1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help multiple viruses

Discussion in 'Virus & Other Malware Removal' started by dlthomson, Jul 7, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. dlthomson

    dlthomson Thread Starter

    Joined:
    Jul 7, 2007
    Messages:
    4
    Hi
    i am a begginer when it comes to computers so forgive me if i make a mistake. I run windows Xp and have norton 360 as my antivirus. But now i am getting a lot of warning messages saying i have potential spyware etc. I quit these warinings and they direct me to sites like http://amaena.com/securityworm81/in...993&affid=pp_3325544975&ax=1&p=4&ex=1&h=0&j=1 and udefender so i did some research and found many documents saying they are false but gave no help so i found this website. Below is a HiJackThis log i just took

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 3:58:39 PM, on 8/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\mgrs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\heather thomson\Temporary Internet Files\Content.IE5\FG80SBC4\HiJackThis_v2[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
    O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [Safe Cleaner] C:\WINDOWS\smc.bat
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C64A63-1C71-4FFC-B092-A774C95D9862}: NameServer = 80.225.250.178 80.225.250.186
    O21 - SSODL: msole - {C90F973E-1010-4CDB-AD90-99DED4CD4DAB} - C:\WINDOWS\msole.dll
    O21 - SSODL: msdde - {2A92855A-4C5D-4D83-8E02-087C45F5B5AC} - C:\WINDOWS\msdde.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 10736 bytes


    any help would be appreciated
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, dlthomson. :)

    Welcome to TSG.

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Note: In the event you already have SmitfraudFix, this is a new version that I need you to download.

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG] Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:


    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    While in Safe Mode, double-click on SmitfraudFix.exe

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    * Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK. (Applies to IE6 only)

    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" Delete everything except for "My Current Home Page". Click OK then Apply and OK.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware report, ActiveScan report and contents of C:\rapport.txt produced by Smitfraudfix.
     
  3. dlthomson

    dlthomson Thread Starter

    Joined:
    Jul 7, 2007
    Messages:
    4
    hi again. I did all i was told but for some reason AVG didnt make a report for me so im sorry that that is not there well here we go

    HJT log

    Logfile of Trend Micro HijackThis

    v2.0.0 (BETA)
    Scan saved at 6:48:50 PM, on 8/07/2007
    Platform: Windows XP SP2 (WinNT

    5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec

    Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\heather

    thomson\Desktop\Smitfraud\AVG Anti-

    Spyware 7.5\guard.exe
    C:\Program Files\Common

    Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program

    Files\SpywareDetector\SDService.exe
    C:\Program Files\Hewlett-

    Packard\Shared\hpqwmiex.exe
    C:\Program Files\hpq\HP Wireless

    Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_06

    \bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program

    Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program

    Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software

    Update\HPWuSchd2.exe
    C:\Program Files\Thomson\SpeedTouch

    USB\Dragdiag.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe
    C:\Program

    Files\SpywareDetector\SDSystemTray.exe
    C:\Documents and Settings\heather

    thomson\Desktop\Smitfraud\AVG Anti-

    Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\Sony

    Shared\AVLib\SSScsiSV.exe
    C:\Program

    Files\Google\GoogleToolbarNotifier\1.2.

    1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN

    Messenger\MsnMsgr.Exe
    C:\Program Files\Boots F2CD\Picture

    Suite\InsDetect.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet

    Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft

    Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN

    Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.5.0_06

    \bin\jucheck.exe
    C:\Documents and Settings\heather

    thomson\Desktop\Smitfraud\BFU\HiJackThi

    s_v2[1].exe

    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Start Page =

    http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

    resario&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

    resario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet

    Connection Wizard,ShellNext =

    http://ie.redirect.hp.com/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

    resario&pf=laptop
    O2 - BHO: Adobe PDF Reader Link Helper

    - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0

    \ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {184746EC-9E9D-

    4C7D-B9E7-9039EBD801A9} - C:\Program

    Files\Video ActiveX Access\iesplg.dll

    (file missing)
    O2 - BHO: (no name) - {1E8A6170-7264-

    4D0F-BEAE-D42A53123C75} - C:\Program

    Files\Common Files\Symantec

    Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-

    D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.5.0_06

    \bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-

    48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper -

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    - C:\Program Files\Common

    Files\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper -

    {AA58ED58-01DD-4d91-8333-CF10577473F7}

    - c:\program

    files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965

    -11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll
    O3 - Toolbar: Show Norton Toolbar -

    {90222687-F593-4738-B738-FBEE9C7B26DF}

    - C:\Program Files\Common

    Files\Symantec

    Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant]

    C:\Program Files\hpq\HP Wireless

    Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched]

    C:\Program Files\Java\jre1.5.0_06

    \bin\jusched.exe
    O4 - HKLM\..\Run: [NvCplDaemon]

    RUNDLL32.EXE C:\WINDOWS\system32

    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter]

    RUNDLL32.EXE C:\WINDOWS\system32

    \NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe

    /installquiet /nodetect
    O4 - HKLM\..\Run: [High Definition

    Audio Property Page Shortcut]

    CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program

    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService]

    "C:\Program

    Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update]

    C:\Program Files\Hp\HP Software

    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program

    Files\Hewlett-Packard\Default

    Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard]

    C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1]

    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

    /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1]

    C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002]

    C:\WINDOWS\system32

    \IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync]

    C:\WINDOWS\system32

    \IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A]

    C:\WINDOWS\system32

    \IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SpeedTouch USB

    Diagnostics] "C:\Program

    Files\Thomson\SpeedTouch

    USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SsAAD.exe]

    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program

    Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SystemTraySD]

    C:\Program

    Files\SpywareDetector\SDSystemTray.exe

    -AUTO
    O4 - HKLM\..\Run: [SDAutoLiveupdate]

    C:\Program

    Files\SpywareDetector\LiveUpdateSD.exe

    -AUTO
    O4 - HKLM\..\Run: [!AVG Anti-Spyware]

    "C:\Documents and Settings\heather

    thomson\Desktop\Smitfraud\AVG Anti-

    Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program

    Files\Google\GoogleToolbarNotifier\1.2.

    1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program

    Files\MSN Messenger\MsnMsgr.Exe"

    /background
    O4 - HKCU\..\Run: [Boots Insert Detect]

    C:\Program Files\Boots F2CD\Picture

    Suite\InsDetect.exe
    O4 - HKCU\..\Run: [Safe Cleaner]

    C:\WINDOWS\smc.bat
    O4 - Global Startup: Adobe Reader Speed

    Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0

    \Reader\reader_sl.exe
    O4 - Global Startup: HP Photosmart

    Premier Fast Start.lnk = C:\Program

    Files\HP\Digital

    Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    - C:\Program Files\Java\jre1.5.0_06

    \bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java

    Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683}

    - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows

    Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O14 - IERESET.INF:

    START_PAGE_URL=http://ie.redirect.hp.co

    m/svs/rdr?

    TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

    resario&pf=laptop
    O16 - DPF: {193C772A-87BE-4B19-A7BB-

    445B226FE9A1} (ewidoOnlineScan Control)

    -

    http://downloads.ewido.net/ewidoOnlineS

    can.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-

    83BD84642501} (Checkers Class) -

    http://messenger.zone.msn.com/binary/ms

    grchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-

    770EA5AA5565} (Solitaire Showdown

    Class) -

    http://messenger.zone.msn.com/binary/So

    litaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-

    115447494D24} (UnoCtrl Class) -

    http://messenger.zone.msn.com/EN-AU/a-

    UNO1/GAME_UNO1.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-

    5009F29E09E1} (ActiveScan Installer

    Class) -

    http://acs.pandasoftware.com/activescan

    /as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-

    220313175592} (MSN Games - Installer) -

    http://messenger.zone.msn.com/binary/ZI

    ntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-

    3EE46475B072} (MessengerStatsClient

    Class) -

    http://messenger.zone.msn.com/binary/Me

    ssengerStatsPAClient.cab56907.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{D9C6

    4A63-1C71-4FFC-B092-A774C95D9862}:

    NameServer = 80.225.250.178

    80.225.250.186
    O22 - SharedTaskScheduler: Browseui

    preloader - {438755C2-A8BA-11D1-B96B-

    00A0C90312E1} - C:\WINDOWS\system32

    \browseui.dll
    O22 - SharedTaskScheduler: Component

    Categories cache daemon - {8C7461EF-

    2B13-11d2-BE35-3078302C2030} -

    C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: coronally -

    {1b17f1db-790e-4d42-8e0c-d4d19123ee5b}

    - C:\WINDOWS\system32\xnvaogd.dll (file

    missing)
    O23 - Service: AddFiltr - Hewlett-

    Packard Development Company, L.P. -

    C:\Program Files\Hewlett-Packard\HP

    Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG Anti-Spyware Guard -

    GRISOFT s.r.o. - C:\Documents and

    Settings\heather

    thomson\Desktop\Smitfraud\AVG Anti-

    Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager

    (ccEvtMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec

    Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings

    Manager (ccSetMgr) - Symantec

    Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect

    service (CLTNetCnService) - Symantec

    Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) -

    Symantec Corporation - C:\Program

    Files\Common Files\Symantec

    Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service

    (gusvc) - Google - C:\Program

    Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-

    Packard Development Company, L.P. -

    C:\Program Files\Hewlett-

    Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table

    Manager (IDriverT) - Macrovision

    Corporation - c:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel

    32\IDriverT.exe
    O23 - Service: LightScribeService

    Direct Disc Labeling Service

    (LightScribeService) - Hewlett-Packard

    Company - C:\Program Files\Common

    Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec

    Corporation - C:\PROGRA~1

    \Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony

    Corporation - C:\Program Files\Common

    Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver

    Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony

    Corporation - C:\Program Files\Common

    Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SDService - Max Secure

    Software - C:\Program

    Files\SpywareDetector\SDService.exe
    O23 - Service: Sony SPTI Service

    (SPTISRV) - Sony Corporation -

    C:\Program Files\Common Files\Sony

    Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service

    (SSScsiSV) - Sony Corporation -

    C:\Program Files\Common Files\Sony

    Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC -

    Symantec Corporation - C:\Program

    Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 10541 bytes

    Active Scan


    Incident Status Location

    Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\heather thomson\Cookies\heather [email protected][1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\heather thomson\Cookies\heather [email protected][1].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\heather thomson\Cookies\heather [email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\heather thomson\Desktop\Smitfraud\SmitfraudFix\Process.exe
    Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\heather thomson\Desktop\Smitfraud\SmitfraudFix\restart.exe
     
  4. dlthomson

    dlthomson Thread Starter

    Joined:
    Jul 7, 2007
    Messages:
    4
    C: Rapport etc.

    SmitFraudFix v2.200

    Scan done at 17:56:48.42, Sun 08/07/2007
    Run from C:\Documents and Settings\heather thomson\Desktop\Smitfraud\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

    [HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\system32\xnvaogd.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\system32\xnvaogd.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 www.test.com
    127.0.0.1 www.ads.x10.com
    127.0.0.1 www.600pics.com
    127.0.0.1 www.doberman.befree.com
    127.0.0.1 www.enews.bfast.com
    127.0.0.1 www.etoys.bfast.com
    127.0.0.1 www.falcon.bfast.com
    127.0.0.1 www.ftp.befree.com
    127.0.0.1 www.ftp.bfast.com
    127.0.0.1 www.geocities.bfast.com
    127.0.0.1 www.goshoppingonline.bfast.com
    127.0.0.1 www.great-dane.befree.com
    127.0.0.1 www.great-dane.bfast.com
    127.0.0.1 www.greyhound.bfast.com
    127.0.0.1 www.help.bfast.com
    127.0.0.1 www.husky.bfast.com
    127.0.0.1 www.images.bfast.com
    127.0.0.1 www.imp.bfast.com
    127.0.0.1 www.njmgt1.bfast.com
    127.0.0.1 www.njmgt2.bfast.com
    127.0.0.1 www.njrep0.bfast.com
    127.0.0.1 www.njrep1.bfast.com
    127.0.0.1 www.njrep2.bfast.com
    127.0.0.1 www.njtxn1.bfast.com
    127.0.0.1 www.otterhound.bfast.com
    127.0.0.1 www.preprod-geocities.bfast.com
    127.0.0.1 www.preprod.bfast.com
    127.0.0.1 www.qwest.bfast.com
    127.0.0.1 www.reporting.net
    127.0.0.1 www.ridgeback.befree.com
    127.0.0.1 www.ridgeback.bfast.com
    127.0.0.1 www.samoyed.bfast.com
    127.0.0.1 www.scrappy.befree.com
    127.0.0.1 www.service.bfast.com
    127.0.0.1 www.travelocity.bfast.com
    127.0.0.1 www.travsoft.bfast.com
    127.0.0.1 www.verisign.bfast.com
    127.0.0.1 www.vulture.bfast.com
    127.0.0.1 www.whippet.bfast.com
    127.0.0.1 www.wolfhound.bfast.com
    127.0.0.1 www.befree.com
    127.0.0.1 www.s0.bluestreak.com
    127.0.0.1 www.s1.bluestreak.com
    127.0.0.1 www.s2.bluestreak.com
    127.0.0.1 www.s3.bluestreak.com
    127.0.0.1 www.s4.bluestreak.com
    127.0.0.1 www.s5.bluestreak.com
    127.0.0.1 www.s6.bluestreak.com
    127.0.0.1 www.s7.bluestreak.com
    127.0.0.1 www.s8.bluestreak.com
    127.0.0.1 www.abc.bnex.com
    127.0.0.1 www.alpha.bnex.com
    127.0.0.1 www.bnex.com
    127.0.0.1 www.customer.bnex.com
    127.0.0.1 www.db.bnex.com
    127.0.0.1 www.dev.bnex.com
    127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
    127.0.0.1 www.ghost.in.the.shell.at.bnex.com
    127.0.0.1 www.granite.bnex.com
    127.0.0.1 www.intarsia.bnex.com
    127.0.0.1 www.intranet.bnex.com
    127.0.0.1 www.jade.bnex.com
    127.0.0.1 www.malachite.bnex.com
    127.0.0.1 www.marble.bnex.com
    127.0.0.1 www.megastore.bnex.com
    127.0.0.1 www.mosaic.bnex.com
    127.0.0.1 www.ns1.bnex.com
    127.0.0.1 www.ns2.bnex.com
    127.0.0.1 www.onyx.bnex.com
    127.0.0.1 www.orion.bnex.com
    127.0.0.1 www.pebble.bnex.com
    127.0.0.1 www.preview.bnex.com
    127.0.0.1 www.quartz.bnex.com
    127.0.0.1 www.terrazzo.bnex.com
    127.0.0.1 www.vpos.bnex.com
    127.0.0.1 www.www.bnex.com
    127.0.0.1 www.ads.bpath.com
    127.0.0.1 www.ads01.bpath.com
    127.0.0.1 www.ads03.bpath.com
    127.0.0.1 www.ads04.bpath.com
    127.0.0.1 www.ads05.bpath.com
    127.0.0.1 www.ads06.bpath.com
    127.0.0.1 www.ads07.bpath.com
    127.0.0.1 www.ads08.bpath.com
    127.0.0.1 www.ads09.bpath.com
    127.0.0.1 www.ads1.bpath.com
    127.0.0.1 www.ads10.bpath.com
    127.0.0.1 www.ads11.bpath.com
    127.0.0.1 www.ads12.bpath.com
    127.0.0.1 www.ads13.bpath.com
    127.0.0.1 www.ads14.bpath.com
    127.0.0.1 www.ads15.bpath.com
    127.0.0.1 www.ads16.bpath.com
    127.0.0.1 www.ads17.bpath.com
    127.0.0.1 www.ads18.bpath.com
    127.0.0.1 www.ads19.bpath.com
    127.0.0.1 www.ads2.bpath.com
    127.0.0.1 www.ads20.bpath.com
    127.0.0.1 www.ads21.bpath.com
    127.0.0.1 www.ads22.bpath.com
    127.0.0.1 www.ads23.bpath.com
    127.0.0.1 www.ads24.bpath.com
    127.0.0.1 www.ads25.bpath.com
    127.0.0.1 www.ads26.bpath.com
    127.0.0.1 www.ads27.bpath.com
    127.0.0.1 www.ads28.bpath.com
    127.0.0.1 www.ads29.bpath.com
    127.0.0.1 www.ads3.bpath.com
    127.0.0.1 www.ads32.bpath.com
    127.0.0.1 www.ads33.bpath.com
    127.0.0.1 www.ads34.bpath.com
    127.0.0.1 www.ads35.bpath.com
    127.0.0.1 www.ads36.bpath.com
    127.0.0.1 www.ads37.bpath.com
    127.0.0.1 www.ads38.bpath.com
    127.0.0.1 www.ads39.bpath.com
    127.0.0.1 www.ads40.bpath.com
    127.0.0.1 www.ads41.bpath.com
    127.0.0.1 www.ads42.bpath.com
    127.0.0.1 www.ads43.bpath.com
    127.0.0.1 www.ads44.bpath.com
    127.0.0.1 www.ads45.bpath.com
    127.0.0.1 www.ads46.bpath.com
    127.0.0.1 www.ads47.bpath.com
    127.0.0.1 www.ads48.bpath.com
    127.0.0.1 www.ads49.bpath.com
    127.0.0.1 www.ads50.bpath.com
    127.0.0.1 www.ads51.bpath.com
    127.0.0.1 www.ads52.bpath.com
    127.0.0.1 www.bpath.com
    127.0.0.1 www.www.bpath.com
    127.0.0.1 www.acim.com
    127.0.0.1 www.commission-junction.com
    127.0.0.1 www.e250a.track4.com
    127.0.0.1 www.fingerhut.track4.com
    127.0.0.1 www.foxy.acim.com
    127.0.0.1 www.foxy.track4.com
    127.0.0.1 www.ftp.acim.com
    127.0.0.1 www.ftp.track4.com
    127.0.0.1 www.gate.acim.com
    127.0.0.1 www.gifttree.track4.com
    127.0.0.1 www.maximizer.acim.com
    127.0.0.1 www.ns1.acim.com
    127.0.0.1 www.ns2.acim.com
    127.0.0.1 www.plum.acim.com
    127.0.0.1 www.sz.track4.com
    127.0.0.1 www.toten.acim.com
    127.0.0.1 www.towerrecords.track4.com
    127.0.0.1 www.track4.com
    127.0.0.1 www.translucent.acim.com
    127.0.0.1 www.www.acim.com
    127.0.0.1 www1.track4.com
    127.0.0.1 www2.track4.com
    127.0.0.1 www3.track4.com
    127.0.0.1 www.3Aad.doubleclick.net
    127.0.0.1 www.aa.doubleclick.net
    127.0.0.1 www.accord.netgravity.com
    127.0.0.1 www.ad.au.doubleclick.net
    127.0.0.1 www.ad.br.doubleclick.net
    127.0.0.1 www.ad.ca.doubleclick.net
    127.0.0.1 www.ad.contentzone.com
    127.0.0.1 www.ad.de.doubleclick.net
    127.0.0.1 www.ad.doubleclick.com
    127.0.0.1 www.ad.es.doubleclick.net
    127.0.0.1 www.ad.fi.doubleclick.net
    127.0.0.1 www.ad.fr.doubleclick.net
    127.0.0.1 www.ad.it.doubleclick.net
    127.0.0.1 www.ad.jp.doubleclick.net
    127.0.0.1 www.ad.my.doubleclick.net
    127.0.0.1 www.ad.nl.doubleclick.net
    127.0.0.1 www.ad.no.doubleclick.net
    127.0.0.1 www.ad.pt.doubleclick.net
    127.0.0.1 www.ad.se.doubleclick.net
    127.0.0.1 www.ad.sg.doubleclick.net
    127.0.0.1 www.ad.sq.doubleclick.net
    127.0.0.1 www.ad.uk.doubleclick.net
    127.0.0.1 www.ad.us.doubleclick.net
    127.0.0.1 www.ad1.doubleclick.net
    127.0.0.1 www.ad2.doubleclick.net
    127.0.0.1 www.ad3.doubleclick.net
    127.0.0.1 www.adcenter1.netgravity.com
    127.0.0.1 www.ADS-SECONDARY.doubleclick.net
    127.0.0.1 www.ads.double-click.com
    127.0.0.1 www.bay-sw-10.netgravity.com
    127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
    127.0.0.1 www.caelum.netgravity.com
    127.0.0.1 www.de1.doubleclick.net
    127.0.0.1 www.demo.netgravity.com
    127.0.0.1 www.double-click.com
    127.0.0.1 www.doubleclick.com
    127.0.0.1 www.doubleclick.net
    127.0.0.1 www.draco.netgravity.com
    127.0.0.1 www.dyson.netgravity.com
    127.0.0.1 www.ecommerce.netgravity.com
    127.0.0.1 www.engpptp.netgravity.com
    127.0.0.1 www.enterprise.netgravity.com
    127.0.0.1 www.exnjadgda1.doubleclick.net
    127.0.0.1 www.exnjadgda2.doubleclick.net
    127.0.0.1 www.exnjadgds1.doubleclick.net
    127.0.0.1 www.exnjmdgda1.doubleclick.net
    127.0.0.1 www.exnjmdgds1.doubleclick.net
    127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
    127.0.0.1 www.fr1.doubleclick.net
    127.0.0.1 www.ftp.netgravity.com
    127.0.0.1 www.gatekeeper.netgravity.com
    127.0.0.1 www.gd20.doubleclick.net
    127.0.0.1 www.gd25.doubleclick.net
    127.0.0.1 www.gd28.doubleclick.net
    127.0.0.1 www.gd4.doubleclick.net
    127.0.0.1 www.gravitychannel.netgravity.com
    127.0.0.1 www.gravityhome.netgravity.com
    127.0.0.1 www.home.netgravity.com
    127.0.0.1 www.In.doubleclick.net
    127.0.0.1 www.joinchannel.netgravity.com
    127.0.0.1 www.jp.doubleclick.net
    127.0.0.1 www.listserver.netgravity.com
    127.0.0.1 www.ln.doubleclick.net
    127.0.0.1 www.lon-router.netgravity.com
    127.0.0.1 www.london.netgravity.com
    127.0.0.1 www.lucian.netgravity.com
    127.0.0.1 www.m.doubleclick.com
    127.0.0.1 www.m.doubleclick.net
    127.0.0.1 www.m2.doubleclick.net
    127.0.0.1 www.MAILEXODUS.doubleclick.net
    127.0.0.1 www.mdist.doubleclick.net
    127.0.0.1 www.mplex-dfa.doubleclick.net
    127.0.0.1 www.myhome.netgravity.com
    127.0.0.1 www.nda.netgravity.com
    127.0.0.1 www.netgravity.com
    127.0.0.1 www.network-199-95-207-10.doubleclick.net
    127.0.0.1 www.network-199-95-207-138.doubleclick.net
    127.0.0.1 www.network-199-95-207-148.doubleclick.net
    127.0.0.1 www.network-199-95-207-2.doubleclick.net
    127.0.0.1 www.network-199-95-207-3.doubleclick.net
    127.0.0.1 www.network-199-95-207-4.doubleclick.net
    127.0.0.1 www.network-199-95-207-5.doubleclick.net
    127.0.0.1 www.network-199-95-207-6.doubleclick.net
    127.0.0.1 www.network-199-95-207-7.doubleclick.net
    127.0.0.1 www.network-199-95-207-8.doubleclick.net
    127.0.0.1 www.network-199-95-207-9.doubleclick.net
    127.0.0.1 www.network-199-95-208-10.doubleclick.net
    127.0.0.1 www.network-199-95-208-2.doubleclick.net
    127.0.0.1 www.network-199-95-208-3.doubleclick.net
    127.0.0.1 www.network-199-95-208-4.doubleclick.net
    127.0.0.1 www.network-199-95-208-5.doubleclick.net
    127.0.0.1 www.network-199-95-208-6.doubleclick.net
    127.0.0.1 www.network-199-95-208-7.doubleclick.net
    127.0.0.1 www.network-199-95-208-8.doubleclick.net
    127.0.0.1 www.network-209-67-38-10.doubleclick.net
    127.0.0.1 www.network-209-67-38-2.doubleclick.net
    127.0.0.1 www.network-209-67-38-3.doubleclick.net
    127.0.0.1 www.network-209-67-38-4.doubleclick.net
    127.0.0.1 www.network-209-67-38-5.doubleclick.net
    127.0.0.1 www.network-209-67-38-6.doubleclick.net
    127.0.0.1 www.network-209-67-38-7.doubleclick.net
    127.0.0.1 www.network-209-67-38-8.doubleclick.net
    127.0.0.1 www.network-209-67-38-9.doubleclick.net
    127.0.0.1 www.news.netgravity.com
    127.0.0.1 www.ng-webserver.netgravity.com
    127.0.0.1 www.nl.doubleclick.net
    127.0.0.1 www.no.doubleclick.net
    127.0.0.1 www.ns.doubleclick.net
    127.0.0.1 www.ns1.doubleclick.net
    127.0.0.1 www.ns2.doubleclick.net
    127.0.0.1 www.ny-router.netgravity.com
    127.0.0.1 www.ny.netgravity.com
    127.0.0.1 www.phase2media.doubleclick.net
    127.0.0.1 www.pptp-server.netgravity.com
    127.0.0.1 www.pptp.netgravity.com
    127.0.0.1 www.proxy.netgravity.com
    127.0.0.1 www.rdbox.doubleclick.net
    127.0.0.1 www.resolver.doubleclick.net
    127.0.0.1 www.sanders.netgravity.com
    127.0.0.1 www.se.doubleclick.net
    127.0.0.1 www.se1.doubleclick.net
    127.0.0.1 www.SITEPAGES.doubleclick.net
    127.0.0.1 www.smhq-fe1-0.netgravity.com
    127.0.0.1 www.sold.netgravity.com
    127.0.0.1 www.suitespot.netgravity.com
    127.0.0.1 www.support.netgravity.com
    127.0.0.1 www.uk.doubleclick.net
    127.0.0.1 www.uk1.doubleclick.net
    127.0.0.1 www.us.doubleclick.net
    127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
    127.0.0.1 www.uunyadgda1.doubleclick.net
    127.0.0.1 www.uunyadgds1.doubleclick.net
    127.0.0.1 www3.netgravity.com
    127.0.0.1 www4.netgravity.com
    127.0.0.1 www.zac.netgravity.com
    127.0.0.1 www.ads1.speedbit.com
    127.0.0.1 www.ads2.speedbit.com
    127.0.0.1 www.ads3.speedbit.com
    127.0.0.1 www3.speedbit.com
    127.0.0.1 www.speedbit.com
    127.0.0.1 www.54.conducent.com
    127.0.0.1 www.addbtest.conducent.com
    127.0.0.1 www.addbtest.timesink.com
    127.0.0.1 www.addltest.conducent.com
    127.0.0.1 www.addltest.timesink.com
    127.0.0.1 www.addltestmaster.conducent.com
    127.0.0.1 www.adqa.conducent.com
    127.0.0.1 www.contentalpha.conducent.com
    127.0.0.1 www.contentqa.conducent.com
    127.0.0.1 www.contents.conducent.com
    127.0.0.1 www.contents1.conducent.com
    127.0.0.1 www.contenttest.conducent.com
    127.0.0.1 www.digisle.conducent.com
    127.0.0.1 www.DNS1.CONDUCENT.COM
    127.0.0.1 www.download.timesink.com
    127.0.0.1 www.eroom.conducent.com
    127.0.0.1 www.firewall.conducent.com
    127.0.0.1 www.firewall.timesink.com
    127.0.0.1 www.ftp.conducent.com
    127.0.0.1 www.hermes.conducent.com
    127.0.0.1 www.ip134.conducent.com
    127.0.0.1 www.ip134.timesink.com
    127.0.0.1 www.Jerry.conducent.com
    127.0.0.1 www.mail.conducent.com
    127.0.0.1 www.mail.timesink.com
    127.0.0.1 www.nandbob.conducent.com
    127.0.0.1 www.nid.conducent.com
    127.0.0.1 www.nid.timesink.com
    127.0.0.1 www.nidinternal.conducent.com
    127.0.0.1 www.nidinternal.timesink.com
    127.0.0.1 www.nidinternaltest.conducent.com
    127.0.0.1 www.nidtest.conducent.com
    127.0.0.1 www.nidtest.timesink.com
    127.0.0.1 www.nt2.conducent.com
    127.0.0.1 www.pop3.conducent.com
    127.0.0.1 www.pop3.timesink.com
    127.0.0.1 www.proxytest.conducent.com
    127.0.0.1 www.pushv5.conducent.com
    127.0.0.1 www.redirectqa.conducent.com
    127.0.0.1 www.redirects.conducent.com
    127.0.0.1 www.redirects.timesink.com
    127.0.0.1 www.redirecttest.conducent.com
    127.0.0.1 www.smtp.conducent.com
    127.0.0.1 www.smtp.timesink.com
    127.0.0.1 www.softwares.conducent.com
    127.0.0.1 www.softwares.timesink.com
    127.0.0.1 www.sterlinga.conducent.com
    127.0.0.1 www.sterlingf.conducent.com
    127.0.0.1 www.updates2.conducent.com
    127.0.0.1 www.updatetest.conducent.com
    127.0.0.1 www.warsport.timesink.com
    127.0.0.1 www.conducent.com
    127.0.0.1 www.test.conducent.com
    127.0.0.1 www.test.timesink.com
    127.0.0.1 www.zeus.conducent.com
    127.0.0.1 www.zeus.timesink.com
    127.0.0.1 www.bob.web3000.com
    127.0.0.1 www.tasha.web3000.com
    127.0.0.1 www1.web3000.com
    127.0.0.1 www7.web3000.com
    127.0.0.1 www.abbott.radiate.com
    127.0.0.1 www.ad2-1.aureate.com
    127.0.0.1 www.ad2-2.aureate.com
    127.0.0.1 www.ad2-3.aureate.com
    127.0.0.1 www.ad2-4.aureate.com
    127.0.0.1 www.adam.radiate.com
    127.0.0.1 www.adserv2-301-sjc2.radiate.com
    127.0.0.1 www.adserv3-408-sjc2.radiate.com
    127.0.0.1 www.adsoftware.com
    127.0.0.1 www.aim.adsoftware.com
    127.0.0.1 www.aim.aureate.com
    127.0.0.1 www.aim1.adsoftware.com
    127.0.0.1 www.aim1.aureate.com
    127.0.0.1 www.aim2.adsoftware.com
    127.0.0.1 www.aim2.aureate.com
    127.0.0.1 www.aim3.adsoftware.com
    127.0.0.1 www.aim3.aureate.com
    127.0.0.1 www.aim4.adsoftware.com
    127.0.0.1 www.aim4.aureate.com
    127.0.0.1 www.aim5.adsoftware.com
    127.0.0.1 www.aim5.aureate.com
    127.0.0.1 www.aim6.adsoftware.com
    127.0.0.1 www.alexander.aureate.com
    127.0.0.1 www.ans-test.adsoftware.com
    127.0.0.1 www.ans1.adsoftware.com
    127.0.0.1 www.ans10.adsoftware.com
    127.0.0.1 www.ans2.adsoftware.com
    127.0.0.1 www.ans3.adsoftware.com
    127.0.0.1 www.apc-pdu-1.aureate.com
    127.0.0.1 www.apc-pdu-2.aureate.com
    127.0.0.1 www.aristotle.aureate.com
    127.0.0.1 www.ask-a-chick.com
    127.0.0.1 www.aureate-colo-hp2424m.aureate.com
    127.0.0.1 www.aureate-main-2611.aureate.com
    127.0.0.1 www.aureate.com
    127.0.0.1 www.aureatemedia.com
    127.0.0.1 www.bach.aureate.com
    127.0.0.1 www.bc-208-184-172-192.radiate.com
    127.0.0.1 www.bigmama.radiate.com
    127.0.0.1 www.binarybliss.com
    127.0.0.1 www.bonnie2.radiate.com
    127.0.0.1 www.brinks.radiate.com
    127.0.0.1 www.brutus.radiate.com
    127.0.0.1 www.caesar.aureate.com
    127.0.0.1 www.confucius.aureate.com
    127.0.0.1 www.constantine.aureate.com
    127.0.0.1 www.cook.aureate.com
    127.0.0.1 www.copernicus.aureate.com
    127.0.0.1 www.corona.radiate.com
    127.0.0.1 www.costello.radiate.com
    127.0.0.1 www.curly.aureate.com
    127.0.0.1 www.cyrus.aureate.com
    127.0.0.1 www.deadmanwalking.radiate.com
    127.0.0.1 www.dell.radiate.com
    127.0.0.1 www.dillinger.aureate.com
    127.0.0.1 www.dolphinsfootball.com
    127.0.0.1 www.dosequis.radiate.com
    127.0.0.1 www.download.binarybliss.com
    127.0.0.1 www.foreigner.radiate.com
    127.0.0.1 www.freud.aureate.com
    127.0.0.1 www.ftp.gozilla.com
    127.0.0.1 www.gameboy.aureate.com
    127.0.0.1 www.gd1.radiate.com
    127.0.0.1 www.gizmo.net
    127.0.0.1 www.godzilla.radiate.com
    127.0.0.1 www.gozilla.com
    127.0.0.1 www.group-mail.com
    127.0.0.1 www.gzs-6509.radiate.com
    127.0.0.1 www.gzs-7206.radiate.com
    127.0.0.1 www.gzs-ld.radiate.com
    127.0.0.1 www.h-208-184-172-10.radiate.com
    127.0.0.1 www.h-208-184-172-100.radiate.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 ads.x10.com
    127.0.0.1 600pics.com
    127.0.0.1 doberman.befree.com
    127.0.0.1 enews.bfast.com
    127.0.0.1 etoys.bfast.com
    127.0.0.1 falcon.bfast.com
    127.0.0.1 ftp.befree.com
    127.0.0.1 ftp.bfast.com
    127.0.0.1 geocities.bfast.com
    127.0.0.1 goshoppingonline.bfast.com
    127.0.0.1 great-dane.befree.com
    127.0.0.1 great-dane.bfast.com
    127.0.0.1 greyhound.bfast.com
    127.0.0.1 help.bfast.com
    127.0.0.1 husky.bfast.com
    127.0.0.1 images.bfast.com
    127.0.0.1 imp.bfast.com
    127.0.0.1 njmgt1.bfast.com
    127.0.0.1 njmgt2.bfast.com
    127.0.0.1 njrep0.bfast.com
    127.0.0.1 njrep2.bfast.com
    127.0.0.1 njrep1.bfast.com
    127.0.0.1 njtxn1.bfast.com
    127.0.0.1 otterhound.bfast.com
    127.0.0.1 preprod-geocities.bfast.com
    127.0.0.1 preprod.bfast.com
    127.0.0.1 qwest.bfast.com
    127.0.0.1 reporting.net
    127.0.0.1 ridgeback.befree.com
    127.0.0.1 ridgeback.bfast.com
    127.0.0.1 samoyed.bfast.com
    127.0.0.1 scrappy.befree.com
    127.0.0.1 service.bfast.com
    127.0.0.1 travelocity.bfast.com
    127.0.0.1 travsoft.bfast.com
    127.0.0.1 verisign.bfast.com
    127.0.0.1 vulture.bfast.com
    127.0.0.1 whippet.bfast.com
    127.0.0.1 wolfhound.bfast.com
    127.0.0.1 befree.com
    127.0.0.1 s0.bluestreak.com
    127.0.0.1 s1.bluestreak.com
    127.0.0.1 s2.bluestreak.com
    127.0.0.1 s3.bluestreak.com
    127.0.0.1 s4.bluestreak.com
    127.0.0.1 s5.bluestreak.com
    127.0.0.1 s6.bluestreak.com
    127.0.0.1 s7.bluestreak.com
    127.0.0.1 s8.bluestreak.com
    127.0.0.1 abc.bnex.com
    127.0.0.1 alpha.bnex.com
    127.0.0.1 bnex.com
    127.0.0.1 customer.bnex.com
    127.0.0.1 db.bnex.com
    127.0.0.1 dev.bnex.com
    127.0.0.1 do.you.uh.yahoo.at.bnex.com
    127.0.0.1 ghost.in.the.shell.at.bnex.com
    127.0.0.1 granite.bnex.com
    127.0.0.1 intarsia.bnex.com
    127.0.0.1 intranet.bnex.com
    127.0.0.1 jade.bnex.com
    127.0.0.1 malachite.bnex.com
    127.0.0.1 marble.bnex.com
    127.0.0.1 megastore.bnex.com
    127.0.0.1 mosaic.bnex.com
    127.0.0.1 ns1.bnex.com
    127.0.0.1 ns2.bnex.com
    127.0.0.1 onyx.bnex.com
    127.0.0.1 orion.bnex.com
    127.0.0.1 pebble.bnex.com
    127.0.0.1 preview.bnex.com
    127.0.0.1 quartz.bnex.com
    127.0.0.1 terrazzo.bnex.com
    127.0.0.1 vpos.bnex.com
    127.0.0.1 ads.bpath.com
    127.0.0.1 ads01.bpath.com
    127.0.0.1 ads03.bpath.com
    127.0.0.1 ads04.bpath.com
    127.0.0.1 ads05.bpath.com
    127.0.0.1 ads06.bpath.com
    127.0.0.1 ads07.bpath.com
    127.0.0.1 ads08.bpath.com
    127.0.0.1 ads09.bpath.com
    127.0.0.1 ads1.bpath.com
    127.0.0.1 ads10.bpath.com
    127.0.0.1 ads11.bpath.com
    127.0.0.1 ads12.bpath.com
    127.0.0.1 ads13.bpath.com
    127.0.0.1 ads14.bpath.com
    127.0.0.1 ads15.bpath.com
    127.0.0.1 ads16.bpath.com
    127.0.0.1 ads17.bpath.com
    127.0.0.1 ads18.bpath.com
    127.0.0.1 ads19.bpath.com
    127.0.0.1 ads2.bpath.com
    127.0.0.1 ads20.bpath.com
    127.0.0.1 ads21.bpath.com
    127.0.0.1 ads22.bpath.com
    127.0.0.1 ads23.bpath.com
    127.0.0.1 ads24.bpath.com
    127.0.0.1 ads25.bpath.com
    127.0.0.1 ads26.bpath.com
    127.0.0.1 ads27.bpath.com
    127.0.0.1 ads28.bpath.com
    127.0.0.1 ads29.bpath.com
    127.0.0.1 ads3.bpath.com
    127.0.0.1 ads32.bpath.com
    127.0.0.1 ads33.bpath.com
    127.0.0.1 ads34.bpath.com
    127.0.0.1 ads35.bpath.com
    127.0.0.1 ads36.bpath.com
    127.0.0.1 ads37.bpath.com
    127.0.0.1 ads38.bpath.com
    127.0.0.1 ads39.bpath.com
    127.0.0.1 ads40.bpath.com
    127.0.0.1 ads41.bpath.com
    127.0.0.1 ads42.bpath.com
    127.0.0.1 ads43.bpath.com
    127.0.0.1 ads44.bpath.com
    127.0.0.1 ads45.bpath.com
    127.0.0.1 ads46.bpath.com
    127.0.0.1 ads47.bpath.com
    127.0.0.1 ads48.bpath.com
    127.0.0.1 ads49.bpath.com
    127.0.0.1 ads50.bpath.com
    127.0.0.1 ads51.bpath.com
    127.0.0.1 ads52.bpath.com
    127.0.0.1 bpath.com
    127.0.0.1 acim.com
    127.0.0.1 commission-junction.com
    127.0.0.1 e250a.track4.com
    127.0.0.1 fingerhut.track4.com
    127.0.0.1 foxy.acim.com
    127.0.0.1 foxy.track4.com
    127.0.0.1 ftp.acim.com
    127.0.0.1 ftp.track4.com
    127.0.0.1 gate.acim.com
    127.0.0.1 gifttree.track4.com
    127.0.0.1 maximizer.acim.com
    127.0.0.1 ns1.acim.com
    127.0.0.1 ns2.acim.com
    127.0.0.1 plum.acim.com
    127.0.0.1 sz.track4.com
    127.0.0.1 toten.acim.com
    127.0.0.1 towerrecords.track4.com
    127.0.0.1 track4.com
    127.0.0.1 translucent.acim.com
    127.0.0.1 1.track4.com
    127.0.0.1 2.track4.com
    127.0.0.1 3.track4.com
    127.0.0.1 3Aad.doubleclick.net
    127.0.0.1 aa.doubleclick.net
    127.0.0.1 accord.netgravity.com
    127.0.0.1 ad.au.doubleclick.net
    127.0.0.1 ad.br.doubleclick.net
    127.0.0.1 ad.ca.doubleclick.net
    127.0.0.1 ad.contentzone.com
    127.0.0.1 ad.de.doubleclick.net
    127.0.0.1 ad.doubleclick.com
    127.0.0.1 ad.es.doubleclick.net
    127.0.0.1 ad.fi.doubleclick.net
    127.0.0.1 ad.fr.doubleclick.net
    127.0.0.1 ad.it.doubleclick.net
    127.0.0.1 ad.jp.doubleclick.net
    127.0.0.1 ad.my.doubleclick.net
    127.0.0.1 ad.nl.doubleclick.net
    127.0.0.1 ad.no.doubleclick.net
    127.0.0.1 ad.pt.doubleclick.net
    127.0.0.1 ad.se.doubleclick.net
    127.0.0.1 ad.sg.doubleclick.net
    127.0.0.1 ad.sq.doubleclick.net
     
  5. dlthomson

    dlthomson Thread Starter

    Joined:
    Jul 7, 2007
    Messages:
    4
    127.0.0.1 ad.uk.doubleclick.net
    127.0.0.1 ad.us.doubleclick.net
    127.0.0.1 ad1.doubleclick.net
    127.0.0.1 ad2.doubleclick.net
    127.0.0.1 ad3.doubleclick.net
    127.0.0.1 adcenter1.netgravity.com
    127.0.0.1 ADS-SECONDARY.doubleclick.net
    127.0.0.1 ads.double-click.com
    127.0.0.1 bay-sw-10.netgravity.com
    127.0.0.1 bbn-gw.NYC1.doubleclick.net
    127.0.0.1 caelum.netgravity.com
    127.0.0.1 de1.doubleclick.net
    127.0.0.1 demo.netgravity.com
    127.0.0.1 double-click.com
    127.0.0.1 doubleclick.com
    127.0.0.1 doubleclick.net
    127.0.0.1 draco.netgravity.com
    127.0.0.1 dyson.netgravity.com
    127.0.0.1 ecommerce.netgravity.com
    127.0.0.1 engpptp.netgravity.com
    127.0.0.1 enterprise.netgravity.com
    127.0.0.1 exnjadgda1.doubleclick.net
    127.0.0.1 exnjadgda2.doubleclick.net
    127.0.0.1 exnjadgds1.doubleclick.net
    127.0.0.1 exnjmdgda1.doubleclick.net
    127.0.0.1 exnjmdgds1.doubleclick.net
    127.0.0.1 exodus-gw.EWR1.doubleclick.net
    127.0.0.1 fr1.doubleclick.net
    127.0.0.1 ftp.netgravity.com
    127.0.0.1 gatekeeper.netgravity.com
    127.0.0.1 gd20.doubleclick.net
    127.0.0.1 gd25.doubleclick.net
    127.0.0.1 gd28.doubleclick.net
    127.0.0.1 gd4.doubleclick.net
    127.0.0.1 gravitychannel.netgravity.com
    127.0.0.1 gravityhome.netgravity.com
    127.0.0.1 home.netgravity.com
    127.0.0.1 In.doubleclick.net
    127.0.0.1 joinchannel.netgravity.com
    127.0.0.1 jp.doubleclick.net
    127.0.0.1 listserver.netgravity.com
    127.0.0.1 ln.doubleclick.net
    127.0.0.1 lon-router.netgravity.com
    127.0.0.1 london.netgravity.com
    127.0.0.1 lucian.netgravity.com
    127.0.0.1 m.doubleclick.com
    127.0.0.1 m.doubleclick.net
    127.0.0.1 m2.doubleclick.net
    127.0.0.1 MAILEXODUS.doubleclick.net
    127.0.0.1 mdist.doubleclick.net
    127.0.0.1 mplex-dfa.doubleclick.net
    127.0.0.1 myhome.netgravity.com
    127.0.0.1 nda.netgravity.com
    127.0.0.1 netgravity.com
    127.0.0.1 network-199-95-207-10.doubleclick.net
    127.0.0.1 network-199-95-207-138.doubleclick.net
    127.0.0.1 network-199-95-207-148.doubleclick.net
    127.0.0.1 network-199-95-207-2.doubleclick.net
    127.0.0.1 network-199-95-207-3.doubleclick.net
    127.0.0.1 network-199-95-207-4.doubleclick.net
    127.0.0.1 network-199-95-207-5.doubleclick.net
    127.0.0.1 network-199-95-207-6.doubleclick.net
    127.0.0.1 network-199-95-207-7.doubleclick.net
    127.0.0.1 network-199-95-207-8.doubleclick.net
    127.0.0.1 network-199-95-207-9.doubleclick.net
    127.0.0.1 network-199-95-208-10.doubleclick.net
    127.0.0.1 network-199-95-208-2.doubleclick.net
    127.0.0.1 network-199-95-208-3.doubleclick.net
    127.0.0.1 network-199-95-208-4.doubleclick.net
    127.0.0.1 network-199-95-208-5.doubleclick.net
    127.0.0.1 network-199-95-208-6.doubleclick.net
    127.0.0.1 network-199-95-208-7.doubleclick.net
    127.0.0.1 network-199-95-208-8.doubleclick.net
    127.0.0.1 network-209-67-38-10.doubleclick.net
    127.0.0.1 network-209-67-38-2.doubleclick.net
    127.0.0.1 network-209-67-38-3.doubleclick.net
    127.0.0.1 network-209-67-38-4.doubleclick.net
    127.0.0.1 network-209-67-38-5.doubleclick.net
    127.0.0.1 network-209-67-38-6.doubleclick.net
    127.0.0.1 network-209-67-38-7.doubleclick.net
    127.0.0.1 network-209-67-38-8.doubleclick.net
    127.0.0.1 network-209-67-38-9.doubleclick.net
    127.0.0.1 news.netgravity.com
    127.0.0.1 ng-webserver.netgravity.com
    127.0.0.1 nl.doubleclick.net
    127.0.0.1 no.doubleclick.net
    127.0.0.1 ns.doubleclick.net
    127.0.0.1 ns1.doubleclick.net
    127.0.0.1 ns2.doubleclick.net
    127.0.0.1 ny-router.netgravity.com
    127.0.0.1 ny.netgravity.com
    127.0.0.1 phase2media.doubleclick.net
    127.0.0.1 pptp-server.netgravity.com
    127.0.0.1 pptp.netgravity.com
    127.0.0.1 proxy.netgravity.com
    127.0.0.1 rdbox.doubleclick.net
    127.0.0.1 resolver.doubleclick.net
    127.0.0.1 sanders.netgravity.com
    127.0.0.1 se.doubleclick.net
    127.0.0.1 se1.doubleclick.net
    127.0.0.1 SITEPAGES.doubleclick.net
    127.0.0.1 smhq-fe1-0.netgravity.com
    127.0.0.1 sold.netgravity.com
    127.0.0.1 suitespot.netgravity.com
    127.0.0.1 support.netgravity.com
    127.0.0.1 uk.doubleclick.net
    127.0.0.1 uk1.doubleclick.net
    127.0.0.1 us.doubleclick.net
    127.0.0.1 uunet-gw.NYC1.doubleclick.net
    127.0.0.1 uunyadgda1.doubleclick.net
    127.0.0.1 uunyadgds1.doubleclick.net
    127.0.0.1 3.netgravity.com
    127.0.0.1 4.netgravity.com
    127.0.0.1 zac.netgravity.com
    127.0.0.1 ads1.speedbit.com
    127.0.0.1 ads2.speedbit.com
    127.0.0.1 ads3.speedbit.com
    127.0.0.1 speedbit.com
    127.0.0.1 54.conducent.com
    127.0.0.1 addbtest.conducent.com
    127.0.0.1 addbtest.timesink.com
    127.0.0.1 addltest.conducent.com
    127.0.0.1 addltest.timesink.com
    127.0.0.1 adqa.conducent.com
    127.0.0.1 contentalpha.conducent.com
    127.0.0.1 contentqa.conducent.com
    127.0.0.1 contents.conducent.com
    127.0.0.1 contents1.conducent.com
    127.0.0.1 contenttest.conducent.com
    127.0.0.1 digisle.conducent.com
    127.0.0.1 DNS1.CONDUCENT.COM
    127.0.0.1 download.timesink.com
    127.0.0.1 eroom.conducent.com
    127.0.0.1 firewall.conducent.com
    127.0.0.1 firewall.timesink.com
    127.0.0.1 ftp.conducent.com
    127.0.0.1 hermes.conducent.com
    127.0.0.1 ip134.conducent.com
    127.0.0.1 ip134.timesink.com
    127.0.0.1 Jerry.conducent.com
    127.0.0.1 mail.conducent.com
    127.0.0.1 mail.timesink.com
    127.0.0.1 nandbob.conducent.com
    127.0.0.1 nid.conducent.com
    127.0.0.1 nid.timesink.com
    127.0.0.1 nidinternal.conducent.com
    127.0.0.1 nidinternal.timesink.com
    127.0.0.1 nidinternaltest.conducent.com
    127.0.0.1 nidtest.conducent.com
    127.0.0.1 nidtest.timesink.com
    127.0.0.1 nt2.conducent.com
    127.0.0.1 pop3.conducent.com
    127.0.0.1 pop3.timesink.com
    127.0.0.1 proxytest.conducent.com
    127.0.0.1 pushv5.conducent.com
    127.0.0.1 redirectqa.conducent.com
    127.0.0.1 redirects.conducent.com
    127.0.0.1 redirects.timesink.com
    127.0.0.1 redirecttest.conducent.com
    127.0.0.1 smtp.conducent.com
    127.0.0.1 smtp.timesink.com
    127.0.0.1 softwares.conducent.com
    127.0.0.1 softwares.timesink.com
    127.0.0.1 sterlinga.conducent.com
    127.0.0.1 sterlingf.conducent.com
    127.0.0.1 updates2.conducent.com
    127.0.0.1 updatetest.conducent.com
    127.0.0.1 warsport.timesink.com
    127.0.0.1 conducent.com
    127.0.0.1 test.conducent.com
    127.0.0.1 test.timesink.com
    127.0.0.1 zeus.conducent.com
    127.0.0.1 zeus.timesink.com
    127.0.0.1 bob.web3000.com
    127.0.0.1 tasha.web3000.com
    127.0.0.1 web3000.com
    127.0.0.1 7.web3000.com
    127.0.0.1 abbott.radiate.com
    127.0.0.1 ad2-1.aureate.com
    127.0.0.1 ad2-2.aureate.com
    127.0.0.1 ad2-3.aureate.com
    127.0.0.1 ad2-4.aureate.com
    127.0.0.1 adam.radiate.com
    127.0.0.1 adserv2-301-sjc2.radiate.com
    127.0.0.1 adserv3-408-sjc2.radiate.com
    127.0.0.1 adsoftware.com
    127.0.0.1 aim.adsoftware.com
    127.0.0.1 aim.aureate.com
    127.0.0.1 aim1.adsoftware.com
    127.0.0.1 aim1.aureate.com
    127.0.0.1 aim2.adsoftware.com
    127.0.0.1 aim2.aureate.com
    127.0.0.1 aim3.adsoftware.com
    127.0.0.1 aim3.aureate.com
    127.0.0.1 aim4.adsoftware.com
    127.0.0.1 aim4.aureate.com
    127.0.0.1 aim5.adsoftware.com
    127.0.0.1 aim5.aureate.com
    127.0.0.1 aim6.adsoftware.com
    127.0.0.1 alexander.aureate.com
    127.0.0.1 ans-test.adsoftware.com
    127.0.0.1 ans1.adsoftware.com
    127.0.0.1 ans10.adsoftware.com
    127.0.0.1 ans2.adsoftware.com
    127.0.0.1 ans3.adsoftware.com
    127.0.0.1 apc-pdu-1.aureate.com
    127.0.0.1 apc-pdu-2.aureate.com
    127.0.0.1 aristotle.aureate.com
    127.0.0.1 ask-a-chick.com
    127.0.0.1 aureate-colo-hp2424m.aureate.com
    127.0.0.1 aureate-main-2611.aureate.com
    127.0.0.1 aureate.com
    127.0.0.1 aureatemedia.com
    127.0.0.1 bach.aureate.com
    127.0.0.1 bc-208-184-172-192.radiate.com
    127.0.0.1 bigmama.radiate.com
    127.0.0.1 binarybliss.com
    127.0.0.1 bonnie2.radiate.com
    127.0.0.1 brinks.radiate.com
    127.0.0.1 brutus.radiate.com
    127.0.0.1 caesar.aureate.com
    127.0.0.1 confucius.aureate.com
    127.0.0.1 constantine.aureate.com
    127.0.0.1 cook.aureate.com
    127.0.0.1 copernicus.aureate.com
    127.0.0.1 corona.radiate.com
    127.0.0.1 costello.radiate.com
    127.0.0.1 curly.aureate.com
    127.0.0.1 cyrus.aureate.com
    127.0.0.1 deadmanwalking.radiate.com
    127.0.0.1 dell.radiate.com
    127.0.0.1 dillinger.aureate.com
    127.0.0.1 dolphinsfootball.com
    127.0.0.1 dosequis.radiate.com
    127.0.0.1 download.binarybliss.com
    127.0.0.1 foreigner.radiate.com
    127.0.0.1 freud.aureate.com
    127.0.0.1 ftp.gozilla.com
    127.0.0.1 gameboy.aureate.com
    127.0.0.1 gd1.radiate.com
    127.0.0.1 gizmo.net
    127.0.0.1 godzilla.radiate.com
    127.0.0.1 gozilla.com
    127.0.0.1 group-mail.com
    127.0.0.1 gzs-6509.radiate.com
    127.0.0.1 gzs-7206.radiate.com
    127.0.0.1 gzs-ld.radiate.com
    127.0.0.1 h-208-184-172-10.radiate.com
    127.0.0.1 h-208-184-172-100.radiate.com
    127.0.0.1 mm.delfinproject.com
    127.0.0.1 www.mm.delfinproject.com
    127.0.0.1 http://www.perfectedsecurity.com/
    127.0.0.1 www.ad.yieldmanager.com
    127.0.0.1 www.ads.vitalix.net
    127.0.0.1 www.zedo.net

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\main_uninstaller.exe Deleted
    C:\WINDOWS\msdde.dll Deleted
    C:\DOCUME~1\HEATHE~1\Desktop\Error Cleaner.url Deleted
    C:\DOCUME~1\HEATHE~1\Desktop\Privacy Protector.url Deleted
    C:\DOCUME~1\HEATHE~1\Desktop\Spyware?Malware Protection.url Deleted
    C:\Program Files\Video ActiveX Access\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

    [HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\system32\xnvaogd.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
    @="C:\WINDOWS\system32\xnvaogd.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» End

    thanks for your help
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, dlthomson :)

    First set Notepad to WordWrap. Open Notepad. Select Format from the Menu, then click opn WordWrap. It will be easier to read the reports.

    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.

    Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\xnvaogd.dll

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
      • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Re-Scan with Hijackthis and post a fresh log. Make sure Notepad is set to WordWrap.
     

    Attached Files:

  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/592819

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice