Logfile of HijackThis v1.99.1
Scan saved at 7:53:32 PM, on 18/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
G:\wowd\mysql-4.1.13a-win32\bin\mysqld-nt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8088
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 62.75.224.159 www.bns1.net (http://www.bns1.net/)
O1 - Hosts: 62.75.224.159 www.bns2.net (http://www.bns2.net/)
O1 - Hosts: 62.75.224.159 www.bns3.net (http://www.bns3.net/)
O1 - Hosts: 62.75.224.159 www.bns4.net (http://www.bns4.net/)
O1 - Hosts: 62.75.224.159 www.bns5.net (http://www.bns5.net/)
O1 - Hosts: 62.75.224.159 www.bns6.net (http://www.bns6.net/)
O1 - Hosts: 62.75.224.159 www.bns7.net (http://www.bns7.net/)
O1 - Hosts: 62.75.224.159 www.bns8.net (http://www.bns8.net/)
O1 - Hosts: 62.75.224.159 www.cms1.net (http://www.cms1.net/)
O1 - Hosts: 62.75.224.159 www.cms2.net (http://www.cms2.net/)
O1 - Hosts: 62.75.224.159 www.cms3.net (http://www.cms3.net/)
O1 - Hosts: 62.75.224.159 www.cms4.net (http://www.cms4.net/)
O1 - Hosts: 62.75.224.159 www.cms5.net (http://www.cms5.net/)
O1 - Hosts: 62.75.224.159 www.cms6.net (http://www.cms6.net/)
O1 - Hosts: 62.75.224.159 www.cms7.net (http://www.cms7.net/)
O1 - Hosts: 62.75.224.159 www.cms8.net (http://www.cms8.net/)
O1 - Hosts: 62.75.224.159 www.rg1.com (http://www.rg1.com/)
O1 - Hosts: 62.75.224.159 www.rg2.com (http://www.rg2.com/)
O1 - Hosts: 62.75.224.159 www.rg3.com (http://www.rg3.com/)
O1 - Hosts: 62.75.224.159 www.rg4.com (http://www.rg4.com/)
O1 - Hosts: 62.75.224.159 www.rg5.com (http://www.rg5.com/)
O1 - Hosts: 62.75.224.159 www.rg6.com (http://www.rg6.com/)
O1 - Hosts: 62.75.224.159 www.rg7.com (http://www.rg7.com/)
O1 - Hosts: 62.75.224.159 www.rg8.com (http://www.rg8.com/)
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 62.75.224.159 www.bns1.net (http://www.bns1.net/)
O1 - Hosts: 62.75.224.159 www.bns2.net (http://www.bns2.net/)
O1 - Hosts: 62.75.224.159 www.bns3.net (http://www.bns3.net/)
O1 - Hosts: 62.75.224.159 www.bns4.net (http://www.bns4.net/)
O1 - Hosts: 62.75.224.159 www.bns5.net (http://www.bns5.net/)
O1 - Hosts: 62.75.224.159 www.bns6.net (http://www.bns6.net/)
O1 - Hosts: 62.75.224.159 www.bns7.net (http://www.bns7.net/)
O1 - Hosts: 62.75.224.159 www.bns8.net (http://www.bns8.net/)
O1 - Hosts: 62.75.224.159 www.cms1.net (http://www.cms1.net/)
O1 - Hosts: 62.75.224.159 www.cms2.net (http://www.cms2.net/)
O1 - Hosts: 62.75.224.159 www.cms3.net (http://www.cms3.net/)
O1 - Hosts: 62.75.224.159 www.cms4.net (http://www.cms4.net/)
O1 - Hosts: 62.75.224.159 www.cms5.net (http://www.cms5.net/)
O1 - Hosts: 62.75.224.159 www.cms6.net (http://www.cms6.net/)
O1 - Hosts: 62.75.224.159 www.cms7.net (http://www.cms7.net/)
O1 - Hosts: 62.75.224.159 www.cms8.net (http://www.cms8.net/)
O1 - Hosts: 62.75.224.159 www.rg1.com (http://www.rg1.com/)
O1 - Hosts: 62.75.224.159 www.rg2.com (http://www.rg2.com/)
O1 - Hosts: 62.75.224.159 www.rg3.com (http://www.rg3.com/)
O1 - Hosts: 62.75.224.159 www.rg4.com (http://www.rg4.com/)
O1 - Hosts: 62.75.224.159 www.rg5.com (http://www.rg5.com/)
O1 - Hosts: 62.75.224.159 www.rg6.com (http://www.rg6.com/)
O1 - Hosts: 62.75.224.159 www.rg7.com (http://www.rg7.com/)
O1 - Hosts: 62.75.224.159 www.rg8.com (http://www.rg8.com/)
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 205.177.13.8 BF2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://msdn.demoservers.com/msrdp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - G:\WebServer\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\STS7GBCB\cwshredder[1].exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - G:\WebServer\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: MySQLWoW - Unknown owner - G:\wowd\mysql-4.1.13a-win32\bin\mysqld-nt".exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


Im a little concerned about all these hosts... Just recentally my Antivirus has been bothering me alot with some perfect.spyware So please respond asap. I am aware theirs a MySQL Database their, I put that their to test some php scripts that I make every once and awhile. So far my Antivirus is able to keep this stuff from keep getting on but i really want this to stop.

First you MUST run HighjackThis from it's own permanent folder. The Desktop or any temporary folder is not a proper location. A good example is C:\HJT
Do an online scan http://www.thecomputermechanics.com/forums/showthread.php?t=1098
Download/install/update Ewido Security Suite (the trial version is fine, it's on demand scanner will just de-activate after 14 days). http://www.ewido.net/en/

Now reboot to safe mode http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Now run an Ewido Security Suite scan. Delete all bad files. When it is finished "save a scan report" and copy it's contents in your next post along with a fresh HighjackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:26:26 PM, on 18/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
V:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8088
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 62.75.224.159 www.bns1.net (http://www.bns1.net)
O1 - Hosts: 62.75.224.159 www.bns2.net (http://www.bns2.net)
O1 - Hosts: 62.75.224.159 www.bns3.net (http://www.bns3.net)
O1 - Hosts: 62.75.224.159 www.bns4.net (http://www.bns4.net)
O1 - Hosts: 62.75.224.159 www.bns5.net (http://www.bns5.net)
O1 - Hosts: 62.75.224.159 www.bns6.net (http://www.bns6.net)
O1 - Hosts: 62.75.224.159 www.bns7.net (http://www.bns7.net)
O1 - Hosts: 62.75.224.159 www.bns8.net (http://www.bns8.net)
O1 - Hosts: 62.75.224.159 www.cms1.net (http://www.cms1.net)
O1 - Hosts: 62.75.224.159 www.cms2.net (http://www.cms2.net)
O1 - Hosts: 62.75.224.159 www.cms3.net (http://www.cms3.net)
O1 - Hosts: 62.75.224.159 www.cms4.net (http://www.cms4.net)
O1 - Hosts: 62.75.224.159 www.cms5.net (http://www.cms5.net)
O1 - Hosts: 62.75.224.159 www.cms6.net (http://www.cms6.net)
O1 - Hosts: 62.75.224.159 www.cms7.net (http://www.cms7.net)
O1 - Hosts: 62.75.224.159 www.cms8.net (http://www.cms8.net)
O1 - Hosts: 62.75.224.159 www.rg1.com (http://www.rg1.com)
O1 - Hosts: 62.75.224.159 www.rg2.com (http://www.rg2.com)
O1 - Hosts: 62.75.224.159 www.rg3.com (http://www.rg3.com)
O1 - Hosts: 62.75.224.159 www.rg4.com (http://www.rg4.com)
O1 - Hosts: 62.75.224.159 www.rg5.com (http://www.rg5.com)
O1 - Hosts: 62.75.224.159 www.rg6.com (http://www.rg6.com)
O1 - Hosts: 62.75.224.159 www.rg7.com (http://www.rg7.com)
O1 - Hosts: 62.75.224.159 www.rg8.com (http://www.rg8.com)
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 62.75.224.159 www.bns1.net (http://www.bns1.net)
O1 - Hosts: 62.75.224.159 www.bns2.net (http://www.bns2.net)
O1 - Hosts: 62.75.224.159 www.bns3.net (http://www.bns3.net)
O1 - Hosts: 62.75.224.159 www.bns4.net (http://www.bns4.net)
O1 - Hosts: 62.75.224.159 www.bns5.net (http://www.bns5.net)
O1 - Hosts: 62.75.224.159 www.bns6.net (http://www.bns6.net)
O1 - Hosts: 62.75.224.159 www.bns7.net (http://www.bns7.net)
O1 - Hosts: 62.75.224.159 www.bns8.net (http://www.bns8.net)
O1 - Hosts: 62.75.224.159 www.cms1.net (http://www.cms1.net)
O1 - Hosts: 62.75.224.159 www.cms2.net (http://www.cms2.net)
O1 - Hosts: 62.75.224.159 www.cms3.net (http://www.cms3.net)
O1 - Hosts: 62.75.224.159 www.cms4.net (http://www.cms4.net)
O1 - Hosts: 62.75.224.159 www.cms5.net (http://www.cms5.net)
O1 - Hosts: 62.75.224.159 www.cms6.net (http://www.cms6.net)
O1 - Hosts: 62.75.224.159 www.cms7.net (http://www.cms7.net)
O1 - Hosts: 62.75.224.159 www.cms8.net (http://www.cms8.net)
O1 - Hosts: 62.75.224.159 www.rg1.com (http://www.rg1.com)
O1 - Hosts: 62.75.224.159 www.rg2.com (http://www.rg2.com)
O1 - Hosts: 62.75.224.159 www.rg3.com (http://www.rg3.com)
O1 - Hosts: 62.75.224.159 www.rg4.com (http://www.rg4.com)
O1 - Hosts: 62.75.224.159 www.rg5.com (http://www.rg5.com)
O1 - Hosts: 62.75.224.159 www.rg6.com (http://www.rg6.com)
O1 - Hosts: 62.75.224.159 www.rg7.com (http://www.rg7.com)
O1 - Hosts: 62.75.224.159 www.rg8.com (http://www.rg8.com)
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 205.177.13.8 BF2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://msdn.demoservers.com/msrdp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - G:\WebServer\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\STS7GBCB\cwshredder[1].exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - G:\WebServer\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: MySQLWoW - Unknown owner - G:\wowd\mysql-4.1.13a-win32\bin\mysqld-nt".exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Im running an ewido scan right now, sofar it found Spyware.CrazyWinnings but i left it alone so i could find proper removal instructions or instructions by you.

update: almost done and sofar nothing else found

Update Again: It found a Spyware.Cookie.Falkag it was removed. Scan finished
heres the report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:47:08 PM, 18/08/2005
+ Report-Checksum: C6802EAA
+ Scan result:
HKU\S-1-5-21-343818398-1767777339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Ignored
C:\Documents and Settings\Default\Cookies\default@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup

::Report End

HKU\S-1-5-21-343818398-1767777339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings looks like a registry entry. Have Ewido fix it. Ewido also creates backups so it can be restored.

With regards to this entry in HJT O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing use the LSPFix to repair it. Instructions and download can be found here http://www.bleepingcomputer.com/forums/index.php?showtutorial=59

When you installed Messenger Plus! 3 did you install it with the sponsor program? If so, uninstall it and then reinstall it without.


Now run HighjackThis and have it fix

O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O1 - Hosts: 205.177.13.8 BF2


It's time for :bby: Will check in tomorrow and see how you're doing.

Thanks, and No i never installed that sponsor program, i triple check everytime. Ill give this a little bit and monitor this to see if anything pops up.