1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Cant get rid of Popups and blocked pages alerts

Discussion in 'Malware and Virus Removal Archive' started by mattathm, 2007/03/03.

  1. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    Hi all.... Sorry to have to post this thread but it has beat me so far.
    I have a small problem, or maybe several problems.
    I have webpages opening by themsleves popingup all the time, main one is www.winantivirus.com advertising ****
    then my Spysweeper with Antivrus keeps popping up blocked alerts to Ip address's and www.amaena.com
    also when iopen ie7 another window opens (not all the time) www.a.as-eu.falkag.net/dat/dlu/aslframe.html
    but if never quite opens fully.
    AVG popsup TrojanDownloader.zlob and another one (cant remember sorry)
    Also an popup option window discuising its self as a ie option box asking me would i like to install Systemdoctor for free (yeah right) with Ok or Cancel options. when I close the box the ie opens up with systemdoctor webpage.

    I have AVG antivirus free, Webroots Spysweeper with Antivirus, and Vundofix.
    I have searched threads, webpages etc for a while trying different things and I cannot beat this.

    My apps are completely up to date, I have done several scans with items being found, removed, healed, quarantined even vundofix found and removed yet I turn on my computer this morning after doing all that last night and i get the popups and alerts.

    I did a HJT scan, here are the result, please can someone point me in the right direction.
    Thanks in advance
    Matt


    Logfile of HijackThis v1.99.1
    Scan saved at 12:21:44 a.m., on 4/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Hijackthis\Highjack This.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/MyTradeMe/Default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrqnkj.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {D942E58C-1B5F-40D5-BFB5-BDC654DDA33C} - C:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: (no name) - {F11A724D-6E85-4FC3-BA74-98D3E87EFC46} - C:\WINDOWS\system32\ssttq.dll (file missing)
    O2 - BHO: (no name) - {F619F92A-0396-49BA-BD4C-0F7177876ECB} - C:\WINDOWS\system32\vtuts.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe "
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe "
    O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe "
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171744494562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171853486593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O20 - Winlogon Notify: rqrqnkj - C:\WINDOWS\SYSTEM32\rqrqnkj.dll
    O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
    mattathm,
    #1
  2. 2007/03/03
    largecar193

    largecar193 Inactive

    Joined:
    2007/03/03
    Messages:
    8
    Likes Received:
    0
    hey mattathm just download smitfraudfix and follow the directions it worked for me.:)
     
    largecar193,
    #2


  3. to hide this advert.

  4. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    smidtfraud check

    thanks.... I have d/l that and ran it here is the results.
    I didnt do a clean as yet as Im not sure what im cleaning. it says not infected.

    SmitFraudFix v2.147

    Scan done at 10:42:14.46, Sun 04/03/2007
    Run from C:\Documents and Settings\Matthew Miller\My Documents\My Received Files\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matthew Miller


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Matthew Miller\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MATTHE~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    mattathm,
    #3
  5. 2007/03/03
    largecar193

    largecar193 Inactive

    Joined:
    2007/03/03
    Messages:
    8
    Likes Received:
    0
    hey mat I just went through with the cleaning anyway and it worked and I didnt loose anything that wininet thing seems to be the colpret
     
    largecar193,
    #4
  6. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    Report after smitfraud clean

    SmitFraudFix v2.147
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process
    »»»»»»»»»»»»»»»»»»»»»»»» hosts
    127.0.0.1 www.test.com
    127.0.0.1 www.ads.x10.com
    127.0.0.1 www.600pics.com
    127.0.0.1 www.doberman.befree.com
    127.0.0.1 www.enews.bfast.com
    127.0.0.1 www.etoys.bfast.com
    127.0.0.1 www.falcon.bfast.com
    127.0.0.1 www.ftp.befree.com
    127.0.0.1 www.ftp.bfast.com
    127.0.0.1 www.geocities.bfast.com
    127.0.0.1 www.goshoppingonline.bfast.com
    127.0.0.1 www.great-dane.befree.com
    127.0.0.1 www.great-dane.bfast.com
    127.0.0.1 www.greyhound.bfast.com
    127.0.0.1 www.help.bfast.com
    127.0.0.1 www.husky.bfast.com
    127.0.0.1 www.images.bfast.com
    127.0.0.1 www.imp.bfast.com
    127.0.0.1 www.njmgt1.bfast.com
    127.0.0.1 www.njmgt2.bfast.com
    127.0.0.1 www.njrep0.bfast.com
    127.0.0.1 www.njrep1.bfast.com
    127.0.0.1 www.njrep2.bfast.com
    127.0.0.1 www.njtxn1.bfast.com
    127.0.0.1 www.otterhound.bfast.com
    127.0.0.1 www.preprod-geocities.bfast.com
    127.0.0.1 www.preprod.bfast.com
    127.0.0.1 www.qwest.bfast.com
    127.0.0.1 www.reporting.net
    127.0.0.1 www.ridgeback.befree.com
    127.0.0.1 www.ridgeback.bfast.com
    127.0.0.1 www.samoyed.bfast.com
    127.0.0.1 www.scrappy.befree.com
    127.0.0.1 www.service.bfast.com
    127.0.0.1 www.travelocity.bfast.com
    127.0.0.1 www.travsoft.bfast.com
    127.0.0.1 www.verisign.bfast.com
    127.0.0.1 www.vulture.bfast.com
    127.0.0.1 www.whippet.bfast.com
    127.0.0.1 www.wolfhound.bfast.com
    127.0.0.1 www.befree.com
    127.0.0.1 www.s0.bluestreak.com
    127.0.0.1 www.s1.bluestreak.com
    127.0.0.1 www.s2.bluestreak.com
    127.0.0.1 www.s3.bluestreak.com
    127.0.0.1 www.s4.bluestreak.com
    127.0.0.1 www.s5.bluestreak.com
    127.0.0.1 www.s6.bluestreak.com
    127.0.0.1 www.s7.bluestreak.com
    127.0.0.1 www.s8.bluestreak.com
    127.0.0.1 www.abc.bnex.com
    127.0.0.1 www.alpha.bnex.com
    127.0.0.1 www.bnex.com
    127.0.0.1 www.customer.bnex.com
    127.0.0.1 www.db.bnex.com
    127.0.0.1 www.dev.bnex.com
    127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
    127.0.0.1 www.ghost.in.the.shell.at.bnex.com
    127.0.0.1 www.granite.bnex.com
    127.0.0.1 www.intarsia.bnex.com
    127.0.0.1 www.intranet.bnex.com
    127.0.0.1 www.jade.bnex.com
    127.0.0.1 www.malachite.bnex.com
    127.0.0.1 www.marble.bnex.com
    127.0.0.1 www.megastore.bnex.com
    127.0.0.1 www.mosaic.bnex.com
    127.0.0.1 www.ns1.bnex.com
    127.0.0.1 www.ns2.bnex.com
    127.0.0.1 www.onyx.bnex.com
    127.0.0.1 www.orion.bnex.com
    127.0.0.1 www.pebble.bnex.com
    127.0.0.1 www.preview.bnex.com
    127.0.0.1 www.quartz.bnex.com
    127.0.0.1 www.terrazzo.bnex.com
    127.0.0.1 www.vpos.bnex.com
    127.0.0.1 www.www.bnex.com
    127.0.0.1 www.ads.bpath.com
    127.0.0.1 www.ads01.bpath.com
    127.0.0.1 www.ads03.bpath.com
    127.0.0.1 www.ads04.bpath.com
    127.0.0.1 www.ads05.bpath.com
    127.0.0.1 www.ads06.bpath.com
    127.0.0.1 www.ads07.bpath.com
    127.0.0.1 www.ads08.bpath.com
    127.0.0.1 www.ads09.bpath.com
    127.0.0.1 www.ads1.bpath.com
    127.0.0.1 www.ads10.bpath.com
    127.0.0.1 www.ads11.bpath.com
    127.0.0.1 www.ads12.bpath.com
    127.0.0.1 www.ads13.bpath.com
    127.0.0.1 www.ads14.bpath.com
    127.0.0.1 www.ads15.bpath.com
    127.0.0.1 www.ads16.bpath.com
    127.0.0.1 www.ads17.bpath.com
    127.0.0.1 www.ads18.bpath.com
    127.0.0.1 www.ads19.bpath.com
    127.0.0.1 www.ads2.bpath.com
    127.0.0.1 www.ads20.bpath.com
    127.0.0.1 www.ads21.bpath.com
    127.0.0.1 www.ads22.bpath.com
    127.0.0.1 www.ads23.bpath.com
    127.0.0.1 www.ads24.bpath.com
    127.0.0.1 www.ads25.bpath.com
    127.0.0.1 www.ads26.bpath.com
    127.0.0.1 www.ads27.bpath.com
    127.0.0.1 www.ads28.bpath.com
    127.0.0.1 www.ads29.bpath.com
    127.0.0.1 www.ads3.bpath.com
    127.0.0.1 www.ads32.bpath.com
    127.0.0.1 www.ads33.bpath.com
    127.0.0.1 www.ads34.bpath.com
    127.0.0.1 www.ads35.bpath.com
    127.0.0.1 www.ads36.bpath.com
    127.0.0.1 www.ads37.bpath.com
    127.0.0.1 www.ads38.bpath.com
    127.0.0.1 www.ads39.bpath.com
    127.0.0.1 www.ads40.bpath.com
    127.0.0.1 www.ads41.bpath.com
    127.0.0.1 www.ads42.bpath.com
    127.0.0.1 www.ads43.bpath.com
    127.0.0.1 www.ads44.bpath.com
    127.0.0.1 www.ads45.bpath.com
    127.0.0.1 www.ads46.bpath.com
    127.0.0.1 www.ads47.bpath.com
    127.0.0.1 www.ads48.bpath.com
    127.0.0.1 www.ads49.bpath.com
    127.0.0.1 www.ads50.bpath.com
    127.0.0.1 www.ads51.bpath.com
    127.0.0.1 www.ads52.bpath.com
    127.0.0.1 www.bpath.com
    127.0.0.1 www.www.bpath.com
    127.0.0.1 www.acim.com
    127.0.0.1 www.commission-junction.com
    127.0.0.1 www.e250a.track4.com
    127.0.0.1 www.fingerhut.track4.com
    127.0.0.1 www.foxy.acim.com
    127.0.0.1 www.foxy.track4.com
    127.0.0.1 www.ftp.acim.com
    127.0.0.1 www.ftp.track4.com
    127.0.0.1 www.gate.acim.com
    127.0.0.1 www.gifttree.track4.com
    127.0.0.1 www.maximizer.acim.com
    127.0.0.1 www.ns1.acim.com
    127.0.0.1 www.ns2.acim.com
    127.0.0.1 www.plum.acim.com
    127.0.0.1 www.sz.track4.com
    127.0.0.1 www.toten.acim.com
    127.0.0.1 www.towerrecords.track4.com
    127.0.0.1 www.track4.com
    127.0.0.1 www.translucent.acim.com
    127.0.0.1 www.www.acim.com
    127.0.0.1 www1.track4.com
    127.0.0.1 www2.track4.com
    127.0.0.1 www3.track4.com
    127.0.0.1 www.3Aad.doubleclick.net
    127.0.0.1 www.aa.doubleclick.net
    127.0.0.1 www.accord.netgravity.com
    127.0.0.1 www.ad.au.doubleclick.net
    127.0.0.1 www.ad.br.doubleclick.net
    127.0.0.1 www.ad.ca.doubleclick.net
    127.0.0.1 www.ad.contentzone.com
    127.0.0.1 www.ad.de.doubleclick.net
    127.0.0.1 www.ad.doubleclick.com
    127.0.0.1 www.ad.es.doubleclick.net
    127.0.0.1 www.ad.fi.doubleclick.net
    127.0.0.1 www.ad.fr.doubleclick.net
    127.0.0.1 www.ad.it.doubleclick.net
    127.0.0.1 www.ad.jp.doubleclick.net
    127.0.0.1 www.ad.my.doubleclick.net
    127.0.0.1 www.ad.nl.doubleclick.net
    127.0.0.1 www.ad.no.doubleclick.net
    127.0.0.1 www.ad.pt.doubleclick.net
    127.0.0.1 www.ad.se.doubleclick.net
    127.0.0.1 www.ad.sg.doubleclick.net
    127.0.0.1 www.ad.sq.doubleclick.net
    127.0.0.1 www.ad.uk.doubleclick.net
    127.0.0.1 www.ad.us.doubleclick.net
    127.0.0.1 www.ad1.doubleclick.net
    127.0.0.1 www.ad2.doubleclick.net
    127.0.0.1 www.ad3.doubleclick.net
    127.0.0.1 www.adcenter1.netgravity.com
    127.0.0.1 www.ADS-SECONDARY.doubleclick.net
    127.0.0.1 www.ads.double-click.com
    127.0.0.1 www.bay-sw-10.netgravity.com
    127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
    127.0.0.1 www.caelum.netgravity.com
    127.0.0.1 www.de1.doubleclick.net
    127.0.0.1 www.demo.netgravity.com
    127.0.0.1 www.double-click.com
    127.0.0.1 www.doubleclick.com
    127.0.0.1 www.doubleclick.net
    127.0.0.1 www.draco.netgravity.com
    127.0.0.1 www.dyson.netgravity.com
    127.0.0.1 www.ecommerce.netgravity.com
    127.0.0.1 www.engpptp.netgravity.com
    127.0.0.1 www.enterprise.netgravity.com
    127.0.0.1 www.exnjadgda1.doubleclick.net
    127.0.0.1 www.exnjadgda2.doubleclick.net
    127.0.0.1 www.exnjadgds1.doubleclick.net
    127.0.0.1 www.exnjmdgda1.doubleclick.net
    127.0.0.1 www.exnjmdgds1.doubleclick.net
    127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
    127.0.0.1 www.fr1.doubleclick.net
    127.0.0.1 www.ftp.netgravity.com
    127.0.0.1 www.gatekeeper.netgravity.com
    127.0.0.1 www.gd20.doubleclick.net
    127.0.0.1 www.gd25.doubleclick.net
    127.0.0.1 www.gd28.doubleclick.net
    127.0.0.1 www.gd4.doubleclick.net
    127.0.0.1 www.gravitychannel.netgravity.com
    127.0.0.1 www.gravityhome.netgravity.com
    127.0.0.1 www.home.netgravity.com
    127.0.0.1 www.In.doubleclick.net
    127.0.0.1 www.joinchannel.netgravity.com
    127.0.0.1 www.jp.doubleclick.net
    127.0.0.1 www.listserver.netgravity.com
    127.0.0.1 www.ln.doubleclick.net
    127.0.0.1 www.lon-router.netgravity.com
    127.0.0.1 www.london.netgravity.com
    127.0.0.1 www.lucian.netgravity.com
    127.0.0.1 www.m.doubleclick.com
    127.0.0.1 www.m.doubleclick.net
    127.0.0.1 www.m2.doubleclick.net
    127.0.0.1 www.MAILEXODUS.doubleclick.net
    127.0.0.1 www.mdist.doubleclick.net
    127.0.0.1 www.mplex-dfa.doubleclick.net
    127.0.0.1 www.myhome.netgravity.com
    127.0.0.1 www.nda.netgravity.com
    127.0.0.1 www.netgravity.com
    127.0.0.1 www.network-199-95-207-10.doubleclick.net
    127.0.0.1 www.network-199-95-207-138.doubleclick.net
    127.0.0.1 www.network-199-95-207-148.doubleclick.net
    127.0.0.1 www.network-199-95-207-2.doubleclick.net
    127.0.0.1 www.network-199-95-207-3.doubleclick.net
    127.0.0.1 www.network-199-95-207-4.doubleclick.net
    127.0.0.1 www.network-199-95-207-5.doubleclick.net
    127.0.0.1 www.network-199-95-207-6.doubleclick.net
    127.0.0.1 www.network-199-95-207-7.doubleclick.net
    127.0.0.1 www.network-199-95-207-8.doubleclick.net
    127.0.0.1 www.network-199-95-207-9.doubleclick.net
    127.0.0.1 www.network-199-95-208-10.doubleclick.net
    127.0.0.1 www.network-199-95-208-2.doubleclick.net
    127.0.0.1 www.network-199-95-208-3.doubleclick.net
    127.0.0.1 www.network-199-95-208-4.doubleclick.net
    127.0.0.1 www.network-199-95-208-5.doubleclick.net
    127.0.0.1 www.network-199-95-208-6.doubleclick.net
    127.0.0.1 www.network-199-95-208-7.doubleclick.net
    127.0.0.1 www.network-199-95-208-8.doubleclick.net
    127.0.0.1 www.network-209-67-38-10.doubleclick.net
    127.0.0.1 www.network-209-67-38-2.doubleclick.net
    127.0.0.1 www.network-209-67-38-3.doubleclick.net
    127.0.0.1 www.network-209-67-38-4.doubleclick.net
    127.0.0.1 www.network-209-67-38-5.doubleclick.net
    127.0.0.1 www.network-209-67-38-6.doubleclick.net
    127.0.0.1 www.network-209-67-38-7.doubleclick.net
    127.0.0.1 www.network-209-67-38-8.doubleclick.net
    127.0.0.1 www.network-209-67-38-9.doubleclick.net
    127.0.0.1 www.news.netgravity.com
    127.0.0.1 www.ng-webserver.netgravity.com
    127.0.0.1 www.nl.doubleclick.net
    127.0.0.1 www.no.doubleclick.net
    127.0.0.1 www.ns.doubleclick.net
    127.0.0.1 www.ns1.doubleclick.net
    127.0.0.1 www.ns2.doubleclick.net
    127.0.0.1 www.ny-router.netgravity.com
    127.0.0.1 www.ny.netgravity.com
    127.0.0.1 www.phase2media.doubleclick.net
    127.0.0.1 www.pptp-server.netgravity.com
    127.0.0.1 www.pptp.netgravity.com
    127.0.0.1 www.proxy.netgravity.com
    127.0.0.1 www.rdbox.doubleclick.net
    127.0.0.1 www.resolver.doubleclick.net
    127.0.0.1 www.sanders.netgravity.com
    127.0.0.1 www.se.doubleclick.net
    127.0.0.1 www.se1.doubleclick.net
    127.0.0.1 www.SITEPAGES.doubleclick.net
    127.0.0.1 www.smhq-fe1-0.netgravity.com
    127.0.0.1 www.sold.netgravity.com
    127.0.0.1 www.suitespot.netgravity.com
    127.0.0.1 www.support.netgravity.com
    127.0.0.1 www.uk.doubleclick.net
    127.0.0.1 www.uk1.doubleclick.net
    127.0.0.1 www.us.doubleclick.net
    127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
    127.0.0.1 www.uunyadgda1.doubleclick.net
    127.0.0.1 www.uunyadgds1.doubleclick.net
    127.0.0.1 www3.netgravity.com
    127.0.0.1 www4.netgravity.com
    127.0.0.1 www.zac.netgravity.com
    127.0.0.1 www.ads1.speedbit.com
    127.0.0.1 www.ads2.speedbit.com
    127.0.0.1 www.ads3.speedbit.com
    127.0.0.1 www3.speedbit.com
    127.0.0.1 www.speedbit.com
    127.0.0.1 www.54.conducent.com
    127.0.0.1 www.addbtest.conducent.com
    127.0.0.1 www.addbtest.timesink.com
    127.0.0.1 www.addltest.conducent.com
    127.0.0.1 www.addltest.timesink.com
    127.0.0.1 www.addltestmaster.conducent.com
    127.0.0.1 www.adqa.conducent.com
    127.0.0.1 www.contentalpha.conducent.com
    127.0.0.1 www.contentqa.conducent.com
    127.0.0.1 www.contents.conducent.com
    127.0.0.1 www.contents1.conducent.com
    127.0.0.1 www.contenttest.conducent.com
    127.0.0.1 www.digisle.conducent.com
    127.0.0.1 www.DNS1.CONDUCENT.COM
    127.0.0.1 www.download.timesink.com
    127.0.0.1 www.eroom.conducent.com
    127.0.0.1 www.firewall.conducent.com
    127.0.0.1 www.firewall.timesink.com
    127.0.0.1 www.ftp.conducent.com
    127.0.0.1 www.hermes.conducent.com
    127.0.0.1 www.ip134.conducent.com
    127.0.0.1 www.ip134.timesink.com
    127.0.0.1 www.Jerry.conducent.com
    127.0.0.1 www.mail.conducent.com
    127.0.0.1 www.mail.timesink.com
    127.0.0.1 www.nandbob.conducent.com
    127.0.0.1 www.nid.conducent.com
    127.0.0.1 www.nid.timesink.com
    127.0.0.1 www.nidinternal.conducent.com
    127.0.0.1 www.nidinternal.timesink.com
    127.0.0.1 www.nidinternaltest.conducent.com
    127.0.0.1 www.nidtest.conducent.com
    127.0.0.1 www.nidtest.timesink.com
    127.0.0.1 www.nt2.conducent.com
    127.0.0.1 www.pop3.conducent.com
    127.0.0.1 www.pop3.timesink.com
    127.0.0.1 www.proxytest.conducent.com
    127.0.0.1 www.pushv5.conducent.com
    127.0.0.1 www.redirectqa.conducent.com
    127.0.0.1 www.redirects.conducent.com
    127.0.0.1 www.redirects.timesink.com
    127.0.0.1 www.redirecttest.conducent.com
    127.0.0.1 www.smtp.conducent.com
    127.0.0.1 www.smtp.timesink.com
    127.0.0.1 www.softwares.conducent.com
    127.0.0.1 www.softwares.timesink.com
    127.0.0.1 www.sterlinga.conducent.com
    127.0.0.1 www.sterlingf.conducent.com
    127.0.0.1 www.updates2.conducent.com
    127.0.0.1 www.updatetest.conducent.com
    127.0.0.1 www.warsport.timesink.com
    127.0.0.1 www.conducent.com
    127.0.0.1 www.test.conducent.com
    127.0.0.1 www.test.timesink.com
    127.0.0.1 www.zeus.conducent.com
    127.0.0.1 www.zeus.timesink.com
    127.0.0.1 www.bob.web3000.com
    127.0.0.1 www.tasha.web3000.com
    127.0.0.1 www1.web3000.com
    127.0.0.1 www7.web3000.com
    127.0.0.1 www.abbott.radiate.com
    127.0.0.1 www.ad2-1.aureate.com
    127.0.0.1 www.ad2-2.aureate.com
    127.0.0.1 www.ad2-3.aureate.com
    127.0.0.1 www.ad2-4.aureate.com
    127.0.0.1 www.adam.radiate.com
    127.0.0.1 www.adserv2-301-sjc2.radiate.com
    127.0.0.1 www.adserv3-408-sjc2.radiate.com
    127.0.0.1 www.adsoftware.com
    127.0.0.1 www.aim.adsoftware.com
    127.0.0.1 www.aim.aureate.com
    127.0.0.1 www.aim1.adsoftware.com
    127.0.0.1 www.aim1.aureate.com
    127.0.0.1 www.aim2.adsoftware.com
    127.0.0.1 www.aim2.aureate.com
    127.0.0.1 www.aim3.adsoftware.com
    127.0.0.1 www.aim3.aureate.com
    127.0.0.1 www.aim4.adsoftware.com
    127.0.0.1 www.aim4.aureate.com
    127.0.0.1 www.aim5.adsoftware.com
    127.0.0.1 www.aim5.aureate.com
    127.0.0.1 www.aim6.adsoftware.com
    127.0.0.1 www.alexander.aureate.com
    127.0.0.1 www.ans-test.adsoftware.com
    127.0.0.1 www.ans1.adsoftware.com
    127.0.0.1 www.ans10.adsoftware.com
    127.0.0.1 www.ans2.adsoftware.com
    127.0.0.1 www.ans3.adsoftware.com
    127.0.0.1 www.apc-pdu-1.aureate.com
    127.0.0.1 www.apc-pdu-2.aureate.com
    127.0.0.1 www.aristotle.aureate.com
    127.0.0.1 www.ask-a-chick.com
    127.0.0.1 www.aureate-colo-hp2424m.aureate.com
    127.0.0.1 www.aureate-main-2611.aureate.com
    127.0.0.1 www.aureate.com
    127.0.0.1 www.aureatemedia.com
    127.0.0.1 www.bach.aureate.com
    127.0.0.1 www.bc-208-184-172-192.radiate.com
    127.0.0.1 www.bigmama.radiate.com
    127.0.0.1 www.binarybliss.com
    127.0.0.1 www.bonnie2.radiate.com
    127.0.0.1 www.brinks.radiate.com
    127.0.0.1 www.brutus.radiate.com
    127.0.0.1 www.caesar.aureate.com
    127.0.0.1 www.confucius.aureate.com
    127.0.0.1 www.constantine.aureate.com
    127.0.0.1 www.cook.aureate.com
    127.0.0.1 www.copernicus.aureate.com
    127.0.0.1 www.corona.radiate.com
    127.0.0.1 www.costello.radiate.com
    127.0.0.1 www.curly.aureate.com
    127.0.0.1 www.cyrus.aureate.com
    127.0.0.1 www.deadmanwalking.radiate.com
    127.0.0.1 www.dell.radiate.com
    127.0.0.1 www.dillinger.aureate.com
    127.0.0.1 www.dolphinsfootball.com
    127.0.0.1 www.dosequis.radiate.com
    127.0.0.1 www.download.binarybliss.com
    127.0.0.1 www.foreigner.radiate.com
    127.0.0.1 www.freud.aureate.com
    127.0.0.1 www.ftp.gozilla.com
    127.0.0.1 www.gameboy.aureate.com
    127.0.0.1 www.gd1.radiate.com
    127.0.0.1 www.gizmo.net
    127.0.0.1 www.godzilla.radiate.com
    127.0.0.1 www.gozilla.com
    127.0.0.1 www.group-mail.com
    127.0.0.1 www.gzs-6509.radiate.com
    127.0.0.1 www.gzs-7206.radiate.com
    127.0.0.1 www.gzs-ld.radiate.com
    127.0.0.1 www.h-208-184-172-10.radiate.com
    127.0.0.1 www.h-208-184-172-100.radiate.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 ads.x10.com
    127.0.0.1 600pics.com
    127.0.0.1 doberman.befree.com
    127.0.0.1 enews.bfast.com
    127.0.0.1 etoys.bfast.com
    127.0.0.1 falcon.bfast.com
    127.0.0.1 ftp.befree.com
    127.0.0.1 ftp.bfast.com
    127.0.0.1 geocities.bfast.com
    127.0.0.1 goshoppingonline.bfast.com
    127.0.0.1 great-dane.befree.com
    127.0.0.1 great-dane.bfast.com
    127.0.0.1 greyhound.bfast.com
    127.0.0.1 help.bfast.com
    127.0.0.1 husky.bfast.com
    127.0.0.1 images.bfast.com
    127.0.0.1 imp.bfast.com
    127.0.0.1 njmgt1.bfast.com
    127.0.0.1 njmgt2.bfast.com
    127.0.0.1 njrep0.bfast.com
    127.0.0.1 njrep2.bfast.com
    127.0.0.1 njrep1.bfast.com
    127.0.0.1 njtxn1.bfast.com
    127.0.0.1 otterhound.bfast.com
    127.0.0.1 preprod-geocities.bfast.com
    127.0.0.1 preprod.bfast.com
    127.0.0.1 qwest.bfast.com
    127.0.0.1 reporting.net

    2nd 1/2 coming (governed by website characters allowed in 1 posting)
     
    mattathm,
    #5
  7. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    2nd half

    127.0.0.1 ridgeback.befree.com
    127.0.0.1 ridgeback.bfast.com
    127.0.0.1 samoyed.bfast.com
    127.0.0.1 scrappy.befree.com
    127.0.0.1 service.bfast.com
    127.0.0.1 travelocity.bfast.com
    127.0.0.1 travsoft.bfast.com
    127.0.0.1 verisign.bfast.com
    127.0.0.1 vulture.bfast.com
    127.0.0.1 whippet.bfast.com
    127.0.0.1 wolfhound.bfast.com
    127.0.0.1 befree.com
    127.0.0.1 s0.bluestreak.com
    127.0.0.1 s1.bluestreak.com
    127.0.0.1 s2.bluestreak.com
    127.0.0.1 s3.bluestreak.com
    127.0.0.1 s4.bluestreak.com
    127.0.0.1 s5.bluestreak.com
    127.0.0.1 s6.bluestreak.com
    127.0.0.1 s7.bluestreak.com
    127.0.0.1 s8.bluestreak.com
    127.0.0.1 abc.bnex.com
    127.0.0.1 alpha.bnex.com
    127.0.0.1 bnex.com
    127.0.0.1 customer.bnex.com
    127.0.0.1 db.bnex.com
    127.0.0.1 dev.bnex.com
    127.0.0.1 do.you.uh.yahoo.at.bnex.com
    127.0.0.1 ghost.in.the.shell.at.bnex.com
    127.0.0.1 granite.bnex.com
    127.0.0.1 intarsia.bnex.com
    127.0.0.1 intranet.bnex.com
    127.0.0.1 jade.bnex.com
    127.0.0.1 malachite.bnex.com
    127.0.0.1 marble.bnex.com
    127.0.0.1 megastore.bnex.com
    127.0.0.1 mosaic.bnex.com
    127.0.0.1 ns1.bnex.com
    127.0.0.1 ns2.bnex.com
    127.0.0.1 onyx.bnex.com
    127.0.0.1 orion.bnex.com
    127.0.0.1 pebble.bnex.com
    127.0.0.1 preview.bnex.com
    127.0.0.1 quartz.bnex.com
    127.0.0.1 terrazzo.bnex.com
    127.0.0.1 vpos.bnex.com
    127.0.0.1 ads.bpath.com
    127.0.0.1 ads01.bpath.com
    127.0.0.1 ads03.bpath.com
    127.0.0.1 ads04.bpath.com
    127.0.0.1 ads05.bpath.com
    127.0.0.1 ads06.bpath.com
    127.0.0.1 ads07.bpath.com
    127.0.0.1 ads08.bpath.com
    127.0.0.1 ads09.bpath.com
    127.0.0.1 ads1.bpath.com
    127.0.0.1 ads10.bpath.com
    127.0.0.1 ads11.bpath.com
    127.0.0.1 ads12.bpath.com
    127.0.0.1 ads13.bpath.com
    127.0.0.1 ads14.bpath.com
    127.0.0.1 ads15.bpath.com
    127.0.0.1 ads16.bpath.com
    127.0.0.1 ads17.bpath.com
    127.0.0.1 ads18.bpath.com
    127.0.0.1 ads19.bpath.com
    127.0.0.1 ads2.bpath.com
    127.0.0.1 ads20.bpath.com
    127.0.0.1 ads21.bpath.com
    127.0.0.1 ads22.bpath.com
    127.0.0.1 ads23.bpath.com
    127.0.0.1 ads24.bpath.com
    127.0.0.1 ads25.bpath.com
    127.0.0.1 ads26.bpath.com
    127.0.0.1 ads27.bpath.com
    127.0.0.1 ads28.bpath.com
    127.0.0.1 ads29.bpath.com
    127.0.0.1 ads3.bpath.com
    127.0.0.1 ads32.bpath.com
    127.0.0.1 ads33.bpath.com
    127.0.0.1 ads34.bpath.com
    127.0.0.1 ads35.bpath.com
    127.0.0.1 ads36.bpath.com
    127.0.0.1 ads37.bpath.com
    127.0.0.1 ads38.bpath.com
    127.0.0.1 ads39.bpath.com
    127.0.0.1 ads40.bpath.com
    127.0.0.1 ads41.bpath.com
    127.0.0.1 ads42.bpath.com
    127.0.0.1 ads43.bpath.com
    127.0.0.1 ads44.bpath.com
    127.0.0.1 ads45.bpath.com
    127.0.0.1 ads46.bpath.com
    127.0.0.1 ads47.bpath.com
    127.0.0.1 ads48.bpath.com
    127.0.0.1 ads49.bpath.com
    127.0.0.1 ads50.bpath.com
    127.0.0.1 ads51.bpath.com
    127.0.0.1 ads52.bpath.com
    127.0.0.1 bpath.com
    127.0.0.1 acim.com
    127.0.0.1 commission-junction.com
    127.0.0.1 e250a.track4.com
    127.0.0.1 fingerhut.track4.com
    127.0.0.1 foxy.acim.com
    127.0.0.1 foxy.track4.com
    127.0.0.1 ftp.acim.com
    127.0.0.1 ftp.track4.com
    127.0.0.1 gate.acim.com
    127.0.0.1 gifttree.track4.com
    127.0.0.1 maximizer.acim.com
    127.0.0.1 ns1.acim.com
    127.0.0.1 ns2.acim.com
    127.0.0.1 plum.acim.com
    127.0.0.1 sz.track4.com
    127.0.0.1 toten.acim.com
    127.0.0.1 towerrecords.track4.com
    127.0.0.1 track4.com
    127.0.0.1 translucent.acim.com
    127.0.0.1 1.track4.com
    127.0.0.1 2.track4.com
    127.0.0.1 3.track4.com
    127.0.0.1 3Aad.doubleclick.net
    127.0.0.1 aa.doubleclick.net
    127.0.0.1 accord.netgravity.com
    127.0.0.1 ad.au.doubleclick.net
    127.0.0.1 ad.br.doubleclick.net
    127.0.0.1 ad.ca.doubleclick.net
    127.0.0.1 ad.contentzone.com
    127.0.0.1 ad.de.doubleclick.net
    127.0.0.1 ad.doubleclick.com
    127.0.0.1 ad.es.doubleclick.net
    127.0.0.1 ad.fi.doubleclick.net
    127.0.0.1 ad.fr.doubleclick.net
    127.0.0.1 ad.it.doubleclick.net
    127.0.0.1 ad.jp.doubleclick.net
    127.0.0.1 ad.my.doubleclick.net
    127.0.0.1 ad.nl.doubleclick.net
    127.0.0.1 ad.no.doubleclick.net
    127.0.0.1 ad.pt.doubleclick.net
    127.0.0.1 ad.se.doubleclick.net
    127.0.0.1 ad.sg.doubleclick.net
    127.0.0.1 ad.sq.doubleclick.net
    127.0.0.1 ad.uk.doubleclick.net
    127.0.0.1 ad.us.doubleclick.net
    127.0.0.1 ad1.doubleclick.net
    127.0.0.1 ad2.doubleclick.net
    127.0.0.1 ad3.doubleclick.net
    127.0.0.1 adcenter1.netgravity.com
    127.0.0.1 ADS-SECONDARY.doubleclick.net
    127.0.0.1 ads.double-click.com
    127.0.0.1 bay-sw-10.netgravity.com
    127.0.0.1 bbn-gw.NYC1.doubleclick.net
    127.0.0.1 caelum.netgravity.com
    127.0.0.1 de1.doubleclick.net
    127.0.0.1 demo.netgravity.com
    127.0.0.1 double-click.com
    127.0.0.1 doubleclick.com
    127.0.0.1 doubleclick.net
    127.0.0.1 draco.netgravity.com
    127.0.0.1 dyson.netgravity.com
    127.0.0.1 ecommerce.netgravity.com
    127.0.0.1 engpptp.netgravity.com
    127.0.0.1 enterprise.netgravity.com
    127.0.0.1 exnjadgda1.doubleclick.net
    127.0.0.1 exnjadgda2.doubleclick.net
    127.0.0.1 exnjadgds1.doubleclick.net
    127.0.0.1 exnjmdgda1.doubleclick.net
    127.0.0.1 exnjmdgds1.doubleclick.net
    127.0.0.1 exodus-gw.EWR1.doubleclick.net
    127.0.0.1 fr1.doubleclick.net
    127.0.0.1 ftp.netgravity.com
    127.0.0.1 gatekeeper.netgravity.com
    127.0.0.1 gd20.doubleclick.net
    127.0.0.1 gd25.doubleclick.net
    127.0.0.1 gd28.doubleclick.net
    127.0.0.1 gd4.doubleclick.net
    127.0.0.1 gravitychannel.netgravity.com
    127.0.0.1 gravityhome.netgravity.com
    127.0.0.1 home.netgravity.com
    127.0.0.1 In.doubleclick.net
    127.0.0.1 joinchannel.netgravity.com
    127.0.0.1 jp.doubleclick.net
    127.0.0.1 listserver.netgravity.com
    127.0.0.1 ln.doubleclick.net
    127.0.0.1 lon-router.netgravity.com
    127.0.0.1 london.netgravity.com
    127.0.0.1 lucian.netgravity.com
    127.0.0.1 m.doubleclick.com
    127.0.0.1 m.doubleclick.net
    127.0.0.1 m2.doubleclick.net
    127.0.0.1 MAILEXODUS.doubleclick.net
    127.0.0.1 mdist.doubleclick.net
    127.0.0.1 mplex-dfa.doubleclick.net
    127.0.0.1 myhome.netgravity.com
    127.0.0.1 nda.netgravity.com
    127.0.0.1 netgravity.com
    127.0.0.1 network-199-95-207-10.doubleclick.net
    127.0.0.1 network-199-95-207-138.doubleclick.net
    127.0.0.1 network-199-95-207-148.doubleclick.net
    127.0.0.1 network-199-95-207-2.doubleclick.net
    127.0.0.1 network-199-95-207-3.doubleclick.net
    127.0.0.1 network-199-95-207-4.doubleclick.net
    127.0.0.1 network-199-95-207-5.doubleclick.net
    127.0.0.1 network-199-95-207-6.doubleclick.net
    127.0.0.1 network-199-95-207-7.doubleclick.net
    127.0.0.1 network-199-95-207-8.doubleclick.net
    127.0.0.1 network-199-95-207-9.doubleclick.net
    127.0.0.1 network-199-95-208-10.doubleclick.net
    127.0.0.1 network-199-95-208-2.doubleclick.net
    127.0.0.1 network-199-95-208-3.doubleclick.net
    127.0.0.1 network-199-95-208-4.doubleclick.net
    127.0.0.1 network-199-95-208-5.doubleclick.net
    127.0.0.1 network-199-95-208-6.doubleclick.net
    127.0.0.1 network-199-95-208-7.doubleclick.net
    127.0.0.1 network-199-95-208-8.doubleclick.net
    127.0.0.1 network-209-67-38-10.doubleclick.net
    127.0.0.1 network-209-67-38-2.doubleclick.net
    127.0.0.1 network-209-67-38-3.doubleclick.net
    127.0.0.1 network-209-67-38-4.doubleclick.net
    127.0.0.1 network-209-67-38-5.doubleclick.net
    127.0.0.1 network-209-67-38-6.doubleclick.net
    127.0.0.1 network-209-67-38-7.doubleclick.net
    127.0.0.1 network-209-67-38-8.doubleclick.net
    127.0.0.1 network-209-67-38-9.doubleclick.net
    127.0.0.1 news.netgravity.com
    127.0.0.1 ng-webserver.netgravity.com
    127.0.0.1 nl.doubleclick.net
    127.0.0.1 no.doubleclick.net
    127.0.0.1 ns.doubleclick.net
    127.0.0.1 ns1.doubleclick.net
    127.0.0.1 ns2.doubleclick.net
    127.0.0.1 ny-router.netgravity.com
    127.0.0.1 ny.netgravity.com
    127.0.0.1 phase2media.doubleclick.net
    127.0.0.1 pptp-server.netgravity.com
    127.0.0.1 pptp.netgravity.com
    127.0.0.1 proxy.netgravity.com
    127.0.0.1 rdbox.doubleclick.net
    127.0.0.1 resolver.doubleclick.net
    127.0.0.1 sanders.netgravity.com
    127.0.0.1 se.doubleclick.net
    127.0.0.1 se1.doubleclick.net
    127.0.0.1 SITEPAGES.doubleclick.net
    127.0.0.1 smhq-fe1-0.netgravity.com
    127.0.0.1 sold.netgravity.com
    127.0.0.1 suitespot.netgravity.com
    127.0.0.1 support.netgravity.com
    127.0.0.1 uk.doubleclick.net
    127.0.0.1 uk1.doubleclick.net
    127.0.0.1 us.doubleclick.net
    127.0.0.1 uunet-gw.NYC1.doubleclick.net
    127.0.0.1 uunyadgda1.doubleclick.net
    127.0.0.1 uunyadgds1.doubleclick.net
    127.0.0.1 3.netgravity.com
    127.0.0.1 4.netgravity.com
    127.0.0.1 zac.netgravity.com
    127.0.0.1 ads1.speedbit.com
    127.0.0.1 ads2.speedbit.com
    127.0.0.1 ads3.speedbit.com
    127.0.0.1 speedbit.com
    127.0.0.1 54.conducent.com
    127.0.0.1 addbtest.conducent.com
    127.0.0.1 addbtest.timesink.com
    127.0.0.1 addltest.conducent.com
    127.0.0.1 addltest.timesink.com
    127.0.0.1 adqa.conducent.com
    127.0.0.1 contentalpha.conducent.com
    127.0.0.1 contentqa.conducent.com
    127.0.0.1 contents.conducent.com
    127.0.0.1 contents1.conducent.com
    127.0.0.1 contenttest.conducent.com
    127.0.0.1 digisle.conducent.com
    127.0.0.1 DNS1.CONDUCENT.COM
    127.0.0.1 download.timesink.com
    127.0.0.1 eroom.conducent.com
    127.0.0.1 firewall.conducent.com
    127.0.0.1 firewall.timesink.com
    127.0.0.1 ftp.conducent.com
    127.0.0.1 hermes.conducent.com
    127.0.0.1 ip134.conducent.com
    127.0.0.1 ip134.timesink.com
    127.0.0.1 Jerry.conducent.com
    127.0.0.1 mail.conducent.com
    127.0.0.1 mail.timesink.com
    127.0.0.1 nandbob.conducent.com
    127.0.0.1 nid.conducent.com
    127.0.0.1 nid.timesink.com
    127.0.0.1 nidinternal.conducent.com
    127.0.0.1 nidinternal.timesink.com
    127.0.0.1 nidinternaltest.conducent.com
    127.0.0.1 nidtest.conducent.com
    127.0.0.1 nidtest.timesink.com
    127.0.0.1 nt2.conducent.com
    127.0.0.1 pop3.conducent.com
    127.0.0.1 pop3.timesink.com
    127.0.0.1 proxytest.conducent.com
    127.0.0.1 pushv5.conducent.com
    127.0.0.1 redirectqa.conducent.com
    127.0.0.1 redirects.conducent.com
    127.0.0.1 redirects.timesink.com
    127.0.0.1 redirecttest.conducent.com
    127.0.0.1 smtp.conducent.com
    127.0.0.1 smtp.timesink.com
    127.0.0.1 softwares.conducent.com
    127.0.0.1 softwares.timesink.com
    127.0.0.1 sterlinga.conducent.com
    127.0.0.1 sterlingf.conducent.com
    127.0.0.1 updates2.conducent.com
    127.0.0.1 updatetest.conducent.com
    127.0.0.1 warsport.timesink.com
    127.0.0.1 conducent.com
    127.0.0.1 test.conducent.com
    127.0.0.1 test.timesink.com
    127.0.0.1 zeus.conducent.com
    127.0.0.1 zeus.timesink.com
    127.0.0.1 bob.web3000.com
    127.0.0.1 tasha.web3000.com
    127.0.0.1 web3000.com
    127.0.0.1 7.web3000.com
    127.0.0.1 abbott.radiate.com
    127.0.0.1 ad2-1.aureate.com
    127.0.0.1 ad2-2.aureate.com
    127.0.0.1 ad2-3.aureate.com
    127.0.0.1 ad2-4.aureate.com
    127.0.0.1 adam.radiate.com
    127.0.0.1 adserv2-301-sjc2.radiate.com
    127.0.0.1 adserv3-408-sjc2.radiate.com
    127.0.0.1 adsoftware.com
    127.0.0.1 aim.adsoftware.com
    127.0.0.1 aim.aureate.com
    127.0.0.1 aim1.adsoftware.com
    127.0.0.1 aim1.aureate.com
    127.0.0.1 aim2.adsoftware.com
    127.0.0.1 aim2.aureate.com
    127.0.0.1 aim3.adsoftware.com
    127.0.0.1 aim3.aureate.com
    127.0.0.1 aim4.adsoftware.com
    127.0.0.1 aim4.aureate.com
    127.0.0.1 aim5.adsoftware.com
    127.0.0.1 aim5.aureate.com
    127.0.0.1 aim6.adsoftware.com
    127.0.0.1 alexander.aureate.com
    127.0.0.1 ans-test.adsoftware.com
    127.0.0.1 ans1.adsoftware.com
    127.0.0.1 ans10.adsoftware.com
    127.0.0.1 ans2.adsoftware.com
    127.0.0.1 ans3.adsoftware.com
    127.0.0.1 apc-pdu-1.aureate.com
    127.0.0.1 apc-pdu-2.aureate.com
    127.0.0.1 aristotle.aureate.com
    127.0.0.1 ask-a-chick.com
    127.0.0.1 aureate-colo-hp2424m.aureate.com
    127.0.0.1 aureate-main-2611.aureate.com
    127.0.0.1 aureate.com
    127.0.0.1 aureatemedia.com
    127.0.0.1 bach.aureate.com
    127.0.0.1 bc-208-184-172-192.radiate.com
    127.0.0.1 bigmama.radiate.com
    127.0.0.1 binarybliss.com
    127.0.0.1 bonnie2.radiate.com
    127.0.0.1 brinks.radiate.com
    127.0.0.1 brutus.radiate.com
    127.0.0.1 caesar.aureate.com
    127.0.0.1 confucius.aureate.com
    127.0.0.1 constantine.aureate.com
    127.0.0.1 cook.aureate.com
    127.0.0.1 copernicus.aureate.com
    127.0.0.1 corona.radiate.com
    127.0.0.1 costello.radiate.com
    127.0.0.1 curly.aureate.com
    127.0.0.1 cyrus.aureate.com
    127.0.0.1 deadmanwalking.radiate.com
    127.0.0.1 dell.radiate.com
    127.0.0.1 dillinger.aureate.com
    127.0.0.1 dolphinsfootball.com
    127.0.0.1 dosequis.radiate.com
    127.0.0.1 download.binarybliss.com
    127.0.0.1 foreigner.radiate.com
    127.0.0.1 freud.aureate.com
    127.0.0.1 ftp.gozilla.com
    127.0.0.1 gameboy.aureate.com
    127.0.0.1 gd1.radiate.com
    127.0.0.1 gizmo.net
    127.0.0.1 godzilla.radiate.com
    127.0.0.1 gozilla.com
    127.0.0.1 group-mail.com
    127.0.0.1 gzs-6509.radiate.com
    127.0.0.1 gzs-7206.radiate.com
    127.0.0.1 gzs-ld.radiate.com
    127.0.0.1 h-208-184-172-10.radiate.com
    127.0.0.1 h-208-184-172-100.radiate.com
    127.0.0.1 mm.delfinproject.com
    127.0.0.1 www.mm.delfinproject.com
    127.0.0.1 http://www.perfectedsecurity.com/
    127.0.0.1 www.ad.yieldmanager.com
    127.0.0.1 www.ads.vitalix.net
    127.0.0.1 www.zedo.net
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri
    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System "=" "
    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
    Registry Cleaning done.
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    mattathm,
    #6
  8. 2007/03/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mattathm

    Well I'm guessing that you now have more problems?
    Seeings that you did not have a smitfraud infection.

    Please post back and report any problems you are now having.

    DO NOT RUN FIXES UNLESS TOLD TO DO SO BY SOMEONE QUALIFIED.

    Geri
     
    Geri,
    #7
  9. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    Hmmmmm

    well no more than usual,
    It didnt find anything, so it said it didnt clean anything.
    Thanks for the concern tho, ill just wait and see what is said on the blog.
    Matt
     
    mattathm,
    #8
  10. 2007/03/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mattathm

    OK well thats good. Did you see this?
    Warning : running option #2 on a non infected computer will remove your Desktop background.

    Now lets get you cleaned up.

    Please rename Hijackthis.exe to Killer.exe. and then do the following below.

    You have a Vundo infection, So lets start with that.

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    Please post the vundofix.txt log and a new HJT log.

    Thanks
    Geri
     
    Geri,
    #9
  11. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    I didnt get the ning about the desktop but when it did finish the desktop background picture was missing.
    Is that bad?

    I have done a Vundo scan before but I will do another one now and then a HJT scan and post the results.
    Thanks for your help.
     
    mattathm,
    #10
  12. 2007/03/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    That is what happens when you run the second option, when you don't have that infection.
    We will fix that later.

    Geri
     
    Geri,
    #11
  13. 2007/03/03
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    vundofix and hjt logs

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.3

    Scan started at 8:03:03 p.m. 22/02/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.3

    Scan started at 1:23:44 p.m. 23/02/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.3

    Scan started at 3:33:42 p.m. 1/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gjjlm.bak1
    C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\mljjg.dll
    C:\WINDOWS\system32\vtuts.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjjlm.bak1
    C:\WINDOWS\system32\gjjlm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjjlm.ini
    C:\WINDOWS\system32\gjjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuts.dll
    C:\WINDOWS\system32\vtuts.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.3

    Scan started at 12:46:50 a.m. 4/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\qttss.bak1
    C:\WINDOWS\system32\qttss.bak2
    C:\WINDOWS\system32\qttss.ini2
    C:\WINDOWS\system32\qttss.tmp
    C:\WINDOWS\system32\ssttq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qttss.bak1
    C:\WINDOWS\system32\qttss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qttss.bak2
    C:\WINDOWS\system32\qttss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qttss.ini2
    C:\WINDOWS\system32\qttss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qttss.tmp
    C:\WINDOWS\system32\qttss.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.12

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 6:18:17 p.m. 4/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ddabc.dll
    C:\WINDOWS\system32\opnkihf.dll
    C:\WINDOWS\system32\rqrqnkj.dll
    C:\WINDOWS\system32\ssttq.dll
    C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak2
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\vtstu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddabc.dll
    C:\WINDOWS\system32\ddabc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnkihf.dll
    C:\WINDOWS\system32\opnkihf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrqnkj.dll
    C:\WINDOWS\system32\rqrqnkj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.bak2
    C:\WINDOWS\system32\utstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 6:31:55 p.m., on 4/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\killer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/MyTradeMe/Default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6DDF74EF-8BFB-4595-91F0-F9BD89E9D99C} - C:\WINDOWS\system32\vtstu.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrqnkj.dll (file missing)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {D942E58C-1B5F-40D5-BFB5-BDC654DDA33C} - C:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: (no name) - {F11A724D-6E85-4FC3-BA74-98D3E87EFC46} - C:\WINDOWS\system32\ssttq.dll (file missing)
    O2 - BHO: (no name) - {F619F92A-0396-49BA-BD4C-0F7177876ECB} - C:\WINDOWS\system32\vtuts.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe "
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe "
    O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe "
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171744494562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171853486593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
    mattathm,
    #12
  14. 2007/03/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mattathm

    Here is the next step

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {6DDF74EF-8BFB-4595-91F0-F9BD89E9D99C} - C:\WINDOWS\system32\vtstu.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrqnkj.dll (file missing)
    O2 - BHO: (no name) - {D942E58C-1B5F-40D5-BFB5-BDC654DDA33C} - C:\WINDOWS\system32\mljjg.dll (file missing)
    O2 - BHO: (no name) - {F11A724D-6E85-4FC3-BA74-98D3E87EFC46} - C:\WINDOWS\system32\ssttq.dll (file missing)
    O2 - BHO: (no name) - {F619F92A-0396-49BA-BD4C-0F7177876ECB} - C:\WINDOWS\system32\vtuts.dll (file missing)
    O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Reboot your computer.

    Please post a new HJT log here.

    Thanks
    Geri
     
    Geri,
    #13
  15. 2007/03/04
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    As requested, new Log

    Logfile of HijackThis v1.99.1
    Scan saved at 7:23:23 p.m., on 4/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\killer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/MyTradeMe/Default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe "
    O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe "
    O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe "
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171744494562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171853486593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
    mattathm,
    #14
  16. 2007/03/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mattathm

    Your log is clean of vundo.

    I guess you wanted to keep these.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    Which is fine they are not a threat.

    You can delete any tools you were asked to down load, (Vundo, smitfraud)There will be newer versions if ever needed again any way.

    OK, Lets see if we can get your desktop back now.

    Right click your desktop, choose properties, under the desktop tab click the "Customize desktop" button under the "Web tab" remove all the page entries from there except the "My Current Home Page" and OK your way out.

    Reboot you computer and let me know if your desktop picture is back.

    Geri
     
    Last edited: 2007/03/04
    Geri,
    #15
  17. 2007/03/04
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    thanks Geri

    I guess you wanted to keep these.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    I thought I had deleted them? I can delete them if you want?
    I just chose another picture for my desktop, all is well so far. The original picture was in the folder it was in so no dramas, or am i missing something?

    Matt
     
    mattathm,
    #16
  18. 2007/03/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mattathm
    It's really not necessary.

    OK, as long as it is working.

    Is everything running OK? Any more Pop-ups?

    We have just a few more things to do, mostly maintenance and then our recommendations:

    Delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

    This would also be a good time to set a new system restore point for your machine.
    Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

    Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion. It is very rare that anything significant is ever found.

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.

    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

    5. IE-SpyAd - puts over 23,000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all,
      and MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

    6. Install WinPatrol to prevent unknown applications from being inserted to start up on your machine

      Now just because you have security apps installed, they are useless unless updated regularly.

    7. Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

    8. ATF Cleaner by Atribune.
      This program is for XP and Windows 2000 only, Cleans out temporary files all the garbage you collect while surfing the web.

    9. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

    10. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    11. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

    Surf Safely
    Geri
     
    Last edited: 2007/03/04
    Geri,
    #17
  19. 2007/03/04
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    Thankyou

    Firstly Id like to say ThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyouThankyou


    Everything seams to be running well at the mo,
    I have d/l Spybot S&D and AdAware, run them, no problems found.

    You have listed quite a few programs to d/l.
    Will these all be running in the background?
    Do I need all of these?
    Is my AVG and Spysweeper no good?
    What are the vital apps to get?

    thanks so much for your help
    Matt
     
    mattathm,
    #18
  20. 2007/03/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mattathm
    You're welcome

    Those are good Apps. I use SpySweeper myself.

    I would atleast download
    SpywareBlaster and IE SpyAD along with the two you installed, S/B and AdAware.

    Geri
     
    Geri,
    #19
  21. 2007/03/13
    mattathm

    mattathm Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    11
    Likes Received:
    0
    Follow up

    Thanks again Geri for your help.....

    All seams well, no pop up or abnormal things happening, all apps are picking up things and alerting me, I like Scotty Dog, hehehehe

    cheers.
    Matt
     
    mattathm,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...