Smitfraud Infection

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Smitfraud Infection, trojan infection

Options

cwatts View Member Profile	Mar 10 2008, 08:49 PM Post #1
New Member Posts: 2 OS: Windows XP	I believe my pc has ben infected with some version of the smitfraud trojan/virus. I was experiencing popups for fake links to spyware removal tools. I have gotten the popups to stop, but my computer is running very slow. Every time I reboot iexplorer.exe starts to run in the background along with a version of CCSVCHST.exe, that gradually begins to eat up my virtual memory and processing power. I have ran smitRem application and the SmitFraudFix apllication and will attach my log files below in addition to my latest HijackThis log file. I am unable to run the suggested Panda online scanner and have not been able to complete a full AVG spyware scan, due to how slow my cpu runs. I appreciate any advice and/or assistance you could provide. I have spent almost 20 hours trying to get rid of this virus and don't seem to be making any progress. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:44:14 PM, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\support.com\bin\tgcmd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3913.cab O21 - SSODL: btrklfr - {E0C2FC2E-3296-42B4-A36B-00EFDE67DD0B} - (no file) O21 - SSODL: SysWin - {1036be59-1c8e-4094-a558-222a1d1e7142} - C:\WINDOWS\Installer\{1036be59-1c8e-4094-a558-222a1d1e7142}\SysWin.dll O21 - SSODL: zip - {a61de6e0-76be-4773-adf7-ec3f8beffeef} - C:\WINDOWS\Installer\{a61de6e0-76be-4773-adf7-ec3f8beffeef}\zip.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: SpyDetectSVC - Max Secure Software Technologies - C:\WINDOWS\system32\SpywareDetectorSVC.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11775 bytes SmitFraudFix v2.235 Scan done at 22:42:06.23, Mon 03/10/2008 Run from C:\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\support.com\bin\tgcmd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Rhine II Fast Ethernet Adapter - Packet Scheduler Miniport DNS Server Search Order: 68.87.74.162 DNS Server Search Order: 68.87.68.162 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.72.130 68.87.77.130 HKLM\SYSTEM\CS2\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End smitRem © log file version 3.2 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="7.0000" The current date is: Mon 03/10/2008 The current time is: 16:31:44.00 Running from C:\smitRem\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appinitdll check ........ Thank you Grinler! dumphive.exe ©2000-2004 Markus Stephany REGEDIT4 [Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ XP Firewall allowed access Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe::Enabled:BackWeb for Pavilion" "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe::Enabled:Earthlink" "C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe::Enabled:Support.com Scheduler and Command Dispatcher" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present VirusBurst uninstaller NOT present BraveSentry uninstaller NOT present AntiVermins uninstaller NOT present VirusBursters uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1040 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! Again, thank you in advance for any advice

cwatts View Member Profile	Mar 11 2008, 04:07 PM Post #2
New Member Posts: 2 OS: Windows XP	ok, I have tried a few other programs listed on this site and the problem seems to be solved. I downloaded the current version on smitfraudfix and ran it in addition to running SDfix. After doing this I ran an AVG scan and found only 2 tracking cookies. I had to redownload IE 7 after this but now everything appears to be running normally. Below are the latest Hijack this report and the reports from smitfraudfix and SDfix. If someone has an opportunity to look them over and see if everything does seem to be repaired or if something additional is still hangin around. Thanks for any input. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:49:59 PM, on 3/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\taskmgr.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3913.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: SpyDetectSVC - Max Secure Software Technologies - C:\WINDOWS\system32\SpywareDetectorSVC.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11027 bytes SmitFraudFix v2.301 Scan done at 1:54:41.96, 2008-03-11 Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 ads.x10.com 127.0.0.1 600pics.com 127.0.0.1 images.real.com 127.0.0.1 ct5.hypercount.com 127.0.0.1 acme.bfast.com 127.0.0.1 ads.bfast.com 127.0.0.1 affiliates.bfast.com 127.0.0.1 affnet.bfast.com 127.0.0.1 airedale.bfast.com 127.0.0.1 application.bfast.com 127.0.0.1 applications.bfast.com 127.0.0.1 artuframe.bfast.com 127.0.0.1 barnesandnoble.bfast.com 127.0.0.1 bfast.com 127.0.0.1 bn.bfast.com 127.0.0.1 bst.bfast.com 127.0.0.1 bullmastiff.bfast.com 127.0.0.1 coonhound.bfast.com 127.0.0.1 dev-geocities.bfast.com 127.0.0.1 dev.bfast.com 127.0.0.1 devmgt.befree.com 127.0.0.1 devmgt.bfast.com 127.0.0.1 doberman.befree.com 127.0.0.1 enews.bfast.com 127.0.0.1 etoys.bfast.com 127.0.0.1 falcon.bfast.com 127.0.0.1 ftp.befree.com 127.0.0.1 ftp.bfast.com 127.0.0.1 geocities.bfast.com 127.0.0.1 goshoppingonline.bfast.com 127.0.0.1 great-dane.befree.com 127.0.0.1 great-dane.bfast.com 127.0.0.1 greyhound.bfast.com 127.0.0.1 help.bfast.com 127.0.0.1 husky.bfast.com 127.0.0.1 images.bfast.com 127.0.0.1 imp.bfast.com 127.0.0.1 njmgt1.bfast.com 127.0.0.1 njmgt2.bfast.com 127.0.0.1 njrep0.bfast.com 127.0.0.1 njrep1.bfast.com 127.0.0.1 njrep2.bfast.com 127.0.0.1 njtxn1.bfast.com 127.0.0.1 otterhound.bfast.com 127.0.0.1 preprod-geocities.bfast.com 127.0.0.1 preprod.bfast.com 127.0.0.1 qwest.bfast.com 127.0.0.1 reporting.net 127.0.0.1 ridgeback.befree.com 127.0.0.1 ridgeback.bfast.com 127.0.0.1 samoyed.bfast.com 127.0.0.1 scrappy.befree.com 127.0.0.1 service.bfast.com 127.0.0.1 travelocity.bfast.com 127.0.0.1 travsoft.bfast.com 127.0.0.1 verisign.bfast.com 127.0.0.1 vulture.bfast.com 127.0.0.1 whippet.bfast.com 127.0.0.1 wolfhound.bfast.com 127.0.0.1 www.befree.com 127.0.0.1 s0.bluestreak.com 127.0.0.1 s1.bluestreak.com 127.0.0.1 s2.bluestreak.com 127.0.0.1 s3.bluestreak.com 127.0.0.1 s4.bluestreak.com 127.0.0.1 s5.bluestreak.com 127.0.0.1 s6.bluestreak.com 127.0.0.1 s7.bluestreak.com 127.0.0.1 s8.bluestreak.com 127.0.0.1 abc.bnex.com 127.0.0.1 alpha.bnex.com 127.0.0.1 bnex.com 127.0.0.1 customer.bnex.com 127.0.0.1 db.bnex.com 127.0.0.1 dev.bnex.com 127.0.0.1 do.you.uh.yahoo.at.bnex.com 127.0.0.1 ghost.in.the.shell.at.bnex.com 127.0.0.1 granite.bnex.com 127.0.0.1 intarsia.bnex.com 127.0.0.1 intranet.bnex.com 127.0.0.1 jade.bnex.com 127.0.0.1 malachite.bnex.com 127.0.0.1 marble.bnex.com 127.0.0.1 megastore.bnex.com 127.0.0.1 mosaic.bnex.com 127.0.0.1 ns1.bnex.com 127.0.0.1 ns2.bnex.com 127.0.0.1 onyx.bnex.com 127.0.0.1 orion.bnex.com 127.0.0.1 pebble.bnex.com 127.0.0.1 preview.bnex.com 127.0.0.1 quartz.bnex.com 127.0.0.1 terrazzo.bnex.com 127.0.0.1 vpos.bnex.com 127.0.0.1 www.bnex.com 127.0.0.1 ads.bpath.com 127.0.0.1 ads01.bpath.com 127.0.0.1 ads03.bpath.com 127.0.0.1 ads04.bpath.com 127.0.0.1 ads05.bpath.com 127.0.0.1 ads06.bpath.com 127.0.0.1 ads07.bpath.com 127.0.0.1 ads08.bpath.com 127.0.0.1 ads09.bpath.com 127.0.0.1 ads1.bpath.com 127.0.0.1 ads10.bpath.com 127.0.0.1 ads11.bpath.com 127.0.0.1 ads12.bpath.com 127.0.0.1 ads13.bpath.com 127.0.0.1 ads14.bpath.com 127.0.0.1 ads15.bpath.com 127.0.0.1 ads16.bpath.com 127.0.0.1 ads17.bpath.com 127.0.0.1 ads18.bpath.com 127.0.0.1 ads19.bpath.com 127.0.0.1 ads2.bpath.com 127.0.0.1 ads20.bpath.com 127.0.0.1 ads21.bpath.com 127.0.0.1 ads22.bpath.com 127.0.0.1 ads23.bpath.com 127.0.0.1 ads24.bpath.com 127.0.0.1 ads25.bpath.com 127.0.0.1 ads26.bpath.com 127.0.0.1 ads27.bpath.com 127.0.0.1 ads28.bpath.com 127.0.0.1 ads29.bpath.com 127.0.0.1 ads3.bpath.com 127.0.0.1 ads32.bpath.com 127.0.0.1 ads33.bpath.com 127.0.0.1 ads34.bpath.com 127.0.0.1 ads35.bpath.com 127.0.0.1 ads36.bpath.com 127.0.0.1 ads37.bpath.com 127.0.0.1 ads38.bpath.com 127.0.0.1 ads39.bpath.com 127.0.0.1 ads40.bpath.com 127.0.0.1 ads41.bpath.com 127.0.0.1 ads42.bpath.com 127.0.0.1 ads43.bpath.com 127.0.0.1 ads44.bpath.com 127.0.0.1 ads45.bpath.com 127.0.0.1 ads46.bpath.com 127.0.0.1 ads47.bpath.com 127.0.0.1 ads48.bpath.com 127.0.0.1 ads49.bpath.com 127.0.0.1 ads50.bpath.com 127.0.0.1 ads51.bpath.com 127.0.0.1 ads52.bpath.com 127.0.0.1 bpath.com 127.0.0.1 www.bpath.com 127.0.0.1 2-Tier.cj.com 127.0.0.1 321website.cj.com 127.0.0.1 acim.com 127.0.0.1 actioneer.cj.com 127.0.0.1 activemarketplace.cj.com 127.0.0.1 admin01.cj.com 127.0.0.1 admin02.cj.com 127.0.0.1 admin03.cj.com 127.0.0.1 admin4050.cj.com 127.0.0.1 admin740.cj.com 127.0.0.1 admn05.cj.com 127.0.0.1 affiliateadvisor.cj.com 127.0.0.1 affiliatemarketingcouk.cj.com 127.0.0.1 affiliateshopper.cj.com 127.0.0.1 affordable-ecommerce.cj.com 127.0.0.1 ait2000.cj.com 127.0.0.1 am1.cj.com 127.0.0.1 amirinator.cj.com 127.0.0.1 andrei.cj.com 127.0.0.1 askit.cj.com 127.0.0.1 associatezone.cj.com 127.0.0.1 astsysadmn.cj.com 127.0.0.1 bannerco-op.cj.com 127.0.0.1 batnet.cj.com 127.0.0.1 bizomatic.cj.com 127.0.0.1 boldbrain.cj.com 127.0.0.1 brandsplaza.cj.com 127.0.0.1 burnout.cj.com 127.0.0.1 carat-na.cj.com 127.0.0.1 cardservice.cj.com 127.0.0.1 cell.cj.com 127.0.0.1 cell2.cj.com 127.0.0.1 chuck.cj.com 127.0.0.1 citilynks.cj.com 127.0.0.1 cj.com 127.0.0.1 cj12.cj.com 127.0.0.1 clickquick.cj.com 127.0.0.1 clone.cj.com 127.0.0.1 cometobuy.cj.com 127.0.0.1 commission-junction.com 127.0.0.1 COMMISSIONJ.cj.com 127.0.0.1 compubank.cj.com 127.0.0.1 contactdesigns.cj.com 127.0.0.1 craftclick.cj.com 127.0.0.1 cyber-ny.cj.com 127.0.0.1 cybercash.cj.com 127.0.0.1 demo.cj.com 127.0.0.1 demodb.cj.com 127.0.0.1 demoroom.cj.com 127.0.0.1 dev01.cj.com 127.0.0.1 dev02.cj.com 127.0.0.1 dev03.cj.com 127.0.0.1 dev04.cj.com 127.0.0.1 dev05.cj.com 127.0.0.1 dev07.cj.com 127.0.0.1 dev08.cj.com 127.0.0.1 dev09.cj.com 127.0.0.1 dev10.cj.com 127.0.0.1 dev14.cj.com 127.0.0.1 devdb.cj.com 127.0.0.1 digitalriver.cj.com 127.0.0.1 dvisions.cj.com 127.0.0.1 dwebsite.cj.com 127.0.0.1 e250a.cj.com 127.0.0.1 e250a.track4.com 127.0.0.1 ecomdriver.cj.com 127.0.0.1 ecometry.cj.com 127.0.0.1 eCommerceland.cj.com 127.0.0.1 entrenaut.cj.com 127.0.0.1 es.cj.com 127.0.0.1 everyonenet.cj.com 127.0.0.1 ewebuilder.cj.com 127.0.0.1 fingerhut.track4.com 127.0.0.1 firstregistry.cj.com 127.0.0.1 fission.cj.com 127.0.0.1 fluffymoose.cj.com 127.0.0.1 foxy.acim.com 127.0.0.1 foxy.cj.com 127.0.0.1 foxy.track4.com 127.0.0.1 freelinksnetwork.cj.com 127.0.0.1 ftp.acim.com 127.0.0.1 ftp.track4.com 127.0.0.1 fusion.cj.com 127.0.0.1 gate.acim.com 127.0.0.1 getmy.cj.com 127.0.0.1 gifttree.track4.com 127.0.0.1 golinq.cj.com 127.0.0.1 grumpy.cj.com 127.0.0.1 icom.cj.com 127.0.0.1 imedianet.cj.com 127.0.0.1 impossible.cj.com 127.0.0.1 impulsesoftware.cj.com 127.0.0.1 inetimage.cj.com 127.0.0.1 infinetways.cj.com 127.0.0.1 ipares.cj.com 127.0.0.1 kinzan.cj.com 127.0.0.1 lazy.cj.com 127.0.0.1 lead2gold.cj.com 127.0.0.1 livesite.cj.com 127.0.0.1 lmcl.cj.com 127.0.0.1 makemoneynow.cj.com 127.0.0.1 maximizer.acim.com 127.0.0.1 maximizer.cj.com 127.0.0.1 members.cj.com 127.0.0.1 MKTG04.cj.com 127.0.0.1 mktg05.cj.com 127.0.0.1 mktg06.cj.com 127.0.0.1 mktg07.cj.com 127.0.0.1 mktg08.cj.com 127.0.0.1 mktg09.cj.com 127.0.0.1 mktg10.cj.com 127.0.0.1 mktg11.cj.com 127.0.0.1 mktg12.cj.com 127.0.0.1 mktg13.cj.com 127.0.0.1 mktg14.cj.com 127.0.0.1 mktg16.cj.com 127.0.0.1 mktg17.cj.com 127.0.0.1 mktg19.cj.com 127.0.0.1 mktg20.cj.com 127.0.0.1 mktg21.cj.com 127.0.0.1 mktg22.cj.com 127.0.0.1 mktg23.cj.com 127.0.0.1 mktg24.cj.com 127.0.0.1 mktg25.cj.com 127.0.0.1 mktg26.cj.com 127.0.0.1 mktg27.cj.com 127.0.0.1 mktg28.cj.com 127.0.0.1 mktg29.cj.com 127.0.0.1 mktg4050.cj.com 127.0.0.1 morevisibility.cj.com 127.0.0.1 multibit.cj.com 127.0.0.1 mysiteinc.cj.com 127.0.0.1 ndic.cj.com 127.0.0.1 netjumper.cj.com 127.0.0.1 netsales.cj.com 127.0.0.1 neweve.cj.com 127.0.0.1 newmedia1.cj.com 127.0.0.1 news.cj.com 127.0.0.1 newstud.cj.com 127.0.0.1 nine.cj.com 127.0.0.1 nis.cj.com 127.0.0.1 noc.cj.com 127.0.0.1 ns1.acim.com 127.0.0.1 ns1.cj.com 127.0.0.1 ns2.acim.com 127.0.0.1 nsl.cj.com 127.0.0.1 nuvex.cj.com 127.0.0.1 obsidian.cj.com 127.0.0.1 ooway.cj.com 127.0.0.1 osiris.cj.com 127.0.0.1 osiris98.cj.com 127.0.0.1 partnertest324.cj.com 127.0.0.1 pdgsoft.cj.com 127.0.0.1 perceptionwebsites.cj.com 127.0.0.1 physicianmall.cj.com 127.0.0.1 planetpress.cj.com 127.0.0.1 plum.acim.com 127.0.0.1 positionsolutions.cj.com 127.0.0.1 poweruser.cj.com 127.0.0.1 prod.cj.com 127.0.0.1 profittrak.cj.com 127.0.0.1 pulsity.cj.com 127.0.0.1 raptor.cj.com 127.0.0.1 rcsf.cj.com 127.0.0.1 relay.cj.com 127.0.0.1 rewards2k.cj.com 127.0.0.1 roadmall.cj.com 127.0.0.1 rundotrun.cj.com 127.0.0.1 sagar.cj.com 127.0.0.1 sb.cj.com 127.0.0.1 schoolaid.cj.com 127.0.0.1 sellandgrowrich.cj.com 127.0.0.1 sellbig.cj.com 127.0.0.1 shopnow.cj.com 127.0.0.1 simplesite.cj.com 127.0.0.1 sitesource.cj.com 127.0.0.1 sithlord.cj.com 127.0.0.1 smtusa.cj.com 127.0.0.1 starcomputer.cj.com 127.0.0.1 stud.cj.com 127.0.0.1 swmm.cj.com 127.0.0.1 sysadmin.cj.com 127.0.0.1 sz.track4.com 127.0.0.1 tor.cj.com 127.0.0.1 toten.acim.com 127.0.0.1 towerrecords.track4.com 127.0.0.1 track4.com 127.0.0.1 translucent.acim.com 127.0.0.1 ugetpaid.cj.com 127.0.0.1 unrealmarketing.cj.com 127.0.0.1 vaio.cj.com 127.0.0.1 valadeo.cj.com 127.0.0.1 virtualcart.cj.com 127.0.0.1 virtualfocus.cj.com 127.0.0.1 vrmetro.cj.com 127.0.0.1 webbusinessdevelopment.cj.com 127.0.0.1 webintellects.cj.com 127.0.0.1 webjump.cj.com 127.0.0.1 what.cj.com 127.0.0.1 whylook.cj.com 127.0.0.1 wishlist.cj.com 127.0.0.1 wns.cj.com 127.0.0.1 worldwidebuy.cj.com 127.0.0.1 ww.cj.com 127.0.0.1 www.acim.com 127.0.0.1 www.cj.com 127.0.0.1 www.commission-junction.com 127.0.0.1 www.track4.com 127.0.0.1 www1.cj.com 127.0.0.1 www1.track4.com 127.0.0.1 www2.cj.com 127.0.0.1 www2.track4.com 127.0.0.1 www3.cj.com 127.0.0.1 www3.track4.com 127.0.0.1 www4.cj.com 127.0.0.1 www5.cj.com 127.0.0.1 www6.cj.com 127.0.0.1 wwww.cj.com 127.0.0.1 znetsolutions.cj.com 127.0.0.1 zsmart.cj.com 127.0.0.1 3Aad.doubleclick.net 127.0.0.1 aa.doubleclick.net 127.0.0.1 accord.netgravity.com 127.0.0.1 ad.au.doubleclick.net 127.0.0.1 ad.br.doubleclick.net 127.0.0.1 ad.ca.doubleclick.net 127.0.0.1 ad.contentzone.com 127.0.0.1 ad.de.doubleclick.net 127.0.0.1 ad.doubleclick.com 127.0.0.1 ad.es.doubleclick.net 127.0.0.1 ad.fi.doubleclick.net 127.0.0.1 ad.fr.doubleclick.net 127.0.0.1 ad.it.doubleclick.net 127.0.0.1 ad.jp.doubleclick.net 127.0.0.1 ad.my.doubleclick.net 127.0.0.1 ad.nl.doubleclick.net 127.0.0.1 ad.no.doubleclick.net 127.0.0.1 ad.pt.doubleclick.net 127.0.0.1 ad.se.doubleclick.net 127.0.0.1 ad.sg.doubleclick.net 127.0.0.1 ad.sq.doubleclick.net 127.0.0.1 ad.uk.doubleclick.net 127.0.0.1 ad.us.doubleclick.net 127.0.0.1 ad1.doubleclick.net 127.0.0.1 ad2.doubleclick.net 127.0.0.1 ad3.doubleclick.net 127.0.0.1 adcenter1.netgravity.com 127.0.0.1 ADS-SECONDARY.doubleclick.net 127.0.0.1 ads.double-click.com 127.0.0.1 bay-sw-10.netgravity.com 127.0.0.1 bbn-gw.NYC1.doubleclick.net 127.0.0.1 caelum.netgravity.com 127.0.0.1 de1.doubleclick.net 127.0.0.1 demo.netgravity.com 127.0.0.1 double-click.com 127.0.0.1 doubleclick.com 127.0.0.1 doubleclick.net 127.0.0.1 draco.netgravity.com 127.0.0.1 dyson.netgravity.com 127.0.0.1 ecommerce.netgravity.com 127.0.0.1 engpptp.netgravity.com 127.0.0.1 enterprise.netgravity.com 127.0.0.1 exnjadgda1.doubleclick.net 127.0.0.1 exnjadgda2.doubleclick.net 127.0.0.1 exnjadgds1.doubleclick.net 127.0.0.1 exnjmdgda1.doubleclick.net 127.0.0.1 exnjmdgds1.doubleclick.net 127.0.0.1 exodus-gw.EWR1.doubleclick.net 127.0.0.1 fr1.doubleclick.net 127.0.0.1 ftp.netgravity.com 127.0.0.1 gatekeeper.netgravity.com 127.0.0.1 gd20.doubleclick.net 127.0.0.1 gd25.doubleclick.net 127.0.0.1 gd28.doubleclick.net 127.0.0.1 gd4.doubleclick.net 127.0.0.1 gravitychannel.netgravity.com 127.0.0.1 gravityhome.netgravity.com 127.0.0.1 home.netgravity.com 127.0.0.1 In.doubleclick.net 127.0.0.1 joinchannel.netgravity.com 127.0.0.1 jp.doubleclick.net 127.0.0.1 listserver.netgravity.com 127.0.0.1 ln.doubleclick.net 127.0.0.1 lon-router.netgravity.com 127.0.0.1 london.netgravity.com 127.0.0.1 lucian.netgravity.com 127.0.0.1 m.doubleclick.com 127.0.0.1 m.doubleclick.net 127.0.0.1 m2.doubleclick.net 127.0.0.1 MAILEXODUS.doubleclick.net 127.0.0.1 mdist.doubleclick.net 127.0.0.1 mplex-dfa.doubleclick.net 127.0.0.1 myhome.netgravity.com 127.0.0.1 nda.netgravity.com 127.0.0.1 netgravity.com 127.0.0.1 network-199-95-207-10.doubleclick.net 127.0.0.1 network-199-95-207-138.doubleclick.net 127.0.0.1 network-199-95-207-148.doubleclick.net 127.0.0.1 network-199-95-207-2.doubleclick.net 127.0.0.1 network-199-95-207-3.doubleclick.net 127.0.0.1 network-199-95-207-4.doubleclick.net 127.0.0.1 network-199-95-207-5.doubleclick.net 127.0.0.1 network-199-95-207-6.doubleclick.net 127.0.0.1 network-199-95-207-7.doubleclick.net 127.0.0.1 network-199-95-207-8.doubleclick.net 127.0.0.1 network-199-95-207-9.doubleclick.net 127.0.0.1 network-199-95-208-10.doubleclick.net 127.0.0.1 network-199-95-208-2.doubleclick.net 127.0.0.1 network-199-95-208-3.doubleclick.net 127.0.0.1 network-199-95-208-4.doubleclick.net 127.0.0.1 network-199-95-208-5.doubleclick.net 127.0.0.1 network-199-95-208-6.doubleclick.net 127.0.0.1 network-199-95-208-7.doubleclick.net 127.0.0.1 network-199-95-208-8.doubleclick.net 127.0.0.1 network-209-67-38-10.doubleclick.net 127.0.0.1 network-209-67-38-2.doubleclick.net 127.0.0.1 network-209-67-38-3.doubleclick.net 127.0.0.1 network-209-67-38-4.doubleclick.net 127.0.0.1 network-209-67-38-5.doubleclick.net 127.0.0.1 network-209-67-38-6.doubleclick.net 127.0.0.1 network-209-67-38-7.doubleclick.net 127.0.0.1 network-209-67-38-8.doubleclick.net 127.0.0.1 network-209-67-38-9.doubleclick.net 127.0.0.1 news.netgravity.com 127.0.0.1 ng-webserver.netgravity.com 127.0.0.1 nl.doubleclick.net 127.0.0.1 no.doubleclick.net 127.0.0.1 ns.doubleclick.net 127.0.0.1 ns1.doubleclick.net 127.0.0.1 ns2.doubleclick.net 127.0.0.1 ny-router.netgravity.com 127.0.0.1 ny.netgravity.com 127.0.0.1 phase2media.doubleclick.net 127.0.0.1 pptp-server.netgravity.com 127.0.0.1 pptp.netgravity.com 127.0.0.1 proxy.netgravity.com 127.0.0.1 rdbox.doubleclick.net 127.0.0.1 resolver.doubleclick.net 127.0.0.1 sanders.netgravity.com 127.0.0.1 se.doubleclick.net 127.0.0.1 se1.doubleclick.net 127.0.0.1 SITEPAGES.doubleclick.net 127.0.0.1 smhq-fe1-0.netgravity.com 127.0.0.1 sold.netgravity.com 127.0.0.1 suitespot.netgravity.com 127.0.0.1 support.netgravity.com 127.0.0.1 uk.doubleclick.net 127.0.0.1 uk1.doubleclick.net 127.0.0.1 us.doubleclick.net 127.0.0.1 uunet-gw.NYC1.doubleclick.net 127.0.0.1 uunyadgda1.doubleclick.net 127.0.0.1 uunyadgds1.doubleclick.net 127.0.0.1 www.double-click.com 127.0.0.1 www.doubleclick.com 127.0.0.1 www.doubleclick.net 127.0.0.1 www.netgravity.com 127.0.0.1 www3.netgravity.com 127.0.0.1 www4.netgravity.com 127.0.0.1 zac.netgravity.com 127.0.0.1 ads1.speedbit.com 127.0.0.1 ads2.speedbit.com 127.0.0.1 ads3.speedbit.com 127.0.0.1 www3.speedbit.com 127.0.0.1 www.speedbit.com 127.0.0.1 54.conducent.com 127.0.0.1 addbtest.conducent.com 127.0.0.1 addbtest.timesink.com 127.0.0.1 addltest.conducent.com 127.0.0.1 addltest.timesink.com 127.0.0.1 addltestmaster.conducent.com 127.0.0.1 adqa.conducent.com 127.0.0.1 contentalpha.conducent.com 127.0.0.1 contentqa.conducent.com 127.0.0.1 contents.conducent.com 127.0.0.1 contents1.conducent.com 127.0.0.1 contenttest.conducent.com 127.0.0.1 digisle.conducent.com 127.0.0.1 DNS1.CONDUCENT.COM 127.0.0.1 download.timesink.com 127.0.0.1 eroom.conducent.com 127.0.0.1 firewall.conducent.com 127.0.0.1 firewall.timesink.com 127.0.0.1 ftp.conducent.com 127.0.0.1 hermes.conducent.com 127.0.0.1 ip134.conducent.com 127.0.0.1 ip134.timesink.com 127.0.0.1 Jerry.conducent.com 127.0.0.1 mail.conducent.com 127.0.0.1 mail.timesink.com 127.0.0.1 nandbob.conducent.com 127.0.0.1 nid.conducent.com 127.0.0.1 nid.timesink.com 127.0.0.1 nidinternal.conducent.com 127.0.0.1 nidinternal.timesink.com 127.0.0.1 nidinternaltest.conducent.com 127.0.0.1 nidtest.conducent.com 127.0.0.1 nidtest.timesink.com 127.0.0.1 nt2.conducent.com 127.0.0.1 pop3.conducent.com 127.0.0.1 pop3.timesink.com 127.0.0.1 proxytest.conducent.com 127.0.0.1 pushv5.conducent.com 127.0.0.1 redirectqa.conducent.com 127.0.0.1 redirects.conducent.com 127.0.0.1 redirects.timesink.com 127.0.0.1 redirecttest.conducent.com 127.0.0.1 smtp.conducent.com 127.0.0.1 smtp.timesink.com 127.0.0.1 softwares.conducent.com 127.0.0.1 softwares.timesink.com 127.0.0.1 sterlinga.conducent.com 127.0.0.1 sterlingf.conducent.com 127.0.0.1 updates2.conducent.com 127.0.0.1 updatetest.conducent.com 127.0.0.1 warsport.timesink.com 127.0.0.1 www.conducent.com 127.0.0.1 wwwtest.conducent.com 127.0.0.1 wwwtest.timesink.com 127.0.0.1 zeus.conducent.com 127.0.0.1 zeus.timesink.com 127.0.0.1 bob.web3000.com 127.0.0.1 tasha.web3000.com 127.0.0.1 www1.web3000.com 127.0.0.1 www7.web3000.com 127.0.0.1 abbott.radiate.com 127.0.0.1 ad2-1.aureate.com 127.0.0.1 ad2-2.aureate.com 127.0.0.1 ad2-3.aureate.com 127.0.0.1 ad2-4.aureate.com 127.0.0.1 adam.radiate.com 127.0.0.1 adserv2-301-sjc2.radiate.com 127.0.0.1 adserv3-408-sjc2.radiate.com 127.0.0.1 adsoftware.com 127.0.0.1 aim.adsoftware.com 127.0.0.1 aim.aureate.com 127.0.0.1 aim1.adsoftware.com 127.0.0.1 aim1.aureate.com 127.0.0.1 aim2.adsoftware.com 127.0.0.1 aim2.aureate.com 127.0.0.1 aim3.adsoftware.com 127.0.0.1 aim3.aureate.com 127.0.0.1 aim4.adsoftware.com 127.0.0.1 aim4.aureate.com 127.0.0.1 aim5.adsoftware.com 127.0.0.1 aim5.aureate.com 127.0.0.1 aim6.adsoftware.com 127.0.0.1 alexander.aureate.com 127.0.0.1 ans-test.adsoftware.com 127.0.0.1 ans1.adsoftware.com 127.0.0.1 ans10.adsoftware.com 127.0.0.1 ans2.adsoftware.com 127.0.0.1 ans3.adsoftware.com 127.0.0.1 apc-pdu-1.aureate.com 127.0.0.1 apc-pdu-2.aureate.com 127.0.0.1 aristotle.aureate.com 127.0.0.1 ask-a-chick.com 127.0.0.1 aureate-colo-hp2424m.aureate.com 127.0.0.1 aureate-main-2611.aureate.com 127.0.0.1 aureate.com 127.0.0.1 aureatemedia.com 127.0.0.1 bach.aureate.com 127.0.0.1 bc-208-184-172-192.radiate.com 127.0.0.1 bigmama.radiate.com 127.0.0.1 binarybliss.com 127.0.0.1 bonnie2.radiate.com 127.0.0.1 brinks.radiate.com 127.0.0.1 brutus.radiate.com 127.0.0.1 caesar.aureate.com 127.0.0.1 confucius.aureate.com 127.0.0.1 constantine.aureate.com 127.0.0.1 cook.aureate.com 127.0.0.1 copernicus.aureate.com 127.0.0.1 corona.radiate.com 127.0.0.1 costello.radiate.com 127.0.0.1 curly.aureate.com 127.0.0.1 cyrus.aureate.com 127.0.0.1 deadmanwalking.radiate.com 127.0.0.1 dell.radiate.com 127.0.0.1 dillinger.aureate.com 127.0.0.1 dolphinsfootball.com 127.0.0.1 dosequis.radiate.com 127.0.0.1 download.binarybliss.com 127.0.0.1 foreigner.radiate.com 127.0.0.1 freud.aureate.com 127.0.0.1 ftp.gozilla.com 127.0.0.1 gameboy.aureate.com 127.0.0.1 gd1.radiate.com 127.0.0.1 gizmo.net 127.0.0.1 godzilla.radiate.com 127.0.0.1 gozilla.com 127.0.0.1 group-mail.com 127.0.0.1 gzs-6509.radiate.com 127.0.0.1 gzs-7206.radiate.com 127.0.0.1 gzs-ld.radiate.com 127.0.0.1 h-208-184-172-10.radiate.com 127.0.0.1 h-208-184-172-100.radiate.com »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri C:\WINDOWS\Installer\{1036be59-1c8e-4094-a558-222a1d1e7142}\SysWin.dll deleted C:\WINDOWS\Installer\{a61de6e0-76be-4773-adf7-ec3f8beffeef}\zip.dll deleted »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Program Files\tmp???????.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.72.130 68.87.77.130 HKLM\SYSTEM\CS2\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8061F531-1129-4EA4-BDE9-05A429547DDD}: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End SDFix: Version 1.155 Run by HP_Owner on 2008-03-11 at 02:14 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\HP_Owner\Desktop\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\apdqnxp.dll - Deleted C:\WINDOWS\fqspogw.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-11 09:12:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe::Enabled:BackWeb for Pavilion" "C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe::Enabled:Support.com Scheduler and Command Dispatcher" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files* : File Backups: - C:\DOCUME~1\HP_Owner\Desktop\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 26 Nov 2004 213 A.SHR --- "C:\BOOT.BAK" Fri 26 Nov 2004 196 A.SHR --- "C:\BOOTNXX.BAK" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Tue 6 Dec 2005 331,850 ..SH. --- "C:\WINDOWS\system32\oqstv.tmp" Sat 10 Dec 2005 372,895 ..SH. --- "C:\WINDOWS\system32\oqstv.bak2" Mon 10 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 10 Sep 2005 386 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti526.tmp" Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg" Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg" Finished!

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Smitfraud Infection	0 / 323	20th November 2007 - 09:06 AM vamoms started - last by vamoms
Virus, Spyware and Trojan Removal Smitfraud infection (Ucleaner virus) [RESOLVED]	9 / 797	1st January 2008 - 05:36 AM strant started - last by miekiemoes
Virus, Spyware and Trojan Removal Smitfraud Infection [CLOSED]	2 / 254	25th April 2008 - 12:13 PM S. Anders started - last by greyknight17
Virus, Spyware and Trojan Removal Smitfraud Infection? [Solved] 12	16 / 333	17th May 2009 - 04:02 PM FaultlineXR started - last by sage5