analyze this please

[cybersspot.com]

I ran through all 3 scans twice, the results the first time were too big for this forum so I linked to my website.

http://www.cybersspot.com/Jose%20Logs.txt

after these two scans I also ran spybot s&d and spyhunter, spyhunter stopped working at 75%.

Hijack this is pointing out all the websites I can't access. it is also giving me the error message as follows:
-----
For some reason your system denied write access tot he Hosts file. If any hijacked domains are in this file, HIjackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click start run and type

notepad c:/windows/sys32/drivers/ect/hosts

and press enter. find the link(s) hijackthis reports and delete them.
save the file as 'hosts' (with quotes), and reboot.

For vista: Simply exit hijackthis, right click on the hijackthis icon, choose run as administrator.
-----


The White Smoke is their translator program, if need be I can reinstall it.


My latest logs were as follows:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5944

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/4/2011 12:13:57 PM
mbam-log-2011-03-04 (12-13-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 243193
Time elapsed: 23 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup (PUP.WhiteSmoke) -> No action taken.

Files Infected:
c:\Users\Owner\Desktop\smart internet protection 2011.lnk (Rogue.SmartInternetProtection2011) -> No action taken.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\smart internet protection 2011.lnk (Rogue.SmartInternetProtection2011) -> No action taken.
c:\Users\Public\Desktop\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Startup\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\registration.lnk (PUP.WhiteSmoke) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\uninstall.lnk (PUP.WhiteSmoke) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\whitesmoke translator.lnk (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\ISSetup.dll (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> No action taken.
c:\Users\Owner\AppData\Roaming\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> No action taken.










ComboFix 11-03-02.05 - Owner 03/04/2011 12:59:05.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2805.1818 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

.
((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.

2011-03-04 18:06 . 2011-03-04 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-04 18:06 . 2011-03-04 18:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-04 00:00 . 2011-03-04 00:00 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconF7A21AF7.exe
2011-03-04 00:00 . 2011-03-04 00:00 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{3636C923-7AD6-4DE3-978A-09609AEE8ECF}\IconD7F16134.exe
2011-03-04 00:00 . 2011-03-04 00:00 -------- d-----w- C:\sh4ldr
2011-03-04 00:00 . 2011-03-04 00:00 -------- d-----w- c:\program files (x86)\Enigma Software Group
2011-03-03 23:59 . 2011-03-04 00:00 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2011-03-03 23:59 . 2011-03-03 23:59 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-03-03 22:43 . 2011-03-03 23:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-03 22:43 . 2011-03-03 22:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-03-03 18:36 . 2011-03-03 18:36 -------- d-----w- c:\users\Owner\AppData\Local\{F931DD16-4D72-4495-A207-2E352C1AA6C8}
2011-03-03 17:56 . 2011-03-03 17:56 -------- d-----w- c:\windows\SysWow64\drivers\avg
2011-03-03 17:53 . 2011-03-04 17:54 -------- d-----w- c:\programdata\avg9
2011-03-03 17:53 . 2011-03-03 18:39 -------- d-----w- c:\program files (x86)\AVG
2011-03-03 15:51 . 2011-03-03 15:51 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-03-03 15:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-03 15:51 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-03 15:51 . 2011-03-03 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-03 15:51 . 2011-03-03 18:41 -------- d-----w- c:\programdata\Malwarebytes
2011-03-03 15:51 . 2011-03-03 15:51 -------- d-----w- c:\users\Owner\AppData\Local\{13AC2B76-5FA2-4230-B27C-1002057E2826}
2011-03-03 15:40 . 2011-03-03 18:41 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2011-03-02 23:01 . 2011-03-02 23:01 -------- d-----w- c:\users\Owner\AppData\Local\{936CE27A-4F39-4846-8D50-E9566101C757}
2011-02-28 02:53 . 2011-02-28 02:53 -------- d-----w- c:\users\Owner\AppData\Local\{14C99ACB-7587-4582-B9C8-72ECDA0B60F8}
2011-02-25 22:50 . 2011-02-25 22:50 -------- d-----w- c:\users\Owner\AppData\Local\{22C474FD-6A18-4B0C-A86D-A870761C623C}
2011-02-25 20:30 . 2011-02-25 20:30 -------- d-----w- c:\users\Owner\AppData\Local\{E6163C31-5774-4FC0-BD46-A7477F205E5D}
2011-02-25 01:57 . 2011-02-25 01:57 -------- d-----w- c:\users\Owner\AppData\Local\{BB7B1994-FA54-4F7B-A70C-98338B28390E}
2011-02-25 00:49 . 2011-02-25 00:49 -------- d-----w- c:\users\Owner\AppData\Local\{DE118624-6093-44B3-AA81-9A90C5CEE0F8}
2011-02-25 00:35 . 2011-02-25 00:35 -------- d-----w- c:\users\Owner\AppData\Local\{CE01D1D0-C773-4B7D-8D6B-55956C5F84EE}
2011-02-25 00:28 . 2011-02-25 00:28 -------- d-----w- c:\users\Owner\AppData\Local\{9B4D1918-4790-4955-A6A7-342EAE0DBA0A}
2011-02-23 04:30 . 2011-02-23 04:30 -------- d-----w- c:\users\Owner\AppData\Local\{21708FAF-BACD-4872-A4D5-D3DCD91095D9}
2011-02-22 16:33 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos(67).dll
2011-02-22 16:30 . 2011-02-22 16:30 -------- d-----w- c:\users\Owner\AppData\Local\{1FE14FD2-65F0-4E56-9031-D955E0048955}
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\users\Owner\AppData\Local\{5CC7E2F2-68AE-4068-80ED-90FA89BB8A9D}
2011-02-18 22:29 . 2011-02-18 22:29 -------- d-----w- c:\users\Owner\AppData\Local\{7F39C033-E304-453C-902D-80C0B9E77794}
2011-02-18 21:04 . 2011-02-18 21:04 -------- d-----w- c:\users\Owner\AppData\Local\{829DCAE7-2CF3-472B-898E-067D5D286125}
2011-02-18 20:44 . 2011-02-18 20:44 -------- d-----w- c:\users\Owner\AppData\Local\{69E14007-C635-4C66-B82B-ED8C6DC0F295}
2011-02-15 21:02 . 2011-02-15 21:02 -------- d-----w- c:\users\Owner\AppData\Local\{380416E8-AEF2-4AF4-B931-EAB18F3CD75F}
2011-02-09 00:29 . 2011-02-09 00:29 -------- d-----w- c:\users\Owner\AppData\Local\{3A38CCA6-D737-4EDF-A08D-BCAAF43BB840}
2011-02-07 19:38 . 2011-02-07 19:39 -------- d-----w- c:\users\Owner\AppData\Local\{CEA08BF1-F101-47FA-B3A8-730987F8AE07}
2011-02-06 03:58 . 2011-02-07 05:23 -------- d-----w- c:\users\Owner\AppData\Local\{5064A61C-D572-44DB-B6E7-6E46ABC9322F}
2011-02-06 03:28 . 2011-02-06 03:28 -------- d-----w- c:\users\Owner\AppData\Local\{525FB060-9234-409E-BA1B-9F921FA6202D}
2011-02-04 23:56 . 2011-02-04 23:57 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2011-02-04 23:56 . 2011-02-04 23:56 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2011-02-04 23:56 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-04 23:56 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-02-04 23:56 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-02-04 23:56 . 2011-03-03 18:43 -------- d-----w- c:\program files\iPod
2011-02-04 23:56 . 2011-03-03 18:43 -------- d-----w- c:\program files\iTunes
2011-02-04 23:56 . 2011-03-03 18:43 -------- d-----w- c:\program files (x86)\iTunes
2011-02-04 23:56 . 2011-03-03 18:41 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-04 23:55 . 2011-02-04 23:55 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-04 23:55 . 2011-03-03 18:43 -------- d-----w- c:\program files (x86)\QuickTime
2011-02-04 23:55 . 2011-03-03 18:41 -------- d-----w- c:\programdata\Apple Computer
2011-02-04 23:55 . 2011-02-04 23:55 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2011-02-04 23:55 . 2011-03-03 18:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-02-04 23:55 . 2011-03-03 18:43 -------- d-----w- c:\program files\Common Files\Apple
2011-02-04 23:54 . 2011-03-03 18:43 -------- d-----w- c:\program files\Bonjour
2011-02-04 23:54 . 2011-03-03 18:43 -------- d-----w- c:\program files (x86)\Bonjour
2011-02-04 23:54 . 2011-03-03 18:43 -------- d-----w- c:\programdata\Apple
2011-02-04 23:54 . 2011-02-04 23:56 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-02-04 00:27 . 2011-02-04 20:26 -------- d-----w- c:\users\Owner\AppData\Local\{11CF0BD7-0BD0-4277-8035-F2972ECC2658}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 23:51 . 2010-12-14 23:51 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-12-14 23:51 . 2010-12-14 23:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-10 11:50 . 2010-12-10 11:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-06 00:53 . 2010-12-06 00:53 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-12-06 00:53 . 2010-12-06 00:53 11264 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-03-03_17.09.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-02 16:11 . 2009-10-19 14:10 70656 c:\windows\SysWOW64\fontsub(72).dll
+ 2010-11-02 16:05 . 2011-03-04 17:57 29908 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-04 17:57 31720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-02 15:05 . 2011-03-04 17:57 10674 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1719750949-1963318492-2360257582-1000_UserData.bin
+ 2010-11-02 15:42 . 2011-03-04 18:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-02 15:42 . 2011-03-03 17:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-03-03 15:42 85864 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-03-03 19:30 85864 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-11-02 15:42 . 2011-03-04 18:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-02 15:42 . 2011-03-03 17:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-02 15:42 . 2011-03-03 17:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-02 15:42 . 2011-03-04 18:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-02 18:05 . 2011-03-03 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-02 18:05 . 2011-03-04 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-02 18:05 . 2011-03-03 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-02 18:05 . 2011-03-04 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:38 . 2011-03-03 17:23 67584 c:\windows\bootstat(64).dat
+ 2011-03-03 21:38 . 2011-03-03 21:38 9560 c:\windows\system32\NetworkList\Icons\{F7165F42-8B53-4FAF-AE4A-FECDA1C6501F}_48.bin
+ 2011-03-03 21:38 . 2011-03-03 21:38 4280 c:\windows\system32\NetworkList\Icons\{F7165F42-8B53-4FAF-AE4A-FECDA1C6501F}_32.bin
+ 2011-03-03 21:38 . 2011-03-03 21:38 2456 c:\windows\system32\NetworkList\Icons\{F7165F42-8B53-4FAF-AE4A-FECDA1C6501F}_24.bin
+ 2011-03-04 18:07 . 2011-03-04 18:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-03 17:06 . 2011-03-03 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-04 18:07 . 2011-03-04 18:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-03 17:06 . 2011-03-03 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-15 13:00 . 2010-11-04 05:52 978944 c:\windows\SysWOW64\wininet.dll
+ 2011-02-22 16:34 . 2010-12-18 05:32 981504 c:\windows\SysWOW64\wininet(77).dll
+ 2009-07-13 23:17 . 2009-07-14 01:14 398336 c:\windows\SysWOW64\regedit(75).exe
+ 2011-03-03 18:03 . 2011-03-03 18:03 235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe
+ 2010-11-02 21:18 . 2011-03-03 22:29 221408 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-13 23:51 . 2009-07-14 01:41 714240 c:\windows\system32\kerberos.dll
- 2009-07-14 05:38 . 2011-02-25 02:13 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-03-03 18:45 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:01 . 2011-03-03 18:38 256248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-03 17:05 256248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-01-29 03:44 . 2011-03-03 17:05 847953 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1719750949-1963318492-2360257582-1000-8192.dat
+ 2011-01-29 03:44 . 2011-03-03 18:38 847953 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1719750949-1963318492-2360257582-1000-8192.dat
+ 2011-03-03 23:59 . 2011-03-03 23:59 133775 c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP\WiseCustomCalla21.exe
+ 2010-12-15 13:00 . 2010-11-04 05:52 1226752 c:\windows\SysWOW64\urlmon.dll
+ 2011-02-22 16:34 . 2010-12-18 05:32 1228288 c:\windows\SysWOW64\urlmon(76).dll
+ 2010-11-02 16:15 . 2010-03-24 06:37 1289528 c:\windows\SysWOW64\ntdll.dll
+ 2011-02-22 16:33 . 2010-10-27 04:40 1293120 c:\windows\SysWOW64\ntdll(74).dll
+ 2011-03-03 18:03 . 2011-03-03 18:03 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2010-12-15 13:00 . 2010-11-04 05:48 2063360 c:\windows\SysWOW64\iertutil.dll
- 2011-02-22 16:34 . 2010-12-18 05:29 2063360 c:\windows\SysWOW64\iertutil.dll
+ 2011-02-22 16:34 . 2010-12-18 05:29 2063360 c:\windows\SysWOW64\iertutil(73).dll
+ 2010-12-15 13:00 . 2010-11-04 06:35 1194496 c:\windows\system32\wininet.dll
+ 2011-02-22 16:34 . 2010-12-18 06:15 1197056 c:\windows\system32\wininet(71).dll
+ 2010-12-15 13:00 . 2010-11-04 06:35 1495040 c:\windows\system32\urlmon.dll
+ 2011-02-22 16:34 . 2010-12-18 06:15 1498112 c:\windows\system32\urlmon(69).dll
+ 2010-11-02 16:15 . 2010-03-24 06:59 1736608 c:\windows\system32\ntdll.dll
+ 2011-02-22 16:33 . 2010-10-27 05:16 1739176 c:\windows\system32\ntdll(68).dll
- 2011-02-22 16:34 . 2010-12-18 06:11 2447872 c:\windows\system32\iertutil.dll
+ 2010-12-15 13:00 . 2010-11-04 06:31 2447872 c:\windows\system32\iertutil.dll
+ 2011-02-22 16:34 . 2010-12-18 06:11 2447872 c:\windows\system32\iertutil(66).dll
+ 2009-07-14 04:45 . 2011-03-03 18:47 3794427 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-02-25 02:15 3794427 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-08-11 11:05 . 2009-08-11 11:05 1648128 c:\windows\Installer\18703f.msi
+ 2009-08-05 07:43 . 2009-08-05 07:43 2736128 c:\windows\Installer\18703a.msi
- 2009-07-14 02:34 . 2011-03-03 16:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-03-04 12:42 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-03-03 23:59 . 2011-03-03 23:59 18445312 c:\windows\Installer\3ce68.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2010-12-06 00:52 672768 ----a-w- c:\program files (x86)\Shop to Win 9\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:47 353656 ----a-w- c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}]
2010-12-06 12:21 672768 ----a-w- c:\program files (x86)\Shop to Win 2\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6905e4b1-afef-4444-85a9-ecb16c048784}]
2010-11-03 18:28 81920 ----a-w- c:\program files (x86)\playfingamestoolbar\vmntemplateX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6905e4b1-afef-4444-85a9-ecb16c048784}"= "c:\program files (x86)\playfingamestoolbar\vmntemplateX.dll" [2010-11-03 81920]

[HKEY_CLASSES_ROOT\clsid\{6905e4b1-afef-4444-85a9-ecb16c048784}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-03-11 55328]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys [2009-12-11 333864]

.
Contents of the 'Scheduled Tasks' folder

2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 23:59]

2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 23:59]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25395
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mec3jq59.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\program files (x86)\PriceGong\2.1.0\FF
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1719750949-1963318492-2360257582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-1719750949-1963318492-2360257582-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
.
**************************************************************************
.
Completion time: 2011-03-04 13:15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-04 18:15
ComboFix2.txt 2011-03-03 17:28

Pre-Run: 216,632,082,432 bytes free
Post-Run: 216,231,165,952 bytes free

- - End Of File - - 0D34BD0FDFD5D2B9DD4384FF16440871











Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:08 PM, on 3/4/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Users\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25395
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.ch
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.de
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.dk
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.fr
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.ie
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.it
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.jp
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.nl
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.no
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.nz
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.pl
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.se
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.uk
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.za
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 Google Analytics | Official Website
O1 - Hosts: 96.44.181.245 Bing
O1 - Hosts: 96.44.181.245 search.yahoo.com
O1 - Hosts: 96.44.181.245 Yahoo! Search - Web Search
O1 - Hosts: 96.44.181.245 uk.search.yahoo.com
O1 - Hosts: 96.44.181.245 ca.search.yahoo.com
O1 - Hosts: 96.44.181.245 de.search.yahoo.com
O1 - Hosts: 96.44.181.245 fr.search.yahoo.com
O1 - Hosts: 96.44.181.245 au.search.yahoo.com
O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\ShoppingBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Freecause Shopping BHO - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\ShoppingBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
O2 - BHO: Playfin Games Toolbar - {6905e4b1-afef-4444-85a9-ecb16c048784} - C:\Program Files (x86)\playfingamestoolbar\vmntemplateX.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O3 - Toolbar: Playfin Games Toolbar - {6905e4b1-afef-4444-85a9-ecb16c048784} - C:\Program Files (x86)\playfingamestoolbar\vmntemplateX.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10237 bytes

 

[Slaymate]

Checkout Google

whitesmoke translator - Google Search

 

[cybersspot.com]

I don't know if that white smoke program was infected or not, but it did show up in the logs quite a bit.

My main problem is the lack of access to bing, google and yahoo searches.

I found them in the hijack this log. it was hijack this that said it couldn't fix it due denied write access. In the Hijack this log I found all the websites I can't access:

O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.ch
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.de
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.dk
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.fr
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.ie
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.it
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.jp
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.nl
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.no
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.nz
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.pl
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.se
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.uk
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 google.co.za
O1 - Hosts: 96.44.181.245 Google
O1 - Hosts: 96.44.181.245 Google Analytics | Official Website
O1 - Hosts: 96.44.181.245 Bing
O1 - Hosts: 96.44.181.245 search.yahoo.com
O1 - Hosts: 96.44.181.245 Yahoo! Search - Web Search
O1 - Hosts: 96.44.181.245 uk.search.yahoo.com
O1 - Hosts: 96.44.181.245 ca.search.yahoo.com
O1 - Hosts: 96.44.181.245 de.search.yahoo.com
O1 - Hosts: 96.44.181.245 fr.search.yahoo.com
O1 - Hosts: 96.44.181.245 au.search.yahoo.com


how do I chang this so I can access those websites?

 

[KSoD]

I have already said we are not going to do this for you. We are not going to let you get paid for our hard work.

Topic Closed.