:10 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys 2008-01-02 15:09 . 2008-01-02 15:09 <DIR> d-------- C:\Program Files\RapidSolution 2008-01-02 15:09 . 2008-01-02 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-01-02 14:53 . 2008-01-02 14:53 <DIR> d-------- C:\Documents and Settings\Kurt\Application Data\RapidSolution Software AG 2007-12-30 01:14 . 2007-12-30 01:51 <DIR> d-------- C:\Program Files\Archos MP4SP 2007-12-28 20:29 . 2007-12-28 20:39 32 --a------ C:\WINDOWS\GunzLauncher.INI 2007-12-28 20:26 . 2007-12-28 20:26 <DIR> d-------- C:\Program Files\NHN USA 2007-12-28 20:26 . 2007-12-28 20:38 <DIR> d--h----- C:\Documents and Settings\Kurt\Application Data\ijjigame 2007-12-28 20:26 . 2007-09-27 12:08 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe 2007-12-28 20:26 . 2007-06-21 18:59 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll 2007-12-28 18:42 . 2007-12-28 18:42 <DIR> d-------- C:\ijji 2007-12-24 22:35 . 2007-12-24 22:35 <DIR> d-------- C:\Program Files\Digimarc 2007-12-23 00:58 . 2007-12-23 00:58 <DIR> d-------- C:\Program Files\Archos 2007-12-23 00:58 . 2007-12-23 00:58 <DIR> d-------- C:\Documents and Settings\Kurt\Application Data\ArchosLink 2007-12-18 21:30 . 2007-12-18 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4 2007-12-17 23:40 . 2007-12-17 23:40 <DIR> d-------- C:\Documents and Settings\Kurt\Application Data\dBpoweramp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-13 17:52 79,138,336 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-13 17:51 5,589,024 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-13 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-13 17:49 532,304 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-13 17:49 1,068,164 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-12 08:16 --------- d-----w C:\Documents and Settings\Kurt\Application Data\Azureus 2008-01-10 23:13 --------- d-----w C:\Program Files\Monkey's Audio 2008-01-10 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-01-08 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-04 15:03 --------- d-----w C:\Documents and Settings\Kurt\Application Data\U3 2008-01-03 15:20 --------- d-----w C:\Documents and Settings\Kurt\Application Data\LimeWire 2008-01-02 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2008-01-01 00:08 --------- d-----w C:\Program Files\ATI Technologies 2007-12-30 01:25 --------- d-----w C:\Program Files\DivX 2007-12-24 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-23 01:19 --------- d-----w C:\Program Files\Azureus 2007-12-20 23:20 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-12-14 22:00 --------- d-----w C:\Documents and Settings\Kurt\Application Data\Nokia 2007-12-13 12:40 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-12-12 20:37 --------- d-----w C:\Program Files\Guitar Pro 5 2007-12-12 16:59 --------- d-----w C:\Documents and Settings\Kurt\Application Data\Nokia Multimedia Player 2007-12-12 16:58 --------- d-----w C:\Documents and Settings\Kurt\Application Data\DataLayer 2007-12-12 16:53 --------- d-----w C:\Documents and Settings\Kurt\Application Data\PC Suite 2007-12-12 16:52 --------- d-----w C:\Program Files\Nokia 2007-12-12 16:50 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-12-12 16:50 --------- d-----w C:\Program Files\Common Files\Nokia 2007-12-12 16:48 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-11 07:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData 2007-12-10 19:50 --------- d-----w C:\Program Files\CDisplay 2007-12-10 00:24 --------- d-----w C:\Documents and Settings\Kurt\Application Data\AccurateRip 2007-12-09 12:45 --------- d-----w C:\Program Files\iTunes 2007-12-09 12:45 --------- d-----w C:\Program Files\iPod 2007-12-09 12:44 --------- d-----w C:\Program Files\QuickTime 2007-12-09 12:41 --------- d-----w C:\Program Files\Apple Software Update 2007-12-09 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-09 11:22 --------- d-----w C:\Program Files\Winamp 2007-12-02 20:13 --------- d-----w C:\Program Files\Java 2007-12-02 14:34 3,532 ----a-w C:\drmHeader.bin 2007-12-01 19:52 6,844 ----a-w C:\Program Files\mbsuite20.log 2007-12-01 19:52 --------- d-----w C:\Program Files\Magic Bullet Suite 2.0 2007-12-01 19:52 --------- d-----w C:\Program Files\Magic Bullet MisFire 2007-12-01 19:52 --------- d-----w C:\Program Files\Magic Bullet Looks 2007-11-30 18:06 --------- d-----w C:\Program Files\Yahoo! 2007-11-30 06:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-29 08:19 --------- d-----w C:\Program Files\Common Files\Digidesign 2007-11-29 08:17 --------- d-----w C:\Program Files\InterLok 2007-11-29 08:17 --------- d-----w C:\Program Files\Digidesign 2007-11-29 08:17 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy 2007-11-29 08:17 --------- d-----w C:\Documents and Settings\Kurt\Application Data\PACE Anti-Piracy 2007-11-29 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2007-11-29 08:00 --------- d-----w C:\Program Files\SafeNet Sentinel 2007-11-29 08:00 --------- d-----w C:\Program Files\Common Files\SafeNet Sentinel 2007-11-29 07:48 --------- d-----w C:\Program Files\PowerISO 2007-11-28 22:52 --------- d-----w C:\Program Files\Cycore FX 1.0.1 2007-11-26 21:52 --------- d-----w C:\Program Files\MagicISO 2007-11-26 21:52 --------- d-----w C:\Documents and Settings\Kurt\Application Data\uTorrent 2007-11-16 23:53 --------- d-----w C:\Program Files\Microsoft Works 2007-11-16 23:50 --------- d-----w C:\Program Files\Microsoft.NET 2007-11-16 23:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2007-11-16 19:11 --------- d-----w C:\Program Files\CamStudio 2007-11-14 16:55 --------- d-----w C:\Program Files\The Rosetta Stone 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-11 06:08 72,952 ----a-w C:\Documents and Settings\Kurt\Application Data\GDIPFONTCACHEV1.DAT 2003-05-30 09:22 344,064 ----a-r C:\Program Files\msvcr70.dll 2002-01-05 03:40 487,424 ----a-w C:\Program Files\msvcp70.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 12:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 12:00 455168] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 18:50 200768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "RunStartupScriptSync"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoChangeAnimation"= 0 (0x0) "NoStrCmpLogical"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "MemCheckBoxInRunDlg"= 0 (0x0) "NoStrCmpLogical"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adi alhk.dll R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2007-08-21 19:23] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] S2 SOFTLOK;SOFTLOK;C:\WINDOWS\system32\drivers\SOFTLO K.sys [2000-03-17 09:07] S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32] S3 jgameenp;jgameenp;C:\DOCUME~1\Kurt\LOCALS~1\Temp\j gameenp.sys [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio. sys [] S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys [2007-12-11 09:52] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder "2008-01-08 22:19:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 17:52:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-01-13 17:56:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-13 17:56:10 . 2008-01-09 07:34:56 --- E O F --- |
|
#20
13-01-2008, 05:00 PM
| ||||
| ||||
| Explorer.exe messing up. Hope that's all alright. I think my anti virus turned on during the reboot, like it normally does while combofix was finishing up it's log. |
|
#21
13-01-2008, 05:15 PM
| ||||
| ||||
| Explorer.exe messing up. Everything is looking much better now. We need to run a few more steps to ensure everything is gone. Please download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:
---------- Run a new Hijackthis scan and post the log ---------- Next post Dr Web log New Hijackthis log |
|
#22
13-01-2008, 10:16 PM
| ||||
| ||||
| Explorer.exe messing up. Both scans successful, though the DrWeb took quite a few hours, sorry for the lengthy wait for a reply. Here are both the logs: HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:15:39, on 13/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168697954718 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7953 bytes |
Start Scanning button on the right and the scan will start.