Porn Pops: Popups, Porn, Russian, Host File

Hey All,

My office computer has been plagued with two issues, which I think are both related. It started a week ago when I was doing research on a Flash Audio player. This might be the cause or it may not, but it's the first time I became aware of the issue. I was doing research on flash audio players and when I clicked on a link within google, I instantly got to russian porn popups. Of course, me being at work, I shut them down quickly. I certainly don't want to get in trouble with corporate. I thought it was just a random mistake, UNTIL I started noticing it happen on a regular basis even when I would hit normal sites like TIMEX.COM or any popular site. That's when I got IT involved. So far we run Nortan Security, NOTHING, Spybot, STILL GETTING POPUPS. We did notice that my HOST FILE keeps getting rewitten to resemble below, which is the 2nd problem I'm having.

127.0.0.1      go.mail.ru
127.0.0.1      nova.rambler.ru
127.0.0.1      google.ad
127.0.0.1      www.google.ad
127.0.0.1      google.ae
127.0.0.1      www.google.ae
127.0.0.1      google.am
127.0.0.1      www.google.am
127.0.0.1      google.com.ar
127.0.0.1      www.google.com.ar
127.0.0.1      google.as
127.0.0.1      www.google.as
127.0.0.1      google.at
127.0.0.1      www.google.at
127.0.0.1      google.com.au
127.0.0.1      www.google.com.au
127.0.0.1      google.az
127.0.0.1      www.google.az
127.0.0.1      google.ba
127.0.0.1      www.google.ba
127.0.0.1      google.be
127.0.0.1      www.google.be
127.0.0.1      google.bg
127.0.0.1      www.google.bg
127.0.0.1      google.bs
127.0.0.1      www.google.bs
127.0.0.1      google.com.by
127.0.0.1      www.google.com.by
127.0.0.1      google.ca
127.0.0.1      www.google.ca
127.0.0.1      google.ch
127.0.0.1      www.google.ch
127.0.0.1      google.cn
127.0.0.1      www.google.cn
127.0.0.1      google.cz
127.0.0.1      www.google.cz
127.0.0.1      google.de
127.0.0.1      www.google.de
127.0.0.1      google.dk
127.0.0.1      www.google.dk
127.0.0.1      google.ee
127.0.0.1      www.google.ee
127.0.0.1      google.es
127.0.0.1      www.google.es
127.0.0.1      google.fi
127.0.0.1      www.google.fi
127.0.0.1      google.fr
127.0.0.1      www.google.fr
127.0.0.1      google.gr
127.0.0.1      www.google.gr
127.0.0.1      google.com.hk
127.0.0.1      www.google.com.hk
127.0.0.1      google.hr
127.0.0.1      www.google.hr
127.0.0.1      google.hu
127.0.0.1      www.google.hu
127.0.0.1      google.ie
127.0.0.1      www.google.ie
127.0.0.1      google.co.il
127.0.0.1      www.google.co.il
127.0.0.1      google.co.in
127.0.0.1      www.google.co.in
127.0.0.1      google.is
127.0.0.1      www.google.is
127.0.0.1      google.it
127.0.0.1      www.google.it
127.0.0.1      google.co.jp
127.0.0.1      www.google.co.jp
127.0.0.1      google.kg
127.0.0.1      www.google.kg
127.0.0.1      google.co.kr
127.0.0.1      www.google.co.kr
127.0.0.1      google.li
127.0.0.1      www.google.li
127.0.0.1      google.lt
127.0.0.1      www.google.lt
127.0.0.1      google.lu
127.0.0.1      www.google.lu
127.0.0.1      google.lv
127.0.0.1      www.google.lv
127.0.0.1      google.md
127.0.0.1      www.google.md
127.0.0.1      google.com.mx
127.0.0.1      www.google.com.mx
127.0.0.1      google.nl
127.0.0.1      www.google.nl
127.0.0.1      google.no
127.0.0.1      www.google.no
127.0.0.1      google.co.nz
127.0.0.1      www.google.co.nz
127.0.0.1      google.com.pe
127.0.0.1      www.google.com.pe
127.0.0.1      google.com.ph
127.0.0.1      www.google.com.ph
127.0.0.1      google.pl
127.0.0.1      www.google.pl
127.0.0.1      google.pt
127.0.0.1      www.google.pt
127.0.0.1      google.ro
127.0.0.1      www.google.ro
127.0.0.1      google.ru
127.0.0.1      www.google.ru
127.0.0.1      google.com.ru
127.0.0.1      www.google.com.ru
127.0.0.1      google.com.sa
127.0.0.1      www.google.com.sa
127.0.0.1      google.se
127.0.0.1      www.google.se
127.0.0.1      google.com.sg
127.0.0.1      www.google.com.sg
127.0.0.1      google.si
127.0.0.1      www.google.si
127.0.0.1      google.sk
127.0.0.1      www.google.sk
127.0.0.1      google.co.th
127.0.0.1      www.google.co.th
127.0.0.1      google.com.tj
127.0.0.1      www.google.com.tj
127.0.0.1      google.tm
127.0.0.1      www.google.tm
127.0.0.1      google.com.tr
127.0.0.1      www.google.com.tr
127.0.0.1      google.com.tw
127.0.0.1      www.google.com.tw
127.0.0.1      google.com.ua
127.0.0.1      www.google.com.ua
127.0.0.1      google.co.uk
127.0.0.1      www.google.co.uk
127.0.0.1      google.co.vi
127.0.0.1      www.google.co.vi
127.0.0.1      google.com
127.0.0.1      www.google.com
127.0.0.1      google.us
127.0.0.1      www.google.us
127.0.0.1      google.com.pl
127.0.0.1      www.google.com.pl
127.0.0.1      google.co.hu
127.0.0.1      www.google.co.hu
127.0.0.1      google.ge
127.0.0.1      www.google.ge
127.0.0.1      google.kz
127.0.0.1      www.google.kz
127.0.0.1      google.co.uz
127.0.0.1      www.google.co.uz
127.0.0.1      www.bing.com
127.0.0.1      search.yahoo.com
127.0.0.1      ca.search.yahoo.com
127.0.0.1      ar.search.yahoo.com
127.0.0.1      cl.search.yahoo.com
127.0.0.1      co.search.yahoo.com
127.0.0.1      mx.search.yahoo.com
127.0.0.1      espanol.search.yahoo.com
127.0.0.1      qc.search.yahoo.com
127.0.0.1      ve.search.yahoo.com
127.0.0.1      pe.search.yahoo.com
127.0.0.1      at.search.yahoo.com
127.0.0.1      ct.search.yahoo.com
127.0.0.1      dk.search.yahoo.com
127.0.0.1      fi.search.yahoo.com
127.0.0.1      fr.search.yahoo.com
127.0.0.1      de.search.yahoo.com
127.0.0.1      it.search.yahoo.com
127.0.0.1      nl.search.yahoo.com
127.0.0.1      no.search.yahoo.com
127.0.0.1      ru.search.yahoo.com
127.0.0.1      es.search.yahoo.com
127.0.0.1      se.search.yahoo.com
127.0.0.1      ch.search.yahoo.com
127.0.0.1      uk.search.yahoo.com
127.0.0.1      asia.search.yahoo.com
127.0.0.1      au.search.yahoo.com
127.0.0.1      one.cn.yahoo.com
127.0.0.1      hk.search.yahoo.com
127.0.0.1      in.search.yahoo.com
127.0.0.1      id.search.yahoo.com
127.0.0.1      search.yahoo.co.jp
127.0.0.1      kr.search.yahoo.com
127.0.0.1      malaysia.search.yahoo.com
127.0.0.1      nz.search.yahoo.com
127.0.0.1      ph.search.yahoo.com
127.0.0.1      sg.search.yahoo.com
127.0.0.1      tw.search.yahoo.com
127.0.0.1      th.search.yahoo.com
127.0.0.1      vn.search.yahoo.com
127.0.0.1      images.google.com
127.0.0.1      images.google.ca
127.0.0.1      images.google.co.uk
127.0.0.1      news.google.com
127.0.0.1      news.google.ca
127.0.0.1      news.google.co.uk
127.0.0.1      video.google.com
127.0.0.1      video.google.ca
127.0.0.1      video.google.co.uk
127.0.0.1      blogsearch.google.com
127.0.0.1      blogsearch.google.ca
127.0.0.1      blogsearch.google.co.uk
127.0.0.1      searchservice.myspace.com
127.0.0.1      ask.com
127.0.0.1      www.ask.com
127.0.0.1      search.aol.com
127.0.0.1      search.netscape.com
127.0.0.1      yandex.ru
127.0.0.1      www.yandex.ru
127.0.0.1      yandex.ua
127.0.0.1      www.yandex.ua
127.0.0.1      search.about.com
127.0.0.1      www.verizon.net
127.0.0.1      verizon.net

We've tried to save over it, delete it but it keeps coming back. Strangely this is causing all sorts of issues.
Example: when I try to go to google images, all I get is a blank page. We did a Tracert to google images, and it looks like it's rerouting to
127.0.0.1      go.mail.ru . Strange.

Anyway, anybody have an idea of what this might be? IT's solution of couse is to give me a new computer, but I'd rather not have to go through the headache of it, if I can just fix the problem.

Here is my HIJACKTHIS log... (anything look suspicious?)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:49 AM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\All Users\Application Data\csrss.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190923203437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190923557937
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = advancemags.com
O17 - HKLM\Software\..\Telephony: DomainName = advancemags.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = advancemags.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = advancemags.com
O20 - Winlogon Notify: Csrss - C:\WINDOWS\SYSTEM32\csrss8.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/rurtheil/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 16222 bytes

Question

Porn Pops

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

Popups

Porn

Russian

Host File

Web Browsers

HijackThis Software

Internet Security

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Need individual assistance?

Our experts are ready to help.

Want to learn from the best?

Read articles from industry experts.

Working on a long term project?

Store your work and research.

What Makes Experts Exchange Unique?

Trusted by the world's most respected brands.

Faithfully serving IT professionals since 1996.

Related Solutions

Free Tech Articles

Cloud Class Webinars

Join the Community

Give a Little. Get a Lot.

Answers

3 Ways to Join

The Experts

The Experts

Testimonials

Testimonials

Testimonials

Business Clients

Business Clients

In the Press

In the Press

In the Press