Help multiple viruses

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dlthomson

Thread Starter
Joined
Jul 7, 2007
Messages
4
Hi
i am a begginer when it comes to computers so forgive me if i make a mistake. I run windows Xp and have norton 360 as my antivirus. But now i am getting a lot of warning messages saying i have potential spyware etc. I quit these warinings and they direct me to sites like http://amaena.com/securityworm81/in...993&affid=pp_3325544975&ax=1&p=4&ex=1&h=0&j=1 and udefender so i did some research and found many documents saying they are false but gave no help so i found this website. Below is a HiJackThis log i just took

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:58:39 PM, on 8/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\heather thomson\Temporary Internet Files\Content.IE5\FG80SBC4\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [Safe Cleaner] C:\WINDOWS\smc.bat
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C64A63-1C71-4FFC-B092-A774C95D9862}: NameServer = 80.225.250.178 80.225.250.186
O21 - SSODL: msole - {C90F973E-1010-4CDB-AD90-99DED4CD4DAB} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {2A92855A-4C5D-4D83-8E02-087C45F5B5AC} - C:\WINDOWS\msdde.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10736 bytes


any help would be appreciated
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, dlthomson. :)

Welcome to TSG.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Note: In the event you already have SmitfraudFix, this is a new version that I need you to download.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly


Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:


  1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware .
While in Safe Mode, double-click on SmitfraudFix.exe

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

* Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK. (Applies to IE6 only)

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" Delete everything except for "My Current Home Page". Click OK then Apply and OK.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a fresh Hijackthis log along with the AVG Anti-spyware report, ActiveScan report and contents of C:\rapport.txt produced by Smitfraudfix.
 

dlthomson

Thread Starter
Joined
Jul 7, 2007
Messages
4
hi again. I did all i was told but for some reason AVG didnt make a report for me so im sorry that that is not there well here we go

HJT log

Logfile of Trend Micro HijackThis

v2.0.0 (BETA)
Scan saved at 6:48:50 PM, on 8/07/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\heather

thomson\Desktop\Smitfraud\AVG Anti-

Spyware 7.5\guard.exe
C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program

Files\SpywareDetector\SDService.exe
C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06

\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program

Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
C:\Program Files\Thomson\SpeedTouch

USB\Dragdiag.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program

Files\SpywareDetector\SDSystemTray.exe
C:\Documents and Settings\heather

thomson\Desktop\Smitfraud\AVG Anti-

Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.2.

1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN

Messenger\MsnMsgr.Exe
C:\Program Files\Boots F2CD\Picture

Suite\InsDetect.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN

Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06

\bin\jucheck.exe
C:\Documents and Settings\heather

thomson\Desktop\Smitfraud\BFU\HiJackThi

s_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

resario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

resario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

resario&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper

- {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-

4C7D-B9E7-9039EBD801A9} - C:\Program

Files\Video ActiveX Access\iesplg.dll

(file missing)
O2 - BHO: (no name) - {1E8A6170-7264-

4D0F-BEAE-D42A53123C75} - C:\Program

Files\Common Files\Symantec

Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-

D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06

\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-

48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6}

- C:\Program Files\Common

Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965

-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar -

{90222687-F593-4738-B738-FBEE9C7B26DF}

- C:\Program Files\Common

Files\Symantec

Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [hpWirelessAssistant]

C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_06

\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe

/installquiet /nodetect
O4 - HKLM\..\Run: [High Definition

Audio Property Page Shortcut]

CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService]

"C:\Program

Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program

Files\Hewlett-Packard\Default

Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard]

C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1]

C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002]

C:\WINDOWS\system32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpeedTouch USB

Diagnostics] "C:\Program

Files\Thomson\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SsAAD.exe]

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [SystemTraySD]

C:\Program

Files\SpywareDetector\SDSystemTray.exe

-AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate]

C:\Program

Files\SpywareDetector\LiveUpdateSD.exe

-AUTO
O4 - HKLM\..\Run: [!AVG Anti-Spyware]

"C:\Documents and Settings\heather

thomson\Desktop\Smitfraud\AVG Anti-

Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.

1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program

Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [Boots Insert Detect]

C:\Program Files\Boots F2CD\Picture

Suite\InsDetect.exe
O4 - HKCU\..\Run: [Safe Cleaner]

C:\WINDOWS\smc.bat
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart

Premier Fast Start.lnk = C:\Program

Files\HP\Digital

Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_06

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF:

START_PAGE_URL=http://ie.redirect.hp.co

m/svs/rdr?

TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=p

resario&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-

445B226FE9A1} (ewidoOnlineScan Control)

-

http://downloads.ewido.net/ewidoOnlineS

can.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-

83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/ms

grchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-

770EA5AA5565} (Solitaire Showdown

Class) -

http://messenger.zone.msn.com/binary/So

litaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-

115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/EN-AU/a-

UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-

5009F29E09E1} (ActiveScan Installer

Class) -

http://acs.pandasoftware.com/activescan

/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-

220313175592} (MSN Games - Installer) -

http://messenger.zone.msn.com/binary/ZI

ntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-

3EE46475B072} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/Me

ssengerStatsPAClient.cab56907.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{D9C6

4A63-1C71-4FFC-B092-A774C95D9862}:

NameServer = 80.225.250.178

80.225.250.186
O22 - SharedTaskScheduler: Browseui

preloader - {438755C2-A8BA-11D1-B96B-

00A0C90312E1} - C:\WINDOWS\system32

\browseui.dll
O22 - SharedTaskScheduler: Component

Categories cache daemon - {8C7461EF-

2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: coronally -

{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}

- C:\WINDOWS\system32\xnvaogd.dll (file

missing)
O23 - Service: AddFiltr - Hewlett-

Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\HP

Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard -

GRISOFT s.r.o. - C:\Documents and

Settings\heather

thomson\Desktop\Smitfraud\AVG Anti-

Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect

service (CLTNetCnService) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service

(gusvc) - Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-

Packard Development Company, L.P. -

C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - c:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: LightScribeService

Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard

Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec

Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony

Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony

Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SDService - Max Secure

Software - C:\Program

Files\SpywareDetector\SDService.exe
O23 - Service: Sony SPTI Service

(SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service

(SSScsiSV) - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10541 bytes

Active Scan


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\heather thomson\Cookies\heather [email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\heather thomson\Cookies\heather [email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\heather thomson\Cookies\heather [email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\heather thomson\Desktop\Smitfraud\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\heather thomson\Desktop\Smitfraud\SmitfraudFix\restart.exe
 

dlthomson

Thread Starter
Joined
Jul 7, 2007
Messages
4
C: Rapport etc.

SmitFraudFix v2.200

Scan done at 17:56:48.42, Sun 08/07/2007
Run from C:\Documents and Settings\heather thomson\Desktop\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com
127.0.0.1 www.goshoppingonline.bfast.com
127.0.0.1 www.great-dane.befree.com
127.0.0.1 www.great-dane.bfast.com
127.0.0.1 www.greyhound.bfast.com
127.0.0.1 www.help.bfast.com
127.0.0.1 www.husky.bfast.com
127.0.0.1 www.images.bfast.com
127.0.0.1 www.imp.bfast.com
127.0.0.1 www.njmgt1.bfast.com
127.0.0.1 www.njmgt2.bfast.com
127.0.0.1 www.njrep0.bfast.com
127.0.0.1 www.njrep1.bfast.com
127.0.0.1 www.njrep2.bfast.com
127.0.0.1 www.njtxn1.bfast.com
127.0.0.1 www.otterhound.bfast.com
127.0.0.1 www.preprod-geocities.bfast.com
127.0.0.1 www.preprod.bfast.com
127.0.0.1 www.qwest.bfast.com
127.0.0.1 www.reporting.net
127.0.0.1 www.ridgeback.befree.com
127.0.0.1 www.ridgeback.bfast.com
127.0.0.1 www.samoyed.bfast.com
127.0.0.1 www.scrappy.befree.com
127.0.0.1 www.service.bfast.com
127.0.0.1 www.travelocity.bfast.com
127.0.0.1 www.travsoft.bfast.com
127.0.0.1 www.verisign.bfast.com
127.0.0.1 www.vulture.bfast.com
127.0.0.1 www.whippet.bfast.com
127.0.0.1 www.wolfhound.bfast.com
127.0.0.1 www.befree.com
127.0.0.1 www.s0.bluestreak.com
127.0.0.1 www.s1.bluestreak.com
127.0.0.1 www.s2.bluestreak.com
127.0.0.1 www.s3.bluestreak.com
127.0.0.1 www.s4.bluestreak.com
127.0.0.1 www.s5.bluestreak.com
127.0.0.1 www.s6.bluestreak.com
127.0.0.1 www.s7.bluestreak.com
127.0.0.1 www.s8.bluestreak.com
127.0.0.1 www.abc.bnex.com
127.0.0.1 www.alpha.bnex.com
127.0.0.1 www.bnex.com
127.0.0.1 www.customer.bnex.com
127.0.0.1 www.db.bnex.com
127.0.0.1 www.dev.bnex.com
127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
127.0.0.1 www.ghost.in.the.shell.at.bnex.com
127.0.0.1 www.granite.bnex.com
127.0.0.1 www.intarsia.bnex.com
127.0.0.1 www.intranet.bnex.com
127.0.0.1 www.jade.bnex.com
127.0.0.1 www.malachite.bnex.com
127.0.0.1 www.marble.bnex.com
127.0.0.1 www.megastore.bnex.com
127.0.0.1 www.mosaic.bnex.com
127.0.0.1 www.ns1.bnex.com
127.0.0.1 www.ns2.bnex.com
127.0.0.1 www.onyx.bnex.com
127.0.0.1 www.orion.bnex.com
127.0.0.1 www.pebble.bnex.com
127.0.0.1 www.preview.bnex.com
127.0.0.1 www.quartz.bnex.com
127.0.0.1 www.terrazzo.bnex.com
127.0.0.1 www.vpos.bnex.com
127.0.0.1 www.www.bnex.com
127.0.0.1 www.ads.bpath.com
127.0.0.1 www.ads01.bpath.com
127.0.0.1 www.ads03.bpath.com
127.0.0.1 www.ads04.bpath.com
127.0.0.1 www.ads05.bpath.com
127.0.0.1 www.ads06.bpath.com
127.0.0.1 www.ads07.bpath.com
127.0.0.1 www.ads08.bpath.com
127.0.0.1 www.ads09.bpath.com
127.0.0.1 www.ads1.bpath.com
127.0.0.1 www.ads10.bpath.com
127.0.0.1 www.ads11.bpath.com
127.0.0.1 www.ads12.bpath.com
127.0.0.1 www.ads13.bpath.com
127.0.0.1 www.ads14.bpath.com
127.0.0.1 www.ads15.bpath.com
127.0.0.1 www.ads16.bpath.com
127.0.0.1 www.ads17.bpath.com
127.0.0.1 www.ads18.bpath.com
127.0.0.1 www.ads19.bpath.com
127.0.0.1 www.ads2.bpath.com
127.0.0.1 www.ads20.bpath.com
127.0.0.1 www.ads21.bpath.com
127.0.0.1 www.ads22.bpath.com
127.0.0.1 www.ads23.bpath.com
127.0.0.1 www.ads24.bpath.com
127.0.0.1 www.ads25.bpath.com
127.0.0.1 www.ads26.bpath.com
127.0.0.1 www.ads27.bpath.com
127.0.0.1 www.ads28.bpath.com
127.0.0.1 www.ads29.bpath.com
127.0.0.1 www.ads3.bpath.com
127.0.0.1 www.ads32.bpath.com
127.0.0.1 www.ads33.bpath.com
127.0.0.1 www.ads34.bpath.com
127.0.0.1 www.ads35.bpath.com
127.0.0.1 www.ads36.bpath.com
127.0.0.1 www.ads37.bpath.com
127.0.0.1 www.ads38.bpath.com
127.0.0.1 www.ads39.bpath.com
127.0.0.1 www.ads40.bpath.com
127.0.0.1 www.ads41.bpath.com
127.0.0.1 www.ads42.bpath.com
127.0.0.1 www.ads43.bpath.com
127.0.0.1 www.ads44.bpath.com
127.0.0.1 www.ads45.bpath.com
127.0.0.1 www.ads46.bpath.com
127.0.0.1 www.ads47.bpath.com
127.0.0.1 www.ads48.bpath.com
127.0.0.1 www.ads49.bpath.com
127.0.0.1 www.ads50.bpath.com
127.0.0.1 www.ads51.bpath.com
127.0.0.1 www.ads52.bpath.com
127.0.0.1 www.bpath.com
127.0.0.1 www.www.bpath.com
127.0.0.1 www.acim.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.e250a.track4.com
127.0.0.1 www.fingerhut.track4.com
127.0.0.1 www.foxy.acim.com
127.0.0.1 www.foxy.track4.com
127.0.0.1 www.ftp.acim.com
127.0.0.1 www.ftp.track4.com
127.0.0.1 www.gate.acim.com
127.0.0.1 www.gifttree.track4.com
127.0.0.1 www.maximizer.acim.com
127.0.0.1 www.ns1.acim.com
127.0.0.1 www.ns2.acim.com
127.0.0.1 www.plum.acim.com
127.0.0.1 www.sz.track4.com
127.0.0.1 www.toten.acim.com
127.0.0.1 www.towerrecords.track4.com
127.0.0.1 www.track4.com
127.0.0.1 www.translucent.acim.com
127.0.0.1 www.www.acim.com
127.0.0.1 www1.track4.com
127.0.0.1 www2.track4.com
127.0.0.1 www3.track4.com
127.0.0.1 www.3Aad.doubleclick.net
127.0.0.1 www.aa.doubleclick.net
127.0.0.1 www.accord.netgravity.com
127.0.0.1 www.ad.au.doubleclick.net
127.0.0.1 www.ad.br.doubleclick.net
127.0.0.1 www.ad.ca.doubleclick.net
127.0.0.1 www.ad.contentzone.com
127.0.0.1 www.ad.de.doubleclick.net
127.0.0.1 www.ad.doubleclick.com
127.0.0.1 www.ad.es.doubleclick.net
127.0.0.1 www.ad.fi.doubleclick.net
127.0.0.1 www.ad.fr.doubleclick.net
127.0.0.1 www.ad.it.doubleclick.net
127.0.0.1 www.ad.jp.doubleclick.net
127.0.0.1 www.ad.my.doubleclick.net
127.0.0.1 www.ad.nl.doubleclick.net
127.0.0.1 www.ad.no.doubleclick.net
127.0.0.1 www.ad.pt.doubleclick.net
127.0.0.1 www.ad.se.doubleclick.net
127.0.0.1 www.ad.sg.doubleclick.net
127.0.0.1 www.ad.sq.doubleclick.net
127.0.0.1 www.ad.uk.doubleclick.net
127.0.0.1 www.ad.us.doubleclick.net
127.0.0.1 www.ad1.doubleclick.net
127.0.0.1 www.ad2.doubleclick.net
127.0.0.1 www.ad3.doubleclick.net
127.0.0.1 www.adcenter1.netgravity.com
127.0.0.1 www.ADS-SECONDARY.doubleclick.net
127.0.0.1 www.ads.double-click.com
127.0.0.1 www.bay-sw-10.netgravity.com
127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
127.0.0.1 www.caelum.netgravity.com
127.0.0.1 www.de1.doubleclick.net
127.0.0.1 www.demo.netgravity.com
127.0.0.1 www.double-click.com
127.0.0.1 www.doubleclick.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.draco.netgravity.com
127.0.0.1 www.dyson.netgravity.com
127.0.0.1 www.ecommerce.netgravity.com
127.0.0.1 www.engpptp.netgravity.com
127.0.0.1 www.enterprise.netgravity.com
127.0.0.1 www.exnjadgda1.doubleclick.net
127.0.0.1 www.exnjadgda2.doubleclick.net
127.0.0.1 www.exnjadgds1.doubleclick.net
127.0.0.1 www.exnjmdgda1.doubleclick.net
127.0.0.1 www.exnjmdgds1.doubleclick.net
127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
127.0.0.1 www.fr1.doubleclick.net
127.0.0.1 www.ftp.netgravity.com
127.0.0.1 www.gatekeeper.netgravity.com
127.0.0.1 www.gd20.doubleclick.net
127.0.0.1 www.gd25.doubleclick.net
127.0.0.1 www.gd28.doubleclick.net
127.0.0.1 www.gd4.doubleclick.net
127.0.0.1 www.gravitychannel.netgravity.com
127.0.0.1 www.gravityhome.netgravity.com
127.0.0.1 www.home.netgravity.com
127.0.0.1 www.In.doubleclick.net
127.0.0.1 www.joinchannel.netgravity.com
127.0.0.1 www.jp.doubleclick.net
127.0.0.1 www.listserver.netgravity.com
127.0.0.1 www.ln.doubleclick.net
127.0.0.1 www.lon-router.netgravity.com
127.0.0.1 www.london.netgravity.com
127.0.0.1 www.lucian.netgravity.com
127.0.0.1 www.m.doubleclick.com
127.0.0.1 www.m.doubleclick.net
127.0.0.1 www.m2.doubleclick.net
127.0.0.1 www.MAILEXODUS.doubleclick.net
127.0.0.1 www.mdist.doubleclick.net
127.0.0.1 www.mplex-dfa.doubleclick.net
127.0.0.1 www.myhome.netgravity.com
127.0.0.1 www.nda.netgravity.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.network-199-95-207-10.doubleclick.net
127.0.0.1 www.network-199-95-207-138.doubleclick.net
127.0.0.1 www.network-199-95-207-148.doubleclick.net
127.0.0.1 www.network-199-95-207-2.doubleclick.net
127.0.0.1 www.network-199-95-207-3.doubleclick.net
127.0.0.1 www.network-199-95-207-4.doubleclick.net
127.0.0.1 www.network-199-95-207-5.doubleclick.net
127.0.0.1 www.network-199-95-207-6.doubleclick.net
127.0.0.1 www.network-199-95-207-7.doubleclick.net
127.0.0.1 www.network-199-95-207-8.doubleclick.net
127.0.0.1 www.network-199-95-207-9.doubleclick.net
127.0.0.1 www.network-199-95-208-10.doubleclick.net
127.0.0.1 www.network-199-95-208-2.doubleclick.net
127.0.0.1 www.network-199-95-208-3.doubleclick.net
127.0.0.1 www.network-199-95-208-4.doubleclick.net
127.0.0.1 www.network-199-95-208-5.doubleclick.net
127.0.0.1 www.network-199-95-208-6.doubleclick.net
127.0.0.1 www.network-199-95-208-7.doubleclick.net
127.0.0.1 www.network-199-95-208-8.doubleclick.net
127.0.0.1 www.network-209-67-38-10.doubleclick.net
127.0.0.1 www.network-209-67-38-2.doubleclick.net
127.0.0.1 www.network-209-67-38-3.doubleclick.net
127.0.0.1 www.network-209-67-38-4.doubleclick.net
127.0.0.1 www.network-209-67-38-5.doubleclick.net
127.0.0.1 www.network-209-67-38-6.doubleclick.net
127.0.0.1 www.network-209-67-38-7.doubleclick.net
127.0.0.1 www.network-209-67-38-8.doubleclick.net
127.0.0.1 www.network-209-67-38-9.doubleclick.net
127.0.0.1 www.news.netgravity.com
127.0.0.1 www.ng-webserver.netgravity.com
127.0.0.1 www.nl.doubleclick.net
127.0.0.1 www.no.doubleclick.net
127.0.0.1 www.ns.doubleclick.net
127.0.0.1 www.ns1.doubleclick.net
127.0.0.1 www.ns2.doubleclick.net
127.0.0.1 www.ny-router.netgravity.com
127.0.0.1 www.ny.netgravity.com
127.0.0.1 www.phase2media.doubleclick.net
127.0.0.1 www.pptp-server.netgravity.com
127.0.0.1 www.pptp.netgravity.com
127.0.0.1 www.proxy.netgravity.com
127.0.0.1 www.rdbox.doubleclick.net
127.0.0.1 www.resolver.doubleclick.net
127.0.0.1 www.sanders.netgravity.com
127.0.0.1 www.se.doubleclick.net
127.0.0.1 www.se1.doubleclick.net
127.0.0.1 www.SITEPAGES.doubleclick.net
127.0.0.1 www.smhq-fe1-0.netgravity.com
127.0.0.1 www.sold.netgravity.com
127.0.0.1 www.suitespot.netgravity.com
127.0.0.1 www.support.netgravity.com
127.0.0.1 www.uk.doubleclick.net
127.0.0.1 www.uk1.doubleclick.net
127.0.0.1 www.us.doubleclick.net
127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
127.0.0.1 www.uunyadgda1.doubleclick.net
127.0.0.1 www.uunyadgds1.doubleclick.net
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www.zac.netgravity.com
127.0.0.1 www.ads1.speedbit.com
127.0.0.1 www.ads2.speedbit.com
127.0.0.1 www.ads3.speedbit.com
127.0.0.1 www3.speedbit.com
127.0.0.1 www.speedbit.com
127.0.0.1 www.54.conducent.com
127.0.0.1 www.addbtest.conducent.com
127.0.0.1 www.addbtest.timesink.com
127.0.0.1 www.addltest.conducent.com
127.0.0.1 www.addltest.timesink.com
127.0.0.1 www.addltestmaster.conducent.com
127.0.0.1 www.adqa.conducent.com
127.0.0.1 www.contentalpha.conducent.com
127.0.0.1 www.contentqa.conducent.com
127.0.0.1 www.contents.conducent.com
127.0.0.1 www.contents1.conducent.com
127.0.0.1 www.contenttest.conducent.com
127.0.0.1 www.digisle.conducent.com
127.0.0.1 www.DNS1.CONDUCENT.COM
127.0.0.1 www.download.timesink.com
127.0.0.1 www.eroom.conducent.com
127.0.0.1 www.firewall.conducent.com
127.0.0.1 www.firewall.timesink.com
127.0.0.1 www.ftp.conducent.com
127.0.0.1 www.hermes.conducent.com
127.0.0.1 www.ip134.conducent.com
127.0.0.1 www.ip134.timesink.com
127.0.0.1 www.Jerry.conducent.com
127.0.0.1 www.mail.conducent.com
127.0.0.1 www.mail.timesink.com
127.0.0.1 www.nandbob.conducent.com
127.0.0.1 www.nid.conducent.com
127.0.0.1 www.nid.timesink.com
127.0.0.1 www.nidinternal.conducent.com
127.0.0.1 www.nidinternal.timesink.com
127.0.0.1 www.nidinternaltest.conducent.com
127.0.0.1 www.nidtest.conducent.com
127.0.0.1 www.nidtest.timesink.com
127.0.0.1 www.nt2.conducent.com
127.0.0.1 www.pop3.conducent.com
127.0.0.1 www.pop3.timesink.com
127.0.0.1 www.proxytest.conducent.com
127.0.0.1 www.pushv5.conducent.com
127.0.0.1 www.redirectqa.conducent.com
127.0.0.1 www.redirects.conducent.com
127.0.0.1 www.redirects.timesink.com
127.0.0.1 www.redirecttest.conducent.com
127.0.0.1 www.smtp.conducent.com
127.0.0.1 www.smtp.timesink.com
127.0.0.1 www.softwares.conducent.com
127.0.0.1 www.softwares.timesink.com
127.0.0.1 www.sterlinga.conducent.com
127.0.0.1 www.sterlingf.conducent.com
127.0.0.1 www.updates2.conducent.com
127.0.0.1 www.updatetest.conducent.com
127.0.0.1 www.warsport.timesink.com
127.0.0.1 www.conducent.com
127.0.0.1 www.test.conducent.com
127.0.0.1 www.test.timesink.com
127.0.0.1 www.zeus.conducent.com
127.0.0.1 www.zeus.timesink.com
127.0.0.1 www.bob.web3000.com
127.0.0.1 www.tasha.web3000.com
127.0.0.1 www1.web3000.com
127.0.0.1 www7.web3000.com
127.0.0.1 www.abbott.radiate.com
127.0.0.1 www.ad2-1.aureate.com
127.0.0.1 www.ad2-2.aureate.com
127.0.0.1 www.ad2-3.aureate.com
127.0.0.1 www.ad2-4.aureate.com
127.0.0.1 www.adam.radiate.com
127.0.0.1 www.adserv2-301-sjc2.radiate.com
127.0.0.1 www.adserv3-408-sjc2.radiate.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.aim.adsoftware.com
127.0.0.1 www.aim.aureate.com
127.0.0.1 www.aim1.adsoftware.com
127.0.0.1 www.aim1.aureate.com
127.0.0.1 www.aim2.adsoftware.com
127.0.0.1 www.aim2.aureate.com
127.0.0.1 www.aim3.adsoftware.com
127.0.0.1 www.aim3.aureate.com
127.0.0.1 www.aim4.adsoftware.com
127.0.0.1 www.aim4.aureate.com
127.0.0.1 www.aim5.adsoftware.com
127.0.0.1 www.aim5.aureate.com
127.0.0.1 www.aim6.adsoftware.com
127.0.0.1 www.alexander.aureate.com
127.0.0.1 www.ans-test.adsoftware.com
127.0.0.1 www.ans1.adsoftware.com
127.0.0.1 www.ans10.adsoftware.com
127.0.0.1 www.ans2.adsoftware.com
127.0.0.1 www.ans3.adsoftware.com
127.0.0.1 www.apc-pdu-1.aureate.com
127.0.0.1 www.apc-pdu-2.aureate.com
127.0.0.1 www.aristotle.aureate.com
127.0.0.1 www.ask-a-chick.com
127.0.0.1 www.aureate-colo-hp2424m.aureate.com
127.0.0.1 www.aureate-main-2611.aureate.com
127.0.0.1 www.aureate.com
127.0.0.1 www.aureatemedia.com
127.0.0.1 www.bach.aureate.com
127.0.0.1 www.bc-208-184-172-192.radiate.com
127.0.0.1 www.bigmama.radiate.com
127.0.0.1 www.binarybliss.com
127.0.0.1 www.bonnie2.radiate.com
127.0.0.1 www.brinks.radiate.com
127.0.0.1 www.brutus.radiate.com
127.0.0.1 www.caesar.aureate.com
127.0.0.1 www.confucius.aureate.com
127.0.0.1 www.constantine.aureate.com
127.0.0.1 www.cook.aureate.com
127.0.0.1 www.copernicus.aureate.com
127.0.0.1 www.corona.radiate.com
127.0.0.1 www.costello.radiate.com
127.0.0.1 www.curly.aureate.com
127.0.0.1 www.cyrus.aureate.com
127.0.0.1 www.deadmanwalking.radiate.com
127.0.0.1 www.dell.radiate.com
127.0.0.1 www.dillinger.aureate.com
127.0.0.1 www.dolphinsfootball.com
127.0.0.1 www.dosequis.radiate.com
127.0.0.1 www.download.binarybliss.com
127.0.0.1 www.foreigner.radiate.com
127.0.0.1 www.freud.aureate.com
127.0.0.1 www.ftp.gozilla.com
127.0.0.1 www.gameboy.aureate.com
127.0.0.1 www.gd1.radiate.com
127.0.0.1 www.gizmo.net
127.0.0.1 www.godzilla.radiate.com
127.0.0.1 www.gozilla.com
127.0.0.1 www.group-mail.com
127.0.0.1 www.gzs-6509.radiate.com
127.0.0.1 www.gzs-7206.radiate.com
127.0.0.1 www.gzs-ld.radiate.com
127.0.0.1 www.h-208-184-172-10.radiate.com
127.0.0.1 www.h-208-184-172-100.radiate.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 ads.x10.com
127.0.0.1 600pics.com
127.0.0.1 doberman.befree.com
127.0.0.1 enews.bfast.com
127.0.0.1 etoys.bfast.com
127.0.0.1 falcon.bfast.com
127.0.0.1 ftp.befree.com
127.0.0.1 ftp.bfast.com
127.0.0.1 geocities.bfast.com
127.0.0.1 goshoppingonline.bfast.com
127.0.0.1 great-dane.befree.com
127.0.0.1 great-dane.bfast.com
127.0.0.1 greyhound.bfast.com
127.0.0.1 help.bfast.com
127.0.0.1 husky.bfast.com
127.0.0.1 images.bfast.com
127.0.0.1 imp.bfast.com
127.0.0.1 njmgt1.bfast.com
127.0.0.1 njmgt2.bfast.com
127.0.0.1 njrep0.bfast.com
127.0.0.1 njrep2.bfast.com
127.0.0.1 njrep1.bfast.com
127.0.0.1 njtxn1.bfast.com
127.0.0.1 otterhound.bfast.com
127.0.0.1 preprod-geocities.bfast.com
127.0.0.1 preprod.bfast.com
127.0.0.1 qwest.bfast.com
127.0.0.1 reporting.net
127.0.0.1 ridgeback.befree.com
127.0.0.1 ridgeback.bfast.com
127.0.0.1 samoyed.bfast.com
127.0.0.1 scrappy.befree.com
127.0.0.1 service.bfast.com
127.0.0.1 travelocity.bfast.com
127.0.0.1 travsoft.bfast.com
127.0.0.1 verisign.bfast.com
127.0.0.1 vulture.bfast.com
127.0.0.1 whippet.bfast.com
127.0.0.1 wolfhound.bfast.com
127.0.0.1 befree.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 abc.bnex.com
127.0.0.1 alpha.bnex.com
127.0.0.1 bnex.com
127.0.0.1 customer.bnex.com
127.0.0.1 db.bnex.com
127.0.0.1 dev.bnex.com
127.0.0.1 do.you.uh.yahoo.at.bnex.com
127.0.0.1 ghost.in.the.shell.at.bnex.com
127.0.0.1 granite.bnex.com
127.0.0.1 intarsia.bnex.com
127.0.0.1 intranet.bnex.com
127.0.0.1 jade.bnex.com
127.0.0.1 malachite.bnex.com
127.0.0.1 marble.bnex.com
127.0.0.1 megastore.bnex.com
127.0.0.1 mosaic.bnex.com
127.0.0.1 ns1.bnex.com
127.0.0.1 ns2.bnex.com
127.0.0.1 onyx.bnex.com
127.0.0.1 orion.bnex.com
127.0.0.1 pebble.bnex.com
127.0.0.1 preview.bnex.com
127.0.0.1 quartz.bnex.com
127.0.0.1 terrazzo.bnex.com
127.0.0.1 vpos.bnex.com
127.0.0.1 ads.bpath.com
127.0.0.1 ads01.bpath.com
127.0.0.1 ads03.bpath.com
127.0.0.1 ads04.bpath.com
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.bpath.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads11.bpath.com
127.0.0.1 ads12.bpath.com
127.0.0.1 ads13.bpath.com
127.0.0.1 ads14.bpath.com
127.0.0.1 ads15.bpath.com
127.0.0.1 ads16.bpath.com
127.0.0.1 ads17.bpath.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ads19.bpath.com
127.0.0.1 ads2.bpath.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.bpath.com
127.0.0.1 ads32.bpath.com
127.0.0.1 ads33.bpath.com
127.0.0.1 ads34.bpath.com
127.0.0.1 ads35.bpath.com
127.0.0.1 ads36.bpath.com
127.0.0.1 ads37.bpath.com
127.0.0.1 ads38.bpath.com
127.0.0.1 ads39.bpath.com
127.0.0.1 ads40.bpath.com
127.0.0.1 ads41.bpath.com
127.0.0.1 ads42.bpath.com
127.0.0.1 ads43.bpath.com
127.0.0.1 ads44.bpath.com
127.0.0.1 ads45.bpath.com
127.0.0.1 ads46.bpath.com
127.0.0.1 ads47.bpath.com
127.0.0.1 ads48.bpath.com
127.0.0.1 ads49.bpath.com
127.0.0.1 ads50.bpath.com
127.0.0.1 ads51.bpath.com
127.0.0.1 ads52.bpath.com
127.0.0.1 bpath.com
127.0.0.1 acim.com
127.0.0.1 commission-junction.com
127.0.0.1 e250a.track4.com
127.0.0.1 fingerhut.track4.com
127.0.0.1 foxy.acim.com
127.0.0.1 foxy.track4.com
127.0.0.1 ftp.acim.com
127.0.0.1 ftp.track4.com
127.0.0.1 gate.acim.com
127.0.0.1 gifttree.track4.com
127.0.0.1 maximizer.acim.com
127.0.0.1 ns1.acim.com
127.0.0.1 ns2.acim.com
127.0.0.1 plum.acim.com
127.0.0.1 sz.track4.com
127.0.0.1 toten.acim.com
127.0.0.1 towerrecords.track4.com
127.0.0.1 track4.com
127.0.0.1 translucent.acim.com
127.0.0.1 1.track4.com
127.0.0.1 2.track4.com
127.0.0.1 3.track4.com
127.0.0.1 3Aad.doubleclick.net
127.0.0.1 aa.doubleclick.net
127.0.0.1 accord.netgravity.com
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.contentzone.com
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.my.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.sq.doubleclick.net
 

dlthomson

Thread Starter
Joined
Jul 7, 2007
Messages
4
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad1.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 adcenter1.netgravity.com
127.0.0.1 ADS-SECONDARY.doubleclick.net
127.0.0.1 ads.double-click.com
127.0.0.1 bay-sw-10.netgravity.com
127.0.0.1 bbn-gw.NYC1.doubleclick.net
127.0.0.1 caelum.netgravity.com
127.0.0.1 de1.doubleclick.net
127.0.0.1 demo.netgravity.com
127.0.0.1 double-click.com
127.0.0.1 doubleclick.com
127.0.0.1 doubleclick.net
127.0.0.1 draco.netgravity.com
127.0.0.1 dyson.netgravity.com
127.0.0.1 ecommerce.netgravity.com
127.0.0.1 engpptp.netgravity.com
127.0.0.1 enterprise.netgravity.com
127.0.0.1 exnjadgda1.doubleclick.net
127.0.0.1 exnjadgda2.doubleclick.net
127.0.0.1 exnjadgds1.doubleclick.net
127.0.0.1 exnjmdgda1.doubleclick.net
127.0.0.1 exnjmdgds1.doubleclick.net
127.0.0.1 exodus-gw.EWR1.doubleclick.net
127.0.0.1 fr1.doubleclick.net
127.0.0.1 ftp.netgravity.com
127.0.0.1 gatekeeper.netgravity.com
127.0.0.1 gd20.doubleclick.net
127.0.0.1 gd25.doubleclick.net
127.0.0.1 gd28.doubleclick.net
127.0.0.1 gd4.doubleclick.net
127.0.0.1 gravitychannel.netgravity.com
127.0.0.1 gravityhome.netgravity.com
127.0.0.1 home.netgravity.com
127.0.0.1 In.doubleclick.net
127.0.0.1 joinchannel.netgravity.com
127.0.0.1 jp.doubleclick.net
127.0.0.1 listserver.netgravity.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 lon-router.netgravity.com
127.0.0.1 london.netgravity.com
127.0.0.1 lucian.netgravity.com
127.0.0.1 m.doubleclick.com
127.0.0.1 m.doubleclick.net
127.0.0.1 m2.doubleclick.net
127.0.0.1 MAILEXODUS.doubleclick.net
127.0.0.1 mdist.doubleclick.net
127.0.0.1 mplex-dfa.doubleclick.net
127.0.0.1 myhome.netgravity.com
127.0.0.1 nda.netgravity.com
127.0.0.1 netgravity.com
127.0.0.1 network-199-95-207-10.doubleclick.net
127.0.0.1 network-199-95-207-138.doubleclick.net
127.0.0.1 network-199-95-207-148.doubleclick.net
127.0.0.1 network-199-95-207-2.doubleclick.net
127.0.0.1 network-199-95-207-3.doubleclick.net
127.0.0.1 network-199-95-207-4.doubleclick.net
127.0.0.1 network-199-95-207-5.doubleclick.net
127.0.0.1 network-199-95-207-6.doubleclick.net
127.0.0.1 network-199-95-207-7.doubleclick.net
127.0.0.1 network-199-95-207-8.doubleclick.net
127.0.0.1 network-199-95-207-9.doubleclick.net
127.0.0.1 network-199-95-208-10.doubleclick.net
127.0.0.1 network-199-95-208-2.doubleclick.net
127.0.0.1 network-199-95-208-3.doubleclick.net
127.0.0.1 network-199-95-208-4.doubleclick.net
127.0.0.1 network-199-95-208-5.doubleclick.net
127.0.0.1 network-199-95-208-6.doubleclick.net
127.0.0.1 network-199-95-208-7.doubleclick.net
127.0.0.1 network-199-95-208-8.doubleclick.net
127.0.0.1 network-209-67-38-10.doubleclick.net
127.0.0.1 network-209-67-38-2.doubleclick.net
127.0.0.1 network-209-67-38-3.doubleclick.net
127.0.0.1 network-209-67-38-4.doubleclick.net
127.0.0.1 network-209-67-38-5.doubleclick.net
127.0.0.1 network-209-67-38-6.doubleclick.net
127.0.0.1 network-209-67-38-7.doubleclick.net
127.0.0.1 network-209-67-38-8.doubleclick.net
127.0.0.1 network-209-67-38-9.doubleclick.net
127.0.0.1 news.netgravity.com
127.0.0.1 ng-webserver.netgravity.com
127.0.0.1 nl.doubleclick.net
127.0.0.1 no.doubleclick.net
127.0.0.1 ns.doubleclick.net
127.0.0.1 ns1.doubleclick.net
127.0.0.1 ns2.doubleclick.net
127.0.0.1 ny-router.netgravity.com
127.0.0.1 ny.netgravity.com
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 pptp-server.netgravity.com
127.0.0.1 pptp.netgravity.com
127.0.0.1 proxy.netgravity.com
127.0.0.1 rdbox.doubleclick.net
127.0.0.1 resolver.doubleclick.net
127.0.0.1 sanders.netgravity.com
127.0.0.1 se.doubleclick.net
127.0.0.1 se1.doubleclick.net
127.0.0.1 SITEPAGES.doubleclick.net
127.0.0.1 smhq-fe1-0.netgravity.com
127.0.0.1 sold.netgravity.com
127.0.0.1 suitespot.netgravity.com
127.0.0.1 support.netgravity.com
127.0.0.1 uk.doubleclick.net
127.0.0.1 uk1.doubleclick.net
127.0.0.1 us.doubleclick.net
127.0.0.1 uunet-gw.NYC1.doubleclick.net
127.0.0.1 uunyadgda1.doubleclick.net
127.0.0.1 uunyadgds1.doubleclick.net
127.0.0.1 3.netgravity.com
127.0.0.1 4.netgravity.com
127.0.0.1 zac.netgravity.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 speedbit.com
127.0.0.1 54.conducent.com
127.0.0.1 addbtest.conducent.com
127.0.0.1 addbtest.timesink.com
127.0.0.1 addltest.conducent.com
127.0.0.1 addltest.timesink.com
127.0.0.1 adqa.conducent.com
127.0.0.1 contentalpha.conducent.com
127.0.0.1 contentqa.conducent.com
127.0.0.1 contents.conducent.com
127.0.0.1 contents1.conducent.com
127.0.0.1 contenttest.conducent.com
127.0.0.1 digisle.conducent.com
127.0.0.1 DNS1.CONDUCENT.COM
127.0.0.1 download.timesink.com
127.0.0.1 eroom.conducent.com
127.0.0.1 firewall.conducent.com
127.0.0.1 firewall.timesink.com
127.0.0.1 ftp.conducent.com
127.0.0.1 hermes.conducent.com
127.0.0.1 ip134.conducent.com
127.0.0.1 ip134.timesink.com
127.0.0.1 Jerry.conducent.com
127.0.0.1 mail.conducent.com
127.0.0.1 mail.timesink.com
127.0.0.1 nandbob.conducent.com
127.0.0.1 nid.conducent.com
127.0.0.1 nid.timesink.com
127.0.0.1 nidinternal.conducent.com
127.0.0.1 nidinternal.timesink.com
127.0.0.1 nidinternaltest.conducent.com
127.0.0.1 nidtest.conducent.com
127.0.0.1 nidtest.timesink.com
127.0.0.1 nt2.conducent.com
127.0.0.1 pop3.conducent.com
127.0.0.1 pop3.timesink.com
127.0.0.1 proxytest.conducent.com
127.0.0.1 pushv5.conducent.com
127.0.0.1 redirectqa.conducent.com
127.0.0.1 redirects.conducent.com
127.0.0.1 redirects.timesink.com
127.0.0.1 redirecttest.conducent.com
127.0.0.1 smtp.conducent.com
127.0.0.1 smtp.timesink.com
127.0.0.1 softwares.conducent.com
127.0.0.1 softwares.timesink.com
127.0.0.1 sterlinga.conducent.com
127.0.0.1 sterlingf.conducent.com
127.0.0.1 updates2.conducent.com
127.0.0.1 updatetest.conducent.com
127.0.0.1 warsport.timesink.com
127.0.0.1 conducent.com
127.0.0.1 test.conducent.com
127.0.0.1 test.timesink.com
127.0.0.1 zeus.conducent.com
127.0.0.1 zeus.timesink.com
127.0.0.1 bob.web3000.com
127.0.0.1 tasha.web3000.com
127.0.0.1 web3000.com
127.0.0.1 7.web3000.com
127.0.0.1 abbott.radiate.com
127.0.0.1 ad2-1.aureate.com
127.0.0.1 ad2-2.aureate.com
127.0.0.1 ad2-3.aureate.com
127.0.0.1 ad2-4.aureate.com
127.0.0.1 adam.radiate.com
127.0.0.1 adserv2-301-sjc2.radiate.com
127.0.0.1 adserv3-408-sjc2.radiate.com
127.0.0.1 adsoftware.com
127.0.0.1 aim.adsoftware.com
127.0.0.1 aim.aureate.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim1.aureate.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim2.aureate.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim3.aureate.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim4.aureate.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 aim5.aureate.com
127.0.0.1 aim6.adsoftware.com
127.0.0.1 alexander.aureate.com
127.0.0.1 ans-test.adsoftware.com
127.0.0.1 ans1.adsoftware.com
127.0.0.1 ans10.adsoftware.com
127.0.0.1 ans2.adsoftware.com
127.0.0.1 ans3.adsoftware.com
127.0.0.1 apc-pdu-1.aureate.com
127.0.0.1 apc-pdu-2.aureate.com
127.0.0.1 aristotle.aureate.com
127.0.0.1 ask-a-chick.com
127.0.0.1 aureate-colo-hp2424m.aureate.com
127.0.0.1 aureate-main-2611.aureate.com
127.0.0.1 aureate.com
127.0.0.1 aureatemedia.com
127.0.0.1 bach.aureate.com
127.0.0.1 bc-208-184-172-192.radiate.com
127.0.0.1 bigmama.radiate.com
127.0.0.1 binarybliss.com
127.0.0.1 bonnie2.radiate.com
127.0.0.1 brinks.radiate.com
127.0.0.1 brutus.radiate.com
127.0.0.1 caesar.aureate.com
127.0.0.1 confucius.aureate.com
127.0.0.1 constantine.aureate.com
127.0.0.1 cook.aureate.com
127.0.0.1 copernicus.aureate.com
127.0.0.1 corona.radiate.com
127.0.0.1 costello.radiate.com
127.0.0.1 curly.aureate.com
127.0.0.1 cyrus.aureate.com
127.0.0.1 deadmanwalking.radiate.com
127.0.0.1 dell.radiate.com
127.0.0.1 dillinger.aureate.com
127.0.0.1 dolphinsfootball.com
127.0.0.1 dosequis.radiate.com
127.0.0.1 download.binarybliss.com
127.0.0.1 foreigner.radiate.com
127.0.0.1 freud.aureate.com
127.0.0.1 ftp.gozilla.com
127.0.0.1 gameboy.aureate.com
127.0.0.1 gd1.radiate.com
127.0.0.1 gizmo.net
127.0.0.1 godzilla.radiate.com
127.0.0.1 gozilla.com
127.0.0.1 group-mail.com
127.0.0.1 gzs-6509.radiate.com
127.0.0.1 gzs-7206.radiate.com
127.0.0.1 gzs-ld.radiate.com
127.0.0.1 h-208-184-172-10.radiate.com
127.0.0.1 h-208-184-172-100.radiate.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 www.mm.delfinproject.com
127.0.0.1 http://www.perfectedsecurity.com/
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 www.ads.vitalix.net
127.0.0.1 www.zedo.net

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\msdde.dll Deleted
C:\DOCUME~1\HEATHE~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\HEATHE~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\HEATHE~1\Desktop\Spyware?Malware Protection.url Deleted
C:\Program Files\Video ActiveX Access\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End

thanks for your help
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, dlthomson :)

First set Notepad to WordWrap. Open Notepad. Select Format from the Menu, then click opn WordWrap. It will be easier to read the reports.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.

Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\xnvaogd.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re-Scan with Hijackthis and post a fresh log. Make sure Notepad is set to WordWrap.
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top