	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.7

Porn Pops

Asked by rurth24 in Web Browsers, HijackThis Software, Internet Security

Tags: Popups, Porn, Russian, Host File

Hey All,

My office computer has been plagued with two issues, which I think are both related. It started a week ago when I was doing research on a Flash Audio player. This might be the cause or it may not, but it's the first time I became aware of the issue. I was doing research on flash audio players and when I clicked on a link within google, I instantly got to russian porn popups. Of course, me being at work, I shut them down quickly. I certainly don't want to get in trouble with corporate. I thought it was just a random mistake, UNTIL I started noticing it happen on a regular basis even when I would hit normal sites like TIMEX.COM or any popular site. That's when I got IT involved. So far we run Nortan Security, NOTHING, Spybot, STILL GETTING POPUPS. We did notice that my HOST FILE keeps getting rewitten to resemble below, which is the 2nd problem I'm having.

127.0.0.1      go.mail.ru
127.0.0.1      nova.rambler.ru
127.0.0.1      google.ad
127.0.0.1      www.google.ad
127.0.0.1      google.ae
127.0.0.1      www.google.ae
127.0.0.1      google.am
127.0.0.1      www.google.am
127.0.0.1      google.com.ar
127.0.0.1      www.google.com.ar
127.0.0.1      google.as
127.0.0.1      www.google.as
127.0.0.1      google.at
127.0.0.1      www.google.at
127.0.0.1      google.com.au
127.0.0.1      www.google.com.au
127.0.0.1      google.az
127.0.0.1      www.google.az
127.0.0.1      google.ba
127.0.0.1      www.google.ba
127.0.0.1      google.be
127.0.0.1      www.google.be
127.0.0.1      google.bg
127.0.0.1      www.google.bg
127.0.0.1      google.bs
127.0.0.1      www.google.bs
127.0.0.1      google.com.by
127.0.0.1      www.google.com.by
127.0.0.1      google.ca
127.0.0.1      www.google.ca
127.0.0.1      google.ch
127.0.0.1      www.google.ch
127.0.0.1      google.cn
127.0.0.1      www.google.cn
127.0.0.1      google.cz
127.0.0.1      www.google.cz
127.0.0.1      google.de
127.0.0.1      www.google.de
127.0.0.1      google.dk
127.0.0.1      www.google.dk
127.0.0.1      google.ee
127.0.0.1      www.google.ee
127.0.0.1      google.es
127.0.0.1      www.google.es
127.0.0.1      google.fi
127.0.0.1      www.google.fi
127.0.0.1      google.fr
127.0.0.1      www.google.fr
127.0.0.1      google.gr
127.0.0.1      www.google.gr
127.0.0.1      google.com.hk
127.0.0.1      www.google.com.hk
127.0.0.1      google.hr
127.0.0.1      www.google.hr
127.0.0.1      google.hu
127.0.0.1      www.google.hu
127.0.0.1      google.ie
127.0.0.1      www.google.ie
127.0.0.1      google.co.il
127.0.0.1      www.google.co.il
127.0.0.1      google.co.in
127.0.0.1      www.google.co.in
127.0.0.1      google.is
127.0.0.1      www.google.is
127.0.0.1      google.it
127.0.0.1      www.google.it
127.0.0.1      google.co.jp
127.0.0.1      www.google.co.jp
127.0.0.1      google.kg
127.0.0.1      www.google.kg
127.0.0.1      google.co.kr
127.0.0.1      www.google.co.kr
127.0.0.1      google.li
127.0.0.1      www.google.li
127.0.0.1      google.lt
127.0.0.1      www.google.lt
127.0.0.1      google.lu
127.0.0.1      www.google.lu
127.0.0.1      google.lv
127.0.0.1      www.google.lv
127.0.0.1      google.md
127.0.0.1      www.google.md
127.0.0.1      google.com.mx
127.0.0.1      www.google.com.mx
127.0.0.1      google.nl
127.0.0.1      www.google.nl
127.0.0.1      google.no
127.0.0.1      www.google.no
127.0.0.1      google.co.nz
127.0.0.1      www.google.co.nz
127.0.0.1      google.com.pe
127.0.0.1      www.google.com.pe
127.0.0.1      google.com.ph
127.0.0.1      www.google.com.ph
127.0.0.1      google.pl
127.0.0.1      www.google.pl
127.0.0.1      google.pt
127.0.0.1      www.google.pt
127.0.0.1      google.ro
127.0.0.1      www.google.ro
127.0.0.1      google.ru
127.0.0.1      www.google.ru
127.0.0.1      google.com.ru
127.0.0.1      www.google.com.ru
127.0.0.1      google.com.sa
127.0.0.1      www.google.com.sa
127.0.0.1      google.se
127.0.0.1      www.google.se
127.0.0.1      google.com.sg
127.0.0.1      www.google.com.sg
127.0.0.1      google.si
127.0.0.1      www.google.si
127.0.0.1      google.sk
127.0.0.1      www.google.sk
127.0.0.1      google.co.th
127.0.0.1      www.google.co.th
127.0.0.1      google.com.tj
127.0.0.1      www.google.com.tj
127.0.0.1      google.tm
127.0.0.1      www.google.tm
127.0.0.1      google.com.tr
127.0.0.1      www.google.com.tr
127.0.0.1      google.com.tw
127.0.0.1      www.google.com.tw
127.0.0.1      google.com.ua
127.0.0.1      www.google.com.ua
127.0.0.1      google.co.uk
127.0.0.1      www.google.co.uk
127.0.0.1      google.co.vi
127.0.0.1      www.google.co.vi
127.0.0.1      google.com
127.0.0.1      www.google.com
127.0.0.1      google.us
127.0.0.1      www.google.us
127.0.0.1      google.com.pl
127.0.0.1      www.google.com.pl
127.0.0.1      google.co.hu
127.0.0.1      www.google.co.hu
127.0.0.1      google.ge
127.0.0.1      www.google.ge
127.0.0.1      google.kz
127.0.0.1      www.google.kz
127.0.0.1      google.co.uz
127.0.0.1      www.google.co.uz
127.0.0.1      www.bing.com
127.0.0.1      search.yahoo.com
127.0.0.1      ca.search.yahoo.com
127.0.0.1      ar.search.yahoo.com
127.0.0.1      cl.search.yahoo.com
127.0.0.1      co.search.yahoo.com
127.0.0.1      mx.search.yahoo.com
127.0.0.1      espanol.search.yahoo.com
127.0.0.1      qc.search.yahoo.com
127.0.0.1      ve.search.yahoo.com
127.0.0.1      pe.search.yahoo.com
127.0.0.1      at.search.yahoo.com
127.0.0.1      ct.search.yahoo.com
127.0.0.1      dk.search.yahoo.com
127.0.0.1      fi.search.yahoo.com
127.0.0.1      fr.search.yahoo.com
127.0.0.1      de.search.yahoo.com
127.0.0.1      it.search.yahoo.com
127.0.0.1      nl.search.yahoo.com
127.0.0.1      no.search.yahoo.com
127.0.0.1      ru.search.yahoo.com
127.0.0.1      es.search.yahoo.com
127.0.0.1      se.search.yahoo.com
127.0.0.1      ch.search.yahoo.com
127.0.0.1      uk.search.yahoo.com
127.0.0.1      asia.search.yahoo.com
127.0.0.1      au.search.yahoo.com
127.0.0.1      one.cn.yahoo.com
127.0.0.1      hk.search.yahoo.com
127.0.0.1      in.search.yahoo.com
127.0.0.1      id.search.yahoo.com
127.0.0.1      search.yahoo.co.jp
127.0.0.1      kr.search.yahoo.com
127.0.0.1      malaysia.search.yahoo.com
127.0.0.1      nz.search.yahoo.com
127.0.0.1      ph.search.yahoo.com
127.0.0.1      sg.search.yahoo.com
127.0.0.1      tw.search.yahoo.com
127.0.0.1      th.search.yahoo.com
127.0.0.1      vn.search.yahoo.com
127.0.0.1      images.google.com
127.0.0.1      images.google.ca
127.0.0.1      images.google.co.uk
127.0.0.1      news.google.com
127.0.0.1      news.google.ca
127.0.0.1      news.google.co.uk
127.0.0.1      video.google.com
127.0.0.1      video.google.ca
127.0.0.1      video.google.co.uk
127.0.0.1      blogsearch.google.com
127.0.0.1      blogsearch.google.ca
127.0.0.1      blogsearch.google.co.uk
127.0.0.1      searchservice.myspace.com
127.0.0.1      ask.com
127.0.0.1      www.ask.com
127.0.0.1      search.aol.com
127.0.0.1      search.netscape.com
127.0.0.1      yandex.ru
127.0.0.1      www.yandex.ru
127.0.0.1      yandex.ua
127.0.0.1      www.yandex.ua
127.0.0.1      search.about.com
127.0.0.1      www.verizon.net
127.0.0.1      verizon.net

We've tried to save over it, delete it but it keeps coming back. Strangely this is causing all sorts of issues.
Example: when I try to go to google images, all I get is a blank page. We did a Tracert to google images, and it looks like it's rerouting to
127.0.0.1      go.mail.ru . Strange.

Anyway, anybody have an idea of what this might be? IT's solution of couse is to give me a new computer, but I'd rather not have to go through the headache of it, if I can just fix the problem.

Here is my HIJACKTHIS log... (anything look suspicious?)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:49 AM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\All Users\Application Data\csrss.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] "C:\Program Files\LANDesk\LDClient\softmon.exe" /r rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190923203437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190923557937
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = advancemags.com
O17 - HKLM\Software\..\Telephony: DomainName = advancemags.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = advancemags.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = advancemags.com
O20 - Winlogon Notify: Csrss - C:\WINDOWS\SYSTEM32\csrss8.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/rurtheil/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 16222 bytes

View the Solution FREE for 30 Days

Porn Pops

Asked by rurth24 in Web Browsers, HijackThis Software, Internet Security

Tags: Popups, Porn, Russian, Host File

About this solution