Hi there, I am running a Osmio hardman/kardon, Toshiba. Recently it has become very slow and I get lots of messages stating my Laptop is infected etc.
I have done a Hijackthis scan but dont have the knowledge to seive through the report. I have used this forum on several occasions before for Pc's tjhat i use and have found your help extremely helpful. Below I have pasted the hijacktthis log. Any help would be greatly appreciated.
Regards J.Carter



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:37, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\PROGRA~1\COMMON~1\BESTSE~1\uga6pcw.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MI43DA~1\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\jimmy\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\cxvucliy.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2398C76E-7100-405E-B687-65C407C530DD} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\BestsellerAntivirus\Tools\popupg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ihanhvjo.dll (file missing)
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ihanhvjo.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [uga6pcw] "C:\PROGRA~1\COMMON~1\BESTSE~1\uga6pcw.exe" -start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13939 bytes

Hello James, my name is Rorschach and I'll be helping you with your problems.


Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

• Click on "New Topic"
• Put your name, e-mail address, and this as the title: "C:\Program Files\BestsellerAntivirus\pgs.exe"
• Put a link to this topic in the description box.
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  • C:\Program Files\BestsellerAntivirus\pgs.exe
• Click Open.
• Click Post.

Thank you!



Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:

To deactivate Spyware Doctor's OnGuard Tools

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

You can reenable it once your system is clean.


Please also disable SpywareDetector as it will interfere with our fix.



Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So in your next reply please post the following : the SmitfraudFix report, the VundoFix text, tell me how it went uploading that file, the two DSS texts in full, and tell me how your PC is running now and if you had any problems.

This post has been edited by Rorschach112: Aug 30 2007, 08:41 AM

Hi there, I have done everything that you stated in you're reply.

Below are all the results:

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:15, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jimmy\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2398C76E-7100-405E-B687-65C407C530DD} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12672 bytes



SmitfraudSmitFraudFix v2.217

Scan done at 18:50:49.31, 30/08/2007
Run from C:\Documents and Settings\jimmy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com
127.0.0.1 www.goshoppingonline.bfast.com
127.0.0.1 www.great-dane.befree.com
127.0.0.1 www.great-dane.bfast.com
127.0.0.1 www.greyhound.bfast.com
127.0.0.1 www.help.bfast.com
127.0.0.1 www.husky.bfast.com
127.0.0.1 www.images.bfast.com
127.0.0.1 www.imp.bfast.com
127.0.0.1 www.njmgt1.bfast.com
127.0.0.1 www.njmgt2.bfast.com
127.0.0.1 www.njrep0.bfast.com
127.0.0.1 www.njrep1.bfast.com
127.0.0.1 www.njrep2.bfast.com
127.0.0.1 www.njtxn1.bfast.com
127.0.0.1 www.otterhound.bfast.com
127.0.0.1 www.preprod-geocities.bfast.com
127.0.0.1 www.preprod.bfast.com
127.0.0.1 www.qwest.bfast.com
127.0.0.1 www.reporting.net
127.0.0.1 www.ridgeback.befree.com
127.0.0.1 www.ridgeback.bfast.com
127.0.0.1 www.samoyed.bfast.com
127.0.0.1 www.scrappy.befree.com
127.0.0.1 www.service.bfast.com
127.0.0.1 www.travelocity.bfast.com
127.0.0.1 www.travsoft.bfast.com
127.0.0.1 www.verisign.bfast.com
127.0.0.1 www.vulture.bfast.com
127.0.0.1 www.whippet.bfast.com
127.0.0.1 www.wolfhound.bfast.com
127.0.0.1 www.befree.com
127.0.0.1 www.s0.bluestreak.com
127.0.0.1 www.s1.bluestreak.com
127.0.0.1 www.s2.bluestreak.com
127.0.0.1 www.s3.bluestreak.com
127.0.0.1 www.s4.bluestreak.com
127.0.0.1 www.s5.bluestreak.com
127.0.0.1 www.s6.bluestreak.com
127.0.0.1 www.s7.bluestreak.com
127.0.0.1 www.s8.bluestreak.com
127.0.0.1 www.abc.bnex.com
127.0.0.1 www.alpha.bnex.com
127.0.0.1 www.bnex.com
127.0.0.1 www.customer.bnex.com
127.0.0.1 www.db.bnex.com
127.0.0.1 www.dev.bnex.com
127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
127.0.0.1 www.ghost.in.the.shell.at.bnex.com
127.0.0.1 www.granite.bnex.com
127.0.0.1 www.intarsia.bnex.com
127.0.0.1 www.intranet.bnex.com
127.0.0.1 www.jade.bnex.com
127.0.0.1 www.malachite.bnex.com
127.0.0.1 www.marble.bnex.com
127.0.0.1 www.megastore.bnex.com
127.0.0.1 www.mosaic.bnex.com
127.0.0.1 www.ns1.bnex.com
127.0.0.1 www.ns2.bnex.com
127.0.0.1 www.onyx.bnex.com
127.0.0.1 www.orion.bnex.com
127.0.0.1 www.pebble.bnex.com
127.0.0.1 www.preview.bnex.com
127.0.0.1 www.quartz.bnex.com
127.0.0.1 www.terrazzo.bnex.com
127.0.0.1 www.vpos.bnex.com
127.0.0.1 www.www.bnex.com
127.0.0.1 www.ads.bpath.com
127.0.0.1 www.ads01.bpath.com
127.0.0.1 www.ads03.bpath.com
127.0.0.1 www.ads04.bpath.com
127.0.0.1 www.ads05.bpath.com
127.0.0.1 www.ads06.bpath.com
127.0.0.1 www.ads07.bpath.com
127.0.0.1 www.ads08.bpath.com
127.0.0.1 www.ads09.bpath.com
127.0.0.1 www.ads1.bpath.com
127.0.0.1 www.ads10.bpath.com
127.0.0.1 www.ads11.bpath.com
127.0.0.1 www.ads12.bpath.com
127.0.0.1 www.ads13.bpath.com
127.0.0.1 www.ads14.bpath.com
127.0.0.1 www.ads15.bpath.com
127.0.0.1 www.ads16.bpath.com
127.0.0.1 www.ads17.bpath.com
127.0.0.1 www.ads18.bpath.com
127.0.0.1 www.ads19.bpath.com
127.0.0.1 www.ads2.bpath.com
127.0.0.1 www.ads20.bpath.com
127.0.0.1 www.ads21.bpath.com
127.0.0.1 www.ads22.bpath.com
127.0.0.1 www.ads23.bpath.com
127.0.0.1 www.ads24.bpath.com
127.0.0.1 www.ads25.bpath.com
127.0.0.1 www.ads26.bpath.com
127.0.0.1 www.ads27.bpath.com
127.0.0.1 www.ads28.bpath.com
127.0.0.1 www.ads29.bpath.com
127.0.0.1 www.ads3.bpath.com
127.0.0.1 www.ads32.bpath.com
127.0.0.1 www.ads33.bpath.com
127.0.0.1 www.ads34.bpath.com
127.0.0.1 www.ads35.bpath.com
127.0.0.1 www.ads36.bpath.com
127.0.0.1 www.ads37.bpath.com
127.0.0.1 www.ads38.bpath.com
127.0.0.1 www.ads39.bpath.com
127.0.0.1 www.ads40.bpath.com
127.0.0.1 www.ads41.bpath.com
127.0.0.1 www.ads42.bpath.com
127.0.0.1 www.ads43.bpath.com
127.0.0.1 www.ads44.bpath.com
127.0.0.1 www.ads45.bpath.com
127.0.0.1 www.ads46.bpath.com
127.0.0.1 www.ads47.bpath.com
127.0.0.1 www.ads48.bpath.com
127.0.0.1 www.ads49.bpath.com
127.0.0.1 www.ads50.bpath.com
127.0.0.1 www.ads51.bpath.com
127.0.0.1 www.ads52.bpath.com
127.0.0.1 www.bpath.com
127.0.0.1 www.www.bpath.com
127.0.0.1 www.acim.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.e250a.track4.com
127.0.0.1 www.fingerhut.track4.com
127.0.0.1 www.foxy.acim.com
127.0.0.1 www.foxy.track4.com
127.0.0.1 www.ftp.acim.com
127.0.0.1 www.ftp.track4.com
127.0.0.1 www.gate.acim.com
127.0.0.1 www.gifttree.track4.com
127.0.0.1 www.maximizer.acim.com
127.0.0.1 www.ns1.acim.com
127.0.0.1 www.ns2.acim.com
127.0.0.1 www.plum.acim.com
127.0.0.1 www.sz.track4.com
127.0.0.1 www.toten.acim.com
127.0.0.1 www.towerrecords.track4.com
127.0.0.1 www.track4.com
127.0.0.1 www.translucent.acim.com
127.0.0.1 www.www.acim.com
127.0.0.1 www1.track4.com
127.0.0.1 www2.track4.com
127.0.0.1 www3.track4.com
127.0.0.1 www.3Aad.doubleclick.net
127.0.0.1 www.aa.doubleclick.net
127.0.0.1 www.accord.netgravity.com
127.0.0.1 www.ad.au.doubleclick.net
127.0.0.1 www.ad.br.doubleclick.net
127.0.0.1 www.ad.ca.doubleclick.net
127.0.0.1 www.ad.contentzone.com
127.0.0.1 www.ad.de.doubleclick.net
127.0.0.1 www.ad.doubleclick.com
127.0.0.1 www.ad.es.doubleclick.net
127.0.0.1 www.ad.fi.doubleclick.net
127.0.0.1 www.ad.fr.doubleclick.net
127.0.0.1 www.ad.it.doubleclick.net
127.0.0.1 www.ad.jp.doubleclick.net
127.0.0.1 www.ad.my.doubleclick.net
127.0.0.1 www.ad.nl.doubleclick.net
127.0.0.1 www.ad.no.doubleclick.net
127.0.0.1 www.ad.pt.doubleclick.net
127.0.0.1 www.ad.se.doubleclick.net
127.0.0.1 www.ad.sg.doubleclick.net
127.0.0.1 www.ad.sq.doubleclick.net
127.0.0.1 www.ad.uk.doubleclick.net
127.0.0.1 www.ad.us.doubleclick.net
127.0.0.1 www.ad1.doubleclick.net
127.0.0.1 www.ad2.doubleclick.net
127.0.0.1 www.ad3.doubleclick.net
127.0.0.1 www.adcenter1.netgravity.com
127.0.0.1 www.ADS-SECONDARY.doubleclick.net
127.0.0.1 www.ads.double-click.com
127.0.0.1 www.bay-sw-10.netgravity.com
127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
127.0.0.1 www.caelum.netgravity.com
127.0.0.1 www.de1.doubleclick.net
127.0.0.1 www.demo.netgravity.com
127.0.0.1 www.double-click.com
127.0.0.1 www.doubleclick.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.draco.netgravity.com
127.0.0.1 www.dyson.netgravity.com
127.0.0.1 www.ecommerce.netgravity.com
127.0.0.1 www.engpptp.netgravity.com
127.0.0.1 www.enterprise.netgravity.com
127.0.0.1 www.exnjadgda1.doubleclick.net
127.0.0.1 www.exnjadgda2.doubleclick.net
127.0.0.1 www.exnjadgds1.doubleclick.net
127.0.0.1 www.exnjmdgda1.doubleclick.net
127.0.0.1 www.exnjmdgds1.doubleclick.net
127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
127.0.0.1 www.fr1.doubleclick.net
127.0.0.1 www.ftp.netgravity.com
127.0.0.1 www.gatekeeper.netgravity.com
127.0.0.1 www.gd20.doubleclick.net
127.0.0.1 www.gd25.doubleclick.net
127.0.0.1 www.gd28.doubleclick.net
127.0.0.1 www.gd4.doubleclick.net
127.0.0.1 www.gravitychannel.netgravity.com
127.0.0.1 www.gravityhome.netgravity.com
127.0.0.1 www.home.netgravity.com
127.0.0.1 www.In.doubleclick.net
127.0.0.1 www.joinchannel.netgravity.com
127.0.0.1 www.jp.doubleclick.net
127.0.0.1 www.listserver.netgravity.com
127.0.0.1 www.ln.doubleclick.net
127.0.0.1 www.lon-router.netgravity.com
127.0.0.1 www.london.netgravity.com
127.0.0.1 www.lucian.netgravity.com
127.0.0.1 www.m.doubleclick.com
127.0.0.1 www.m.doubleclick.net
127.0.0.1 www.m2.doubleclick.net
127.0.0.1 www.MAILEXODUS.doubleclick.net
127.0.0.1 www.mdist.doubleclick.net
127.0.0.1 www.mplex-dfa.doubleclick.net
127.0.0.1 www.myhome.netgravity.com
127.0.0.1 www.nda.netgravity.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.network-199-95-207-10.doubleclick.net
127.0.0.1 www.network-199-95-207-138.doubleclick.net
127.0.0.1 www.network-199-95-207-148.doubleclick.net
127.0.0.1 www.network-199-95-207-2.doubleclick.net
127.0.0.1 www.network-199-95-207-3.doubleclick.net
127.0.0.1 www.network-199-95-207-4.doubleclick.net
127.0.0.1 www.network-199-95-207-5.doubleclick.net
127.0.0.1 www.network-199-95-207-6.doubleclick.net
127.0.0.1 www.network-199-95-207-7.doubleclick.net
127.0.0.1 www.network-199-95-207-8.doubleclick.net
127.0.0.1 www.network-199-95-207-9.doubleclick.net
127.0.0.1 www.network-199-95-208-10.doubleclick.net
127.0.0.1 www.network-199-95-208-2.doubleclick.net
127.0.0.1 www.network-199-95-208-3.doubleclick.net
127.0.0.1 www.network-199-95-208-4.doubleclick.net
127.0.0.1 www.network-199-95-208-5.doubleclick.net
127.0.0.1 www.network-199-95-208-6.doubleclick.net
127.0.0.1 www.network-199-95-208-7.doubleclick.net
127.0.0.1 www.network-199-95-208-8.doubleclick.net
127.0.0.1 www.network-209-67-38-10.doubleclick.net
127.0.0.1 www.network-209-67-38-2.doubleclick.net
127.0.0.1 www.network-209-67-38-3.doubleclick.net
127.0.0.1 www.network-209-67-38-4.doubleclick.net
127.0.0.1 www.network-209-67-38-5.doubleclick.net
127.0.0.1 www.network-209-67-38-6.doubleclick.net
127.0.0.1 www.network-209-67-38-7.doubleclick.net
127.0.0.1 www.network-209-67-38-8.doubleclick.net
127.0.0.1 www.network-209-67-38-9.doubleclick.net
127.0.0.1 www.news.netgravity.com
127.0.0.1 www.ng-webserver.netgravity.com
127.0.0.1 www.nl.doubleclick.net
127.0.0.1 www.no.doubleclick.net
127.0.0.1 www.ns.doubleclick.net
127.0.0.1 www.ns1.doubleclick.net
127.0.0.1 www.ns2.doubleclick.net
127.0.0.1 www.ny-router.netgravity.com
127.0.0.1 www.ny.netgravity.com
127.0.0.1 www.phase2media.doubleclick.net
127.0.0.1 www.pptp-server.netgravity.com
127.0.0.1 www.pptp.netgravity.com
127.0.0.1 www.proxy.netgravity.com
127.0.0.1 www.rdbox.doubleclick.net
127.0.0.1 www.resolver.doubleclick.net
127.0.0.1 www.sanders.netgravity.com
127.0.0.1 www.se.doubleclick.net
127.0.0.1 www.se1.doubleclick.net
127.0.0.1 www.SITEPAGES.doubleclick.net
127.0.0.1 www.smhq-fe1-0.netgravity.com
127.0.0.1 www.sold.netgravity.com
127.0.0.1 www.suitespot.netgravity.com
127.0.0.1 www.support.netgravity.com
127.0.0.1 www.uk.doubleclick.net
127.0.0.1 www.uk1.doubleclick.net
127.0.0.1 www.us.doubleclick.net
127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
127.0.0.1 www.uunyadgda1.doubleclick.net
127.0.0.1 www.uunyadgds1.doubleclick.net
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www.zac.netgravity.com
127.0.0.1 www.ads1.speedbit.com
127.0.0.1 www.ads2.speedbit.com
127.0.0.1 www.ads3.speedbit.com
127.0.0.1 www3.speedbit.com
127.0.0.1 www.speedbit.com
127.0.0.1 www.54.conducent.com
127.0.0.1 www.addbtest.conducent.com
127.0.0.1 www.addbtest.timesink.com
127.0.0.1 www.addltest.conducent.com
127.0.0.1 www.addltest.timesink.com
127.0.0.1 www.addltestmaster.conducent.com
127.0.0.1 www.adqa.conducent.com
127.0.0.1 www.contentalpha.conducent.com
127.0.0.1 www.contentqa.conducent.com
127.0.0.1 www.contents.conducent.com
127.0.0.1 www.contents1.conducent.com
127.0.0.1 www.contenttest.conducent.com
127.0.0.1 www.digisle.conducent.com
127.0.0.1 www.DNS1.CONDUCENT.COM
127.0.0.1 www.download.timesink.com
127.0.0.1 www.eroom.conducent.com
127.0.0.1 www.firewall.conducent.com
127.0.0.1 www.firewall.timesink.com
127.0.0.1 www.ftp.conducent.com
127.0.0.1 www.hermes.conducent.com
127.0.0.1 www.ip134.conducent.com
127.0.0.1 www.ip134.timesink.com
127.0.0.1 www.Jerry.conducent.com
127.0.0.1 www.mail.conducent.com
127.0.0.1 www.mail.timesink.com
127.0.0.1 www.nandbob.conducent.com
127.0.0.1 www.nid.conducent.com
127.0.0.1 www.nid.timesink.com
127.0.0.1 www.nidinternal.conducent.com
127.0.0.1 www.nidinternal.timesink.com
127.0.0.1 www.nidinternaltest.conducent.com
127.0.0.1 www.nidtest.conducent.com
127.0.0.1 www.nidtest.timesink.com
127.0.0.1 www.nt2.conducent.com
127.0.0.1 www.pop3.conducent.com
127.0.0.1 www.pop3.timesink.com
127.0.0.1 www.proxytest.conducent.com
127.0.0.1 www.pushv5.conducent.com
127.0.0.1 www.redirectqa.conducent.com
127.0.0.1 www.redirects.conducent.com
127.0.0.1 www.redirects.timesink.com
127.0.0.1 www.redirecttest.conducent.com
127.0.0.1 www.smtp.conducent.com
127.0.0.1 www.smtp.timesink.com
127.0.0.1 www.softwares.conducent.com
127.0.0.1 www.softwares.timesink.com
127.0.0.1 www.sterlinga.conducent.com
127.0.0.1 www.sterlingf.conducent.com
127.0.0.1 www.updates2.conducent.com
127.0.0.1 www.updatetest.conducent.com
127.0.0.1 www.warsport.timesink.com
127.0.0.1 www.conducent.com
127.0.0.1 www.test.conducent.com
127.0.0.1 www.test.timesink.com
127.0.0.1 www.zeus.conducent.com
127.0.0.1 www.zeus.timesink.com
127.0.0.1 www.bob.web3000.com
127.0.0.1 www.tasha.web3000.com
127.0.0.1 www1.web3000.com
127.0.0.1 www7.web3000.com
127.0.0.1 www.abbott.radiate.com
127.0.0.1 www.ad2-1.aureate.com
127.0.0.1 www.ad2-2.aureate.com
127.0.0.1 www.ad2-3.aureate.com
127.0.0.1 www.ad2-4.aureate.com
127.0.0.1 www.adam.radiate.com
127.0.0.1 www.adserv2-301-sjc2.radiate.com
127.0.0.1 www.adserv3-408-sjc2.radiate.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.aim.adsoftware.com
127.0.0.1 www.aim.aureate.com
127.0.0.1 www.aim1.adsoftware.com
127.0.0.1 www.aim1.aureate.com
127.0.0.1 www.aim2.adsoftware.com
127.0.0.1 www.aim2.aureate.com
127.0.0.1 www.aim3.adsoftware.com
127.0.0.1 www.aim3.aureate.com
127.0.0.1 www.aim4.adsoftware.com
127.0.0.1 www.aim4.aureate.com
127.0.0.1 www.aim5.adsoftware.com
127.0.0.1 www.aim5.aureate.com
127.0.0.1 www.aim6.adsoftware.com
127.0.0.1 www.alexander.aureate.com
127.0.0.1 www.ans-test.adsoftware.com
127.0.0.1 www.ans1.adsoftware.com
127.0.0.1 www.ans10.adsoftware.com
127.0.0.1 www.ans2.adsoftware.com
127.0.0.1 www.ans3.adsoftware.com
127.0.0.1 www.apc-pdu-1.aureate.com
127.0.0.1 www.apc-pdu-2.aureate.com
127.0.0.1 www.aristotle.aureate.com
127.0.0.1 www.ask-a-chick.com
127.0.0.1 www.aureate-colo-hp2424m.aureate.com
127.0.0.1 www.aureate-main-2611.aureate.com
127.0.0.1 www.aureate.com
127.0.0.1 www.aureatemedia.com
127.0.0.1 www.bach.aureate.com
127.0.0.1 www.bc-208-184-172-192.radiate.com
127.0.0.1 www.bigmama.radiate.com
127.0.0.1 www.binarybliss.com
127.0.0.1 www.bonnie2.radiate.com
127.0.0.1 www.brinks.radiate.com
127.0.0.1 www.brutus.radiate.com
127.0.0.1 www.caesar.aureate.com
127.0.0.1 www.confucius.aureate.com
127.0.0.1 www.constantine.aureate.com
127.0.0.1 www.cook.aureate.com
127.0.0.1 www.copernicus.aureate.com
127.0.0.1 www.corona.radiate.com
127.0.0.1 www.costello.radiate.com
127.0.0.1 www.curly.aureate.com
127.0.0.1 www.cyrus.aureate.com
127.0.0.1 www.deadmanwalking.radiate.com
127.0.0.1 www.dell.radiate.com
127.0.0.1 www.dillinger.aureate.com
127.0.0.1 www.dolphinsfootball.com
127.0.0.1 www.dosequis.radiate.com
127.0.0.1 www.download.binarybliss.com
127.0.0.1 www.foreigner.radiate.com
127.0.0.1 www.freud.aureate.com
127.0.0.1 www.ftp.gozilla.com
127.0.0.1 www.gameboy.aureate.com
127.0.0.1 www.gd1.radiate.com
127.0.0.1 www.gizmo.net
127.0.0.1 www.godzilla.radiate.com
127.0.0.1 www.gozilla.com
127.0.0.1 www.group-mail.com
127.0.0.1 www.gzs-6509.radiate.com
127.0.0.1 www.gzs-7206.radiate.com
127.0.0.1 www.gzs-ld.radiate.com
127.0.0.1 www.h-208-184-172-10.radiate.com
127.0.0.1 www.h-208-184-172-100.radiate.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 ads.x10.com
127.0.0.1 600pics.com
127.0.0.1 doberman.befree.com
127.0.0.1 enews.bfast.com
127.0.0.1 etoys.bfast.com
127.0.0.1 falcon.bfast.com
127.0.0.1 ftp.befree.com
127.0.0.1 ftp.bfast.com
127.0.0.1 geocities.bfast.com
127.0.0.1 goshoppingonline.bfast.com
127.0.0.1 great-dane.befree.com
127.0.0.1 great-dane.bfast.com
127.0.0.1 greyhound.bfast.com
127.0.0.1 help.bfast.com
127.0.0.1 husky.bfast.com
127.0.0.1 images.bfast.com
127.0.0.1 imp.bfast.com
127.0.0.1 njmgt1.bfast.com
127.0.0.1 njmgt2.bfast.com
127.0.0.1 njrep0.bfast.com
127.0.0.1 njrep2.bfast.com
127.0.0.1 njrep1.bfast.com
127.0.0.1 njtxn1.bfast.com
127.0.0.1 otterhound.bfast.com
127.0.0.1 preprod-geocities.bfast.com
127.0.0.1 preprod.bfast.com
127.0.0.1 qwest.bfast.com
127.0.0.1 reporting.net
127.0.0.1 ridgeback.befree.com
127.0.0.1 ridgeback.bfast.com
127.0.0.1 samoyed.bfast.com
127.0.0.1 scrappy.befree.com
127.0.0.1 service.bfast.com
127.0.0.1 travelocity.bfast.com
127.0.0.1 travsoft.bfast.com
127.0.0.1 verisign.bfast.com
127.0.0.1 vulture.bfast.com
127.0.0.1 whippet.bfast.com
127.0.0.1 wolfhound.bfast.com
127.0.0.1 befree.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 abc.bnex.com
127.0.0.1 alpha.bnex.com
127.0.0.1 bnex.com
127.0.0.1 customer.bnex.com
127.0.0.1 db.bnex.com
127.0.0.1 dev.bnex.com
127.0.0.1 do.you.uh.yahoo.at.bnex.com
127.0.0.1 ghost.in.the.shell.at.bnex.com
127.0.0.1 granite.bnex.com
127.0.0.1 intarsia.bnex.com
127.0.0.1 intranet.bnex.com
127.0.0.1 jade.bnex.com
127.0.0.1 malachite.bnex.com
127.0.0.1 marble.bnex.com
127.0.0.1 megastore.bnex.com
127.0.0.1 mosaic.bnex.com
127.0.0.1 ns1.bnex.com
127.0.0.1 ns2.bnex.com
127.0.0.1 onyx.bnex.com
127.0.0.1 orion.bnex.com
127.0.0.1 pebble.bnex.com
127.0.0.1 preview.bnex.com
127.0.0.1 quartz.bnex.com
127.0.0.1 terrazzo.bnex.com
127.0.0.1 vpos.bnex.com
127.0.0.1 ads.bpath.com
127.0.0.1 ads01.bpath.com
127.0.0.1 ads03.bpath.com
127.0.0.1 ads04.bpath.com
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.bpath.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads11.bpath.com
127.0.0.1 ads12.bpath.com
127.0.0.1 ads13.bpath.com
127.0.0.1 ads14.bpath.com
127.0.0.1 ads15.bpath.com
127.0.0.1 ads16.bpath.com
127.0.0.1 ads17.bpath.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ads19.bpath.com
127.0.0.1 ads2.bpath.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.bpath.com
127.0.0.1 ads32.bpath.com
127.0.0.1 ads33.bpath.com
127.0.0.1 ads34.bpath.com
127.0.0.1 ads35.bpath.com
127.0.0.1 ads36.bpath.com
127.0.0.1 ads37.bpath.com
127.0.0.1 ads38.bpath.com
127.0.0.1 ads39.bpath.com
127.0.0.1 ads40.bpath.com
127.0.0.1 ads41.bpath.com
127.0.0.1 ads42.bpath.com
127.0.0.1 ads43.bpath.com
127.0.0.1 ads44.bpath.com
127.0.0.1 ads45.bpath.com
127.0.0.1 ads46.bpath.com
127.0.0.1 ads47.bpath.com
127.0.0.1 ads48.bpath.com
127.0.0.1 ads49.bpath.com
127.0.0.1 ads50.bpath.com
127.0.0.1 ads51.bpath.com
127.0.0.1 ads52.bpath.com
127.0.0.1 bpath.com
127.0.0.1 acim.com
127.0.0.1 commission-junction.com
127.0.0.1 e250a.track4.com
127.0.0.1 fingerhut.track4.com
127.0.0.1 foxy.acim.com
127.0.0.1 foxy.track4.com
127.0.0.1 ftp.acim.com
127.0.0.1 ftp.track4.com
127.0.0.1 gate.acim.com
127.0.0.1 gifttree.track4.com
127.0.0.1 maximizer.acim.com
127.0.0.1 ns1.acim.com
127.0.0.1 ns2.acim.com
127.0.0.1 plum.acim.com
127.0.0.1 sz.track4.com
127.0.0.1 toten.acim.com
127.0.0.1 towerrecords.track4.com
127.0.0.1 track4.com
127.0.0.1 translucent.acim.com
127.0.0.1 1.track4.com
127.0.0.1 2.track4.com
127.0.0.1 3.track4.com
127.0.0.1 3Aad.doubleclick.net
127.0.0.1 aa.doubleclick.net
127.0.0.1 accord.netgravity.com
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.contentzone.com
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.my.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.sq.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad1.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 adcenter1.netgravity.com
127.0.0.1 ADS-SECONDARY.doubleclick.net
127.0.0.1 ads.double-click.com
127.0.0.1 bay-sw-10.netgravity.com
127.0.0.1 bbn-gw.NYC1.doubleclick.net
127.0.0.1 caelum.netgravity.com
127.0.0.1 de1.doubleclick.net
127.0.0.1 demo.netgravity.com
127.0.0.1 double-click.com
127.0.0.1 doubleclick.com
127.0.0.1 doubleclick.net
127.0.0.1 draco.netgravity.com
127.0.0.1 dyson.netgravity.com
127.0.0.1 ecommerce.netgravity.com
127.0.0.1 engpptp.netgravity.com
127.0.0.1 enterprise.netgravity.com
127.0.0.1 exnjadgda1.doubleclick.net
127.0.0.1 exnjadgda2.doubleclick.net
127.0.0.1 exnjadgds1.doubleclick.net
127.0.0.1 exnjmdgda1.doubleclick.net
127.0.0.1 exnjmdgds1.doubleclick.net
127.0.0.1 exodus-gw.EWR1.doubleclick.net
127.0.0.1 fr1.doubleclick.net
127.0.0.1 ftp.netgravity.com
127.0.0.1 gatekeeper.netgravity.com
127.0.0.1 gd20.doubleclick.net
127.0.0.1 gd25.doubleclick.net
127.0.0.1 gd28.doubleclick.net
127.0.0.1 gd4.doubleclick.net
127.0.0.1 gravitychannel.netgravity.com
127.0.0.1 gravityhome.netgravity.com
127.0.0.1 home.netgravity.com
127.0.0.1 In.doubleclick.net
127.0.0.1 joinchannel.netgravity.com
127.0.0.1 jp.doubleclick.net
127.0.0.1 listserver.netgravity.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 lon-router.netgravity.com
127.0.0.1 london.netgravity.com
127.0.0.1 lucian.netgravity.com
127.0.0.1 m.doubleclick.com
127.0.0.1 m.doubleclick.net
127.0.0.1 m2.doubleclick.net
127.0.0.1 MAILEXODUS.doubleclick.net
127.0.0.1 mdist.doubleclick.net
127.0.0.1 mplex-dfa.doubleclick.net
127.0.0.1 myhome.netgravity.com
127.0.0.1 nda.netgravity.com
127.0.0.1 netgravity.com
127.0.0.1 network-199-95-207-10.doubleclick.net
127.0.0.1 network-199-95-207-138.doubleclick.net
127.0.0.1 network-199-95-207-148.doubleclick.net
127.0.0.1 network-199-95-207-2.doubleclick.net
127.0.0.1 network-199-95-207-3.doubleclick.net
127.0.0.1 network-199-95-207-4.doubleclick.net
127.0.0.1 network-199-95-207-5.doubleclick.net
127.0.0.1 network-199-95-207-6.doubleclick.net
127.0.0.1 network-199-95-207-7.doubleclick.net
127.0.0.1 network-199-95-207-8.doubleclick.net
127.0.0.1 network-199-95-207-9.doubleclick.net
127.0.0.1 network-199-95-208-10.doubleclick.net
127.0.0.1 network-199-95-208-2.doubleclick.net
127.0.0.1 network-199-95-208-3.doubleclick.net
127.0.0.1 network-199-95-208-4.doubleclick.net
127.0.0.1 network-199-95-208-5.doubleclick.net
127.0.0.1 network-199-95-208-6.doubleclick.net
127.0.0.1 network-199-95-208-7.doubleclick.net
127.0.0.1 network-199-95-208-8.doubleclick.net
127.0.0.1 network-209-67-38-10.doubleclick.net
127.0.0.1 network-209-67-38-2.doubleclick.net
127.0.0.1 network-209-67-38-3.doubleclick.net
127.0.0.1 network-209-67-38-4.doubleclick.net
127.0.0.1 network-209-67-38-5.doubleclick.net
127.0.0.1 network-209-67-38-6.doubleclick.net
127.0.0.1 network-209-67-38-7.doubleclick.net
127.0.0.1 network-209-67-38-8.doubleclick.net
127.0.0.1 network-209-67-38-9.doubleclick.net
127.0.0.1 news.netgravity.com
127.0.0.1 ng-webserver.netgravity.com
127.0.0.1 nl.doubleclick.net
127.0.0.1 no.doubleclick.net
127.0.0.1 ns.doubleclick.net
127.0.0.1 ns1.doubleclick.net
127.0.0.1 ns2.doubleclick.net
127.0.0.1 ny-router.netgravity.com
127.0.0.1 ny.netgravity.com
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 pptp-server.netgravity.com
127.0.0.1 pptp.netgravity.com
127.0.0.1 proxy.netgravity.com
127.0.0.1 rdbox.doubleclick.net
127.0.0.1 resolver.doubleclick.net
127.0.0.1 sanders.netgravity.com
127.0.0.1 se.doubleclick.net
127.0.0.1 se1.doubleclick.net
127.0.0.1 SITEPAGES.doubleclick.net
127.0.0.1 smhq-fe1-0.netgravity.com
127.0.0.1 sold.netgravity.com
127.0.0.1 suitespot.netgravity.com
127.0.0.1 support.netgravity.com
127.0.0.1 uk.doubleclick.net
127.0.0.1 uk1.doubleclick.net
127.0.0.1 us.doubleclick.net
127.0.0.1 uunet-gw.NYC1.doubleclick.net
127.0.0.1 uunyadgda1.doubleclick.net
127.0.0.1 uunyadgds1.doubleclick.net
127.0.0.1 3.netgravity.com
127.0.0.1 4.netgravity.com
127.0.0.1 zac.netgravity.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 speedbit.com
127.0.0.1 54.conducent.com
127.0.0.1 addbtest.conducent.com
127.0.0.1 addbtest.timesink.com
127.0.0.1 addltest.conducent.com
127.0.0.1 addltest.timesink.com
127.0.0.1 adqa.conducent.com
127.0.0.1 contentalpha.conducent.com
127.0.0.1 contentqa.conducent.com
127.0.0.1 contents.conducent.com
127.0.0.1 contents1.conducent.com
127.0.0.1 contenttest.conducent.com
127.0.0.1 digisle.conducent.com
127.0.0.1 DNS1.CONDUCENT.COM
127.0.0.1 download.timesink.com
127.0.0.1 eroom.conducent.com
127.0.0.1 firewall.conducent.com
127.0.0.1 firewall.timesink.com
127.0.0.1 ftp.conducent.com
127.0.0.1 hermes.conducent.com
127.0.0.1 ip134.conducent.com
127.0.0.1 ip134.timesink.com
127.0.0.1 Jerry.conducent.com
127.0.0.1 mail.conducent.com
127.0.0.1 mail.timesink.com
127.0.0.1 nandbob.conducent.com
127.0.0.1 nid.conducent.com
127.0.0.1 nid.timesink.com
127.0.0.1 nidinternal.conducent.com
127.0.0.1 nidinternal.timesink.com
127.0.0.1 nidinternaltest.conducent.com
127.0.0.1 nidtest.conducent.com
127.0.0.1 nidtest.timesink.com
127.0.0.1 nt2.conducent.com
127.0.0.1 pop3.conducent.com
127.0.0.1 pop3.timesink.com
127.0.0.1 proxytest.conducent.com
127.0.0.1 pushv5.conducent.com
127.0.0.1 redirectqa.conducent.com
127.0.0.1 redirects.conducent.com
127.0.0.1 redirects.timesink.com
127.0.0.1 redirecttest.conducent.com
127.0.0.1 smtp.conducent.com
127.0.0.1 smtp.timesink.com
127.0.0.1 softwares.conducent.com
127.0.0.1 softwares.timesink.com
127.0.0.1 sterlinga.conducent.com
127.0.0.1 sterlingf.conducent.com
127.0.0.1 updates2.conducent.com
127.0.0.1 updatetest.conducent.com
127.0.0.1 warsport.timesink.com
127.0.0.1 conducent.com
127.0.0.1 test.conducent.com
127.0.0.1 test.timesink.com
127.0.0.1 zeus.conducent.com
127.0.0.1 zeus.timesink.com
127.0.0.1 bob.web3000.com
127.0.0.1 tasha.web3000.com
127.0.0.1 web3000.com
127.0.0.1 7.web3000.com
127.0.0.1 abbott.radiate.com
127.0.0.1 ad2-1.aureate.com
127.0.0.1 ad2-2.aureate.com
127.0.0.1 ad2-3.aureate.com
127.0.0.1 ad2-4.aureate.com
127.0.0.1 adam.radiate.com
127.0.0.1 adserv2-301-sjc2.radiate.com
127.0.0.1 adserv3-408-sjc2.radiate.com
127.0.0.1 adsoftware.com
127.0.0.1 aim.adsoftware.com
127.0.0.1 aim.aureate.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim1.aureate.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim2.aureate.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim3.aureate.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim4.aureate.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 aim5.aureate.com
127.0.0.1 aim6.adsoftware.com
127.0.0.1 alexander.aureate.com
127.0.0.1 ans-test.adsoftware.com
127.0.0.1 ans1.adsoftware.com
127.0.0.1 ans10.adsoftware.com
127.0.0.1 ans2.adsoftware.com
127.0.0.1 ans3.adsoftware.com
127.0.0.1 apc-pdu-1.aureate.com
127.0.0.1 apc-pdu-2.aureate.com
127.0.0.1 aristotle.aureate.com
127.0.0.1 ask-a-chick.com
127.0.0.1 aureate-colo-hp2424m.aureate.com
127.0.0.1 aureate-main-2611.aureate.com
127.0.0.1 aureate.com
127.0.0.1 aureatemedia.com
127.0.0.1 bach.aureate.com
127.0.0.1 bc-208-184-172-192.radiate.com
127.0.0.1 bigmama.radiate.com
127.0.0.1 binarybliss.com
127.0.0.1 bonnie2.radiate.com
127.0.0.1 brinks.radiate.com
127.0.0.1 brutus.radiate.com
127.0.0.1 caesar.aureate.com
127.0.0.1 confucius.aureate.com
127.0.0.1 constantine.aureate.com
127.0.0.1 cook.aureate.com
127.0.0.1 copernicus.aureate.com
127.0.0.1 corona.radiate.com
127.0.0.1 costello.radiate.com
127.0.0.1 curly.aureate.com
127.0.0.1 cyrus.aureate.com
127.0.0.1 deadmanwalking.radiate.com
127.0.0.1 dell.radiate.com
127.0.0.1 dillinger.aureate.com
127.0.0.1 dolphinsfootball.com
127.0.0.1 dosequis.radiate.com
127.0.0.1 download.binarybliss.com
127.0.0.1 foreigner.radiate.com
127.0.0.1 freud.aureate.com
127.0.0.1 ftp.gozilla.com
127.0.0.1 gameboy.aureate.com
127.0.0.1 gd1.radiate.com
127.0.0.1 gizmo.net
127.0.0.1 godzilla.radiate.com
127.0.0.1 gozilla.com
127.0.0.1 group-mail.com
127.0.0.1 gzs-6509.radiate.com
127.0.0.1 gzs-7206.radiate.com
127.0.0.1 gzs-ld.radiate.com
127.0.0.1 h-208-184-172-10.radiate.com
127.0.0.1 h-208-184-172-100.radiate.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 www.mm.delfinproject.com
127.0.0.1 http://www.perfectedsecurity.com/
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 www.ads.vitalix.net
127.0.0.1 www.zedo.net

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\IntCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{65A7427A-D63B-4311-BF49-22B47F1B5133}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



DSSDeckard's System Scanner v20070826.66
Run by jimmy on 2007-08-30 22:55:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2007-08-30 21:55:49 UTC - RP347 - Deckard's System Scanner Restore Point
26: 2007-08-30 11:07:04 UTC - RP346 - Software Distribution Service 3.0
25: 2007-08-29 02:01:33 UTC - RP345 - Software Distribution Service 3.0
24: 2007-08-28 10:43:15 UTC - RP344 - Software Distribution Service 3.0
23: 2007-08-27 02:29:08 UTC - RP343 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-08-17 02:00:31 UTC - RP321 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.97 GiB (less than 15%) free.


-- HijackThis (run as jimmy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:12, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\KService\KService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Prog