Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

May I Have Some Assistance In This Matter?

Started by w8n4srvc , May 12 2007 10:10 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 w8n4srvc

w8n4srvc

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 May 2007 - 10:10 AM

I just got back online and with a cable modem. Reinstalled Mozilla and while searching for plugins, i inadvertantly contracted a STD for my pc. Now its stating to run rampent and becoming more than annoying. I have random POP-ups for spylock and other shareware-like B.S. security failures. they seem top be only affecting I.E. which i dont use but it will randomly pop-up a I.E. window and put stuff on my screen. I almost have to double click a function on every window to close/open, move, send... whatever. not to mention dont even try to watch any sort of youtube or video playback whatsoever. its all choppy and staggered. i did get a log of my scan which i'll post below. Im generally more than cautious but now im worried. Anyone have some PC penicillin for this STD ive aquired?? Much appreciation in advance, thank you.




Logfile of HijackThis v1.99.1
Scan saved at 11:55:15 AM, on 5/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\MDM.EXE
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDService.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\downloads firefox\Windows-KB890830-V1.29.exe
e:\747a6e41be14d3a50641e90af6\mrtstub.exe
C:\WINNT\system32\MRT.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155017924051
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CleanService - Unknown owner - C:\PROGRA~1\STOMPS~1\FILESH~1\CleanService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Advertisements

Register to Remove

#2 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 12 May 2007 - 11:18 AM

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


___________________________________

I see that Viewpoint is installed.

Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read Viewpoint to Plunge Into Adware.

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
If AOL is present, to prevent it from being recreated every time you run the AOL software:
  • Open AOL
  • Go to Help on the toolbar
  • Select About AOL
  • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
Another way to prevent Viewpoint from being recreated every time you run the AOL software is:
  • Click C:\Program Files\AOL 9.0\Jiti (a hidden folder).
  • Rename viewpoint.exe to viewpoint.old.


______________________________________


Download SmitfraudFix (by S!Ri) to your Desktop.
Smitfraud by S!ri


______________________________

  • Double clcik the smitfraud.exe
  • When promted
    Press any key to continue.
  • Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with any others I have asked for in your next reply.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. When prompted by allow it to run




IMPORTANT: Do NOT run any other options until you are asked to do so!
________________________________


In your next reply I would like to see:
  • A new HJT log
  • The report from smitfraud

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#3 w8n4srvc

w8n4srvc

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 May 2007 - 02:41 PM

thank you for quick response.

I do use the AOL instant messenger, Is that an issue other than no-one including myself cares for America On Hold?

SMITfraud report::

SmitFraudFix v2.181

Scan done at 16:45:57.18, Sat 05/12/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\MDM.EXE
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDService.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\kgkdbsk.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous"

[HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\WINNT\system32\kgkdbsk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\WINNT\system32\kgkdbsk.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO Adapter
DNS Server Search Order: 68.87.77.130
DNS Server Search Order: 68.87.72.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64467CC3-5772-4771-96AE-12A0C8546144}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64467CC3-5772-4771-96AE-12A0C8546144}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64467CC3-5772-4771-96AE-12A0C8546144}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


New Hijackthis report::

Logfile of HijackThis v1.99.1
Scan saved at 4:53:37 PM, on 5/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\MDM.EXE
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDService.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155017924051
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CleanService - Unknown owner - C:\PROGRA~1\STOMPS~1\FILESH~1\CleanService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Edited by w8n4srvc, 12 May 2007 - 02:53 PM.

#4 w8n4srvc

w8n4srvc

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 May 2007 - 07:48 PM

Removed also were the following files. One included "viewpoint tool bar" not just viewpoint # Viewpoint # Viewpoint Manager # Viewpoint Media Player

#5 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 13 May 2007 - 04:39 AM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
___________________________________
Download AVG Anti-Spyware.
  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.
  • At the top of the main screen click Update.
  • Then in the Manual Update section, click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
[*]When updates are completed, close AVG.
[/list]If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates
Do not use it yet.


Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\WNNT\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________



Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
___________________________

AVG
Close all open windows/programs/folders. Have nothing else open while AVG performs its scan!
Click on scanner
Click on Settings
Under How to act
Choose quarantine

Under Reports check automatically create report after every scan.
Now back to the scan tab andClick on Complete system scan

Let the program scan the machine .
When finished click apply all actions.

Post the report in your next reply.
Exit AVG.
__________________________
Please post:
  • c:\rapport.txt
  • AVG log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

Edited by bob4, 13 May 2007 - 04:41 AM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#6 w8n4srvc

w8n4srvc

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 13 May 2007 - 10:44 AM

Rapport::

SmitFraudFix v2.181

Scan done at 10:20:23.98, Sun 05/13/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous"

[HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\WINNT\system32\kgkdbsk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\WINNT\system32\kgkdbsk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com
127.0.0.1 www.goshoppingonline.bfast.com
127.0.0.1 www.great-dane.befree.com
127.0.0.1 www.great-dane.bfast.com
127.0.0.1 www.greyhound.bfast.com
127.0.0.1 www.help.bfast.com
127.0.0.1 www.husky.bfast.com
127.0.0.1 www.images.bfast.com
127.0.0.1 www.imp.bfast.com
127.0.0.1 www.njmgt1.bfast.com
127.0.0.1 www.njmgt2.bfast.com
127.0.0.1 www.njrep0.bfast.com
127.0.0.1 www.njrep1.bfast.com
127.0.0.1 www.njrep2.bfast.com
127.0.0.1 www.njtxn1.bfast.com
127.0.0.1 www.otterhound.bfast.com
127.0.0.1 www.preprod-geocities.bfast.com
127.0.0.1 www.preprod.bfast.com
127.0.0.1 www.qwest.bfast.com
127.0.0.1 www.reporting.net
127.0.0.1 www.ridgeback.befree.com
127.0.0.1 www.ridgeback.bfast.com
127.0.0.1 www.samoyed.bfast.com
127.0.0.1 www.scrappy.befree.com
127.0.0.1 www.service.bfast.com
127.0.0.1 www.travelocity.bfast.com
127.0.0.1 www.travsoft.bfast.com
127.0.0.1 www.verisign.bfast.com
127.0.0.1 www.vulture.bfast.com
127.0.0.1 www.whippet.bfast.com
127.0.0.1 www.wolfhound.bfast.com
127.0.0.1 www.befree.com
127.0.0.1 www.s0.bluestreak.com
127.0.0.1 www.s1.bluestreak.com
127.0.0.1 www.s2.bluestreak.com
127.0.0.1 www.s3.bluestreak.com
127.0.0.1 www.s4.bluestreak.com
127.0.0.1 www.s5.bluestreak.com
127.0.0.1 www.s6.bluestreak.com
127.0.0.1 www.s7.bluestreak.com
127.0.0.1 www.s8.bluestreak.com
127.0.0.1 www.abc.bnex.com
127.0.0.1 www.alpha.bnex.com
127.0.0.1 www.bnex.com
127.0.0.1 www.customer.bnex.com
127.0.0.1 www.db.bnex.com
127.0.0.1 www.dev.bnex.com
127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
127.0.0.1 www.ghost.in.the.shell.at.bnex.com
127.0.0.1 www.granite.bnex.com
127.0.0.1 www.intarsia.bnex.com
127.0.0.1 www.intranet.bnex.com
127.0.0.1 www.jade.bnex.com
127.0.0.1 www.malachite.bnex.com
127.0.0.1 www.marble.bnex.com
127.0.0.1 www.megastore.bnex.com
127.0.0.1 www.mosaic.bnex.com
127.0.0.1 www.ns1.bnex.com
127.0.0.1 www.ns2.bnex.com
127.0.0.1 www.onyx.bnex.com
127.0.0.1 www.orion.bnex.com
127.0.0.1 www.pebble.bnex.com
127.0.0.1 www.preview.bnex.com
127.0.0.1 www.quartz.bnex.com
127.0.0.1 www.terrazzo.bnex.com
127.0.0.1 www.vpos.bnex.com
127.0.0.1 www.www.bnex.com
127.0.0.1 www.ads.bpath.com
127.0.0.1 www.ads01.bpath.com
127.0.0.1 www.ads03.bpath.com
127.0.0.1 www.ads04.bpath.com
127.0.0.1 www.ads05.bpath.com
127.0.0.1 www.ads06.bpath.com
127.0.0.1 www.ads07.bpath.com
127.0.0.1 www.ads08.bpath.com
127.0.0.1 www.ads09.bpath.com
127.0.0.1 www.ads1.bpath.com
127.0.0.1 www.ads10.bpath.com
127.0.0.1 www.ads11.bpath.com
127.0.0.1 www.ads12.bpath.com
127.0.0.1 www.ads13.bpath.com
127.0.0.1 www.ads14.bpath.com
127.0.0.1 www.ads15.bpath.com
127.0.0.1 www.ads16.bpath.com
127.0.0.1 www.ads17.bpath.com
127.0.0.1 www.ads18.bpath.com
127.0.0.1 www.ads19.bpath.com
127.0.0.1 www.ads2.bpath.com
127.0.0.1 www.ads20.bpath.com
127.0.0.1 www.ads21.bpath.com
127.0.0.1 www.ads22.bpath.com
127.0.0.1 www.ads23.bpath.com
127.0.0.1 www.ads24.bpath.com
127.0.0.1 www.ads25.bpath.com
127.0.0.1 www.ads26.bpath.com
127.0.0.1 www.ads27.bpath.com
127.0.0.1 www.ads28.bpath.com
127.0.0.1 www.ads29.bpath.com
127.0.0.1 www.ads3.bpath.com
127.0.0.1 www.ads32.bpath.com
127.0.0.1 www.ads33.bpath.com
127.0.0.1 www.ads34.bpath.com
127.0.0.1 www.ads35.bpath.com
127.0.0.1 www.ads36.bpath.com
127.0.0.1 www.ads37.bpath.com
127.0.0.1 www.ads38.bpath.com
127.0.0.1 www.ads39.bpath.com
127.0.0.1 www.ads40.bpath.com
127.0.0.1 www.ads41.bpath.com
127.0.0.1 www.ads42.bpath.com
127.0.0.1 www.ads43.bpath.com
127.0.0.1 www.ads44.bpath.com
127.0.0.1 www.ads45.bpath.com
127.0.0.1 www.ads46.bpath.com
127.0.0.1 www.ads47.bpath.com
127.0.0.1 www.ads48.bpath.com
127.0.0.1 www.ads49.bpath.com
127.0.0.1 www.ads50.bpath.com
127.0.0.1 www.ads51.bpath.com
127.0.0.1 www.ads52.bpath.com
127.0.0.1 www.bpath.com
127.0.0.1 www.www.bpath.com
127.0.0.1 www.acim.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.e250a.track4.com
127.0.0.1 www.fingerhut.track4.com
127.0.0.1 www.foxy.acim.com
127.0.0.1 www.foxy.track4.com
127.0.0.1 www.ftp.acim.com
127.0.0.1 www.ftp.track4.com
127.0.0.1 www.gate.acim.com
127.0.0.1 www.gifttree.track4.com
127.0.0.1 www.maximizer.acim.com
127.0.0.1 www.ns1.acim.com
127.0.0.1 www.ns2.acim.com
127.0.0.1 www.plum.acim.com
127.0.0.1 www.sz.track4.com
127.0.0.1 www.toten.acim.com
127.0.0.1 www.towerrecords.track4.com
127.0.0.1 www.track4.com
127.0.0.1 www.translucent.acim.com
127.0.0.1 www.www.acim.com
127.0.0.1 www1.track4.com
127.0.0.1 www2.track4.com
127.0.0.1 www3.track4.com
127.0.0.1 www.3Aad.doubleclick.net
127.0.0.1 www.aa.doubleclick.net
127.0.0.1 www.accord.netgravity.com
127.0.0.1 www.ad.au.doubleclick.net
127.0.0.1 www.ad.br.doubleclick.net
127.0.0.1 www.ad.ca.doubleclick.net
127.0.0.1 www.ad.contentzone.com
127.0.0.1 www.ad.de.doubleclick.net
127.0.0.1 www.ad.doubleclick.com
127.0.0.1 www.ad.es.doubleclick.net
127.0.0.1 www.ad.fi.doubleclick.net
127.0.0.1 www.ad.fr.doubleclick.net
127.0.0.1 www.ad.it.doubleclick.net
127.0.0.1 www.ad.jp.doubleclick.net
127.0.0.1 www.ad.my.doubleclick.net
127.0.0.1 www.ad.nl.doubleclick.net
127.0.0.1 www.ad.no.doubleclick.net
127.0.0.1 www.ad.pt.doubleclick.net
127.0.0.1 www.ad.se.doubleclick.net
127.0.0.1 www.ad.sg.doubleclick.net
127.0.0.1 www.ad.sq.doubleclick.net
127.0.0.1 www.ad.uk.doubleclick.net
127.0.0.1 www.ad.us.doubleclick.net
127.0.0.1 www.ad1.doubleclick.net
127.0.0.1 www.ad2.doubleclick.net
127.0.0.1 www.ad3.doubleclick.net
127.0.0.1 www.adcenter1.netgravity.com
127.0.0.1 www.ADS-SECONDARY.doubleclick.net
127.0.0.1 www.ads.double-click.com
127.0.0.1 www.bay-sw-10.netgravity.com
127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
127.0.0.1 www.caelum.netgravity.com
127.0.0.1 www.de1.doubleclick.net
127.0.0.1 www.demo.netgravity.com
127.0.0.1 www.double-click.com
127.0.0.1 www.doubleclick.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.draco.netgravity.com
127.0.0.1 www.dyson.netgravity.com
127.0.0.1 www.ecommerce.netgravity.com
127.0.0.1 www.engpptp.netgravity.com
127.0.0.1 www.enterprise.netgravity.com
127.0.0.1 www.exnjadgda1.doubleclick.net
127.0.0.1 www.exnjadgda2.doubleclick.net
127.0.0.1 www.exnjadgds1.doubleclick.net
127.0.0.1 www.exnjmdgda1.doubleclick.net
127.0.0.1 www.exnjmdgds1.doubleclick.net
127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
127.0.0.1 www.fr1.doubleclick.net
127.0.0.1 www.ftp.netgravity.com
127.0.0.1 www.gatekeeper.netgravity.com
127.0.0.1 www.gd20.doubleclick.net
127.0.0.1 www.gd25.doubleclick.net
127.0.0.1 www.gd28.doubleclick.net
127.0.0.1 www.gd4.doubleclick.net
127.0.0.1 www.gravitychannel.netgravity.com
127.0.0.1 www.gravityhome.netgravity.com
127.0.0.1 www.home.netgravity.com
127.0.0.1 www.In.doubleclick.net
127.0.0.1 www.joinchannel.netgravity.com
127.0.0.1 www.jp.doubleclick.net
127.0.0.1 www.listserver.netgravity.com
127.0.0.1 www.ln.doubleclick.net
127.0.0.1 www.lon-router.netgravity.com
127.0.0.1 www.london.netgravity.com
127.0.0.1 www.lucian.netgravity.com
127.0.0.1 www.m.doubleclick.com
127.0.0.1 www.m.doubleclick.net
127.0.0.1 www.m2.doubleclick.net
127.0.0.1 www.MAILEXODUS.doubleclick.net
127.0.0.1 www.mdist.doubleclick.net
127.0.0.1 www.mplex-dfa.doubleclick.net
127.0.0.1 www.myhome.netgravity.com
127.0.0.1 www.nda.netgravity.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.network-199-95-207-10.doubleclick.net
127.0.0.1 www.network-199-95-207-138.doubleclick.net
127.0.0.1 www.network-199-95-207-148.doubleclick.net
127.0.0.1 www.network-199-95-207-2.doubleclick.net
127.0.0.1 www.network-199-95-207-3.doubleclick.net
127.0.0.1 www.network-199-95-207-4.doubleclick.net
127.0.0.1 www.network-199-95-207-5.doubleclick.net
127.0.0.1 www.network-199-95-207-6.doubleclick.net
127.0.0.1 www.network-199-95-207-7.doubleclick.net
127.0.0.1 www.network-199-95-207-8.doubleclick.net
127.0.0.1 www.network-199-95-207-9.doubleclick.net
127.0.0.1 www.network-199-95-208-10.doubleclick.net
127.0.0.1 www.network-199-95-208-2.doubleclick.net
127.0.0.1 www.network-199-95-208-3.doubleclick.net
127.0.0.1 www.network-199-95-208-4.doubleclick.net
127.0.0.1 www.network-199-95-208-5.doubleclick.net
127.0.0.1 www.network-199-95-208-6.doubleclick.net
127.0.0.1 www.network-199-95-208-7.doubleclick.net
127.0.0.1 www.network-199-95-208-8.doubleclick.net
127.0.0.1 www.network-209-67-38-10.doubleclick.net
127.0.0.1 www.network-209-67-38-2.doubleclick.net
127.0.0.1 www.network-209-67-38-3.doubleclick.net
127.0.0.1 www.network-209-67-38-4.doubleclick.net
127.0.0.1 www.network-209-67-38-5.doubleclick.net
127.0.0.1 www.network-209-67-38-6.doubleclick.net
127.0.0.1 www.network-209-67-38-7.doubleclick.net
127.0.0.1 www.network-209-67-38-8.doubleclick.net
127.0.0.1 www.network-209-67-38-9.doubleclick.net
127.0.0.1 www.news.netgravity.com
127.0.0.1 www.ng-webserver.netgravity.com
127.0.0.1 www.nl.doubleclick.net
127.0.0.1 www.no.doubleclick.net
127.0.0.1 www.ns.doubleclick.net
127.0.0.1 www.ns1.doubleclick.net
127.0.0.1 www.ns2.doubleclick.net
127.0.0.1 www.ny-router.netgravity.com
127.0.0.1 www.ny.netgravity.com
127.0.0.1 www.phase2media.doubleclick.net
127.0.0.1 www.pptp-server.netgravity.com
127.0.0.1 www.pptp.netgravity.com
127.0.0.1 www.proxy.netgravity.com
127.0.0.1 www.rdbox.doubleclick.net
127.0.0.1 www.resolver.doubleclick.net
127.0.0.1 www.sanders.netgravity.com
127.0.0.1 www.se.doubleclick.net
127.0.0.1 www.se1.doubleclick.net
127.0.0.1 www.SITEPAGES.doubleclick.net
127.0.0.1 www.smhq-fe1-0.netgravity.com
127.0.0.1 www.sold.netgravity.com
127.0.0.1 www.suitespot.netgravity.com
127.0.0.1 www.support.netgravity.com
127.0.0.1 www.uk.doubleclick.net
127.0.0.1 www.uk1.doubleclick.net
127.0.0.1 www.us.doubleclick.net
127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
127.0.0.1 www.uunyadgda1.doubleclick.net
127.0.0.1 www.uunyadgds1.doubleclick.net
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www.zac.netgravity.com
127.0.0.1 www.ads1.speedbit.com
127.0.0.1 www.ads2.speedbit.com
127.0.0.1 www.ads3.speedbit.com
127.0.0.1 www3.speedbit.com
127.0.0.1 www.speedbit.com
127.0.0.1 www.54.conducent.com
127.0.0.1 www.addbtest.conducent.com
127.0.0.1 www.addbtest.timesink.com
127.0.0.1 www.addltest.conducent.com
127.0.0.1 www.addltest.timesink.com
127.0.0.1 www.addltestmaster.conducent.com
127.0.0.1 www.adqa.conducent.com
127.0.0.1 www.contentalpha.conducent.com
127.0.0.1 www.contentqa.conducent.com
127.0.0.1 www.contents.conducent.com
127.0.0.1 www.contents1.conducent.com
127.0.0.1 www.contenttest.conducent.com
127.0.0.1 www.digisle.conducent.com
127.0.0.1 www.DNS1.CONDUCENT.COM
127.0.0.1 www.download.timesink.com
127.0.0.1 www.eroom.conducent.com
127.0.0.1 www.firewall.conducent.com
127.0.0.1 www.firewall.timesink.com
127.0.0.1 www.ftp.conducent.com
127.0.0.1 www.hermes.conducent.com
127.0.0.1 www.ip134.conducent.com
127.0.0.1 www.ip134.timesink.com
127.0.0.1 www.Jerry.conducent.com
127.0.0.1 www.mail.conducent.com
127.0.0.1 www.mail.timesink.com
127.0.0.1 www.nandbob.conducent.com
127.0.0.1 www.nid.conducent.com
127.0.0.1 www.nid.timesink.com
127.0.0.1 www.nidinternal.conducent.com
127.0.0.1 www.nidinternal.timesink.com
127.0.0.1 www.nidinternaltest.conducent.com
127.0.0.1 www.nidtest.conducent.com
127.0.0.1 www.nidtest.timesink.com
127.0.0.1 www.nt2.conducent.com
127.0.0.1 www.pop3.conducent.com
127.0.0.1 www.pop3.timesink.com
127.0.0.1 www.proxytest.conducent.com
127.0.0.1 www.pushv5.conducent.com
127.0.0.1 www.redirectqa.conducent.com
127.0.0.1 www.redirects.conducent.com
127.0.0.1 www.redirects.timesink.com
127.0.0.1 www.redirecttest.conducent.com
127.0.0.1 www.smtp.conducent.com
127.0.0.1 www.smtp.timesink.com
127.0.0.1 www.softwares.conducent.com
127.0.0.1 www.softwares.timesink.com
127.0.0.1 www.sterlinga.conducent.com
127.0.0.1 www.sterlingf.conducent.com
127.0.0.1 www.updates2.conducent.com
127.0.0.1 www.updatetest.conducent.com
127.0.0.1 www.warsport.timesink.com
127.0.0.1 www.conducent.com
127.0.0.1 www.test.conducent.com
127.0.0.1 www.test.timesink.com
127.0.0.1 www.zeus.conducent.com
127.0.0.1 www.zeus.timesink.com
127.0.0.1 www.bob.web3000.com
127.0.0.1 www.tasha.web3000.com
127.0.0.1 www1.web3000.com
127.0.0.1 www7.web3000.com
127.0.0.1 www.abbott.radiate.com
127.0.0.1 www.ad2-1.aureate.com
127.0.0.1 www.ad2-2.aureate.com
127.0.0.1 www.ad2-3.aureate.com
127.0.0.1 www.ad2-4.aureate.com
127.0.0.1 www.adam.radiate.com
127.0.0.1 www.adserv2-301-sjc2.radiate.com
127.0.0.1 www.adserv3-408-sjc2.radiate.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.aim.adsoftware.com
127.0.0.1 www.aim.aureate.com
127.0.0.1 www.aim1.adsoftware.com
127.0.0.1 www.aim1.aureate.com
127.0.0.1 www.aim2.adsoftware.com
127.0.0.1 www.aim2.aureate.com
127.0.0.1 www.aim3.adsoftware.com
127.0.0.1 www.aim3.aureate.com
127.0.0.1 www.aim4.adsoftware.com
127.0.0.1 www.aim4.aureate.com
127.0.0.1 www.aim5.adsoftware.com
127.0.0.1 www.aim5.aureate.com
127.0.0.1 www.aim6.adsoftware.com
127.0.0.1 www.alexander.aureate.com
127.0.0.1 www.ans-test.adsoftware.com
127.0.0.1 www.ans1.adsoftware.com
127.0.0.1 www.ans10.adsoftware.com
127.0.0.1 www.ans2.adsoftware.com
127.0.0.1 www.ans3.adsoftware.com
127.0.0.1 www.apc-pdu-1.aureate.com
127.0.0.1 www.apc-pdu-2.aureate.com
127.0.0.1 www.aristotle.aureate.com
127.0.0.1 www.ask-a-chick.com
127.0.0.1 www.aureate-colo-hp2424m.aureate.com
127.0.0.1 www.aureate-main-2611.aureate.com
127.0.0.1 www.aureate.com
127.0.0.1 www.aureatemedia.com
127.0.0.1 www.bach.aureate.com
127.0.0.1 www.bc-208-184-172-192.radiate.com
127.0.0.1 www.bigmama.radiate.com
127.0.0.1 www.binarybliss.com
127.0.0.1 www.bonnie2.radiate.com
127.0.0.1 www.brinks.radiate.com
127.0.0.1 www.brutus.radiate.com
127.0.0.1 www.caesar.aureate.com
127.0.0.1 www.confucius.aureate.com
127.0.0.1 www.constantine.aureate.com
127.0.0.1 www.cook.aureate.com
127.0.0.1 www.copernicus.aureate.com
127.0.0.1 www.corona.radiate.com
127.0.0.1 www.costello.radiate.com
127.0.0.1 www.curly.aureate.com
127.0.0.1 www.cyrus.aureate.com
127.0.0.1 www.deadmanwalking.radiate.com
127.0.0.1 www.dell.radiate.com
127.0.0.1 www.dillinger.aureate.com
127.0.0.1 www.dolphinsfootball.com
127.0.0.1 www.dosequis.radiate.com
127.0.0.1 www.download.binarybliss.com
127.0.0.1 www.foreigner.radiate.com
127.0.0.1 www.freud.aureate.com
127.0.0.1 www.ftp.gozilla.com
127.0.0.1 www.gameboy.aureate.com
127.0.0.1 www.gd1.radiate.com
127.0.0.1 www.gizmo.net
127.0.0.1 www.godzilla.radiate.com
127.0.0.1 www.gozilla.com
127.0.0.1 www.group-mail.com
127.0.0.1 www.gzs-6509.radiate.com
127.0.0.1 www.gzs-7206.radiate.com
127.0.0.1 www.gzs-ld.radiate.com
127.0.0.1 www.h-208-184-172-10.radiate.com
127.0.0.1 www.h-208-184-172-100.radiate.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 ads.x10.com
127.0.0.1 600pics.com
127.0.0.1 doberman.befree.com
127.0.0.1 enews.bfast.com
127.0.0.1 etoys.bfast.com
127.0.0.1 falcon.bfast.com
127.0.0.1 ftp.befree.com
127.0.0.1 ftp.bfast.com
127.0.0.1 geocities.bfast.com
127.0.0.1 goshoppingonline.bfast.com
127.0.0.1 great-dane.befree.com
127.0.0.1 great-dane.bfast.com
127.0.0.1 greyhound.bfast.com
127.0.0.1 help.bfast.com
127.0.0.1 husky.bfast.com
127.0.0.1 images.bfast.com
127.0.0.1 imp.bfast.com
127.0.0.1 njmgt1.bfast.com
127.0.0.1 njmgt2.bfast.com
127.0.0.1 njrep0.bfast.com
127.0.0.1 njrep2.bfast.com
127.0.0.1 njrep1.bfast.com
127.0.0.1 njtxn1.bfast.com
127.0.0.1 otterhound.bfast.com
127.0.0.1 preprod-geocities.bfast.com
127.0.0.1 preprod.bfast.com
127.0.0.1 qwest.bfast.com
127.0.0.1 reporting.net
127.0.0.1 ridgeback.befree.com
127.0.0.1 ridgeback.bfast.com
127.0.0.1 samoyed.bfast.com
127.0.0.1 scrappy.befree.com
127.0.0.1 service.bfast.com
127.0.0.1 travelocity.bfast.com
127.0.0.1 travsoft.bfast.com
127.0.0.1 verisign.bfast.com
127.0.0.1 vulture.bfast.com
127.0.0.1 whippet.bfast.com
127.0.0.1 wolfhound.bfast.com
127.0.0.1 befree.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 abc.bnex.com
127.0.0.1 alpha.bnex.com
127.0.0.1 bnex.com
127.0.0.1 customer.bnex.com
127.0.0.1 db.bnex.com
127.0.0.1 dev.bnex.com
127.0.0.1 do.you.uh.yahoo.at.bnex.com
127.0.0.1 ghost.in.the.shell.at.bnex.com
127.0.0.1 granite.bnex.com
127.0.0.1 intarsia.bnex.com
127.0.0.1 intranet.bnex.com
127.0.0.1 jade.bnex.com
127.0.0.1 malachite.bnex.com
127.0.0.1 marble.bnex.com
127.0.0.1 megastore.bnex.com
127.0.0.1 mosaic.bnex.com
127.0.0.1 ns1.bnex.com
127.0.0.1 ns2.bnex.com
127.0.0.1 onyx.bnex.com
127.0.0.1 orion.bnex.com
127.0.0.1 pebble.bnex.com
127.0.0.1 preview.bnex.com
127.0.0.1 quartz.bnex.com
127.0.0.1 terrazzo.bnex.com
127.0.0.1 vpos.bnex.com
127.0.0.1 ads.bpath.com
127.0.0.1 ads01.bpath.com
127.0.0.1 ads03.bpath.com
127.0.0.1 ads04.bpath.com
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.bpath.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads11.bpath.com
127.0.0.1 ads12.bpath.com
127.0.0.1 ads13.bpath.com
127.0.0.1 ads14.bpath.com
127.0.0.1 ads15.bpath.com
127.0.0.1 ads16.bpath.com
127.0.0.1 ads17.bpath.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ads19.bpath.com
127.0.0.1 ads2.bpath.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.bpath.com
127.0.0.1 ads32.bpath.com
127.0.0.1 ads33.bpath.com
127.0.0.1 ads34.bpath.com
127.0.0.1 ads35.bpath.com
127.0.0.1 ads36.bpath.com
127.0.0.1 ads37.bpath.com
127.0.0.1 ads38.bpath.com
127.0.0.1 ads39.bpath.com
127.0.0.1 ads40.bpath.com
127.0.0.1 ads41.bpath.com
127.0.0.1 ads42.bpath.com
127.0.0.1 ads43.bpath.com
127.0.0.1 ads44.bpath.com
127.0.0.1 ads45.bpath.com
127.0.0.1 ads46.bpath.com
127.0.0.1 ads47.bpath.com
127.0.0.1 ads48.bpath.com
127.0.0.1 ads49.bpath.com
127.0.0.1 ads50.bpath.com
127.0.0.1 ads51.bpath.com
127.0.0.1 ads52.bpath.com
127.0.0.1 bpath.com
127.0.0.1 acim.com
127.0.0.1 commission-junction.com
127.0.0.1 e250a.track4.com
127.0.0.1 fingerhut.track4.com
127.0.0.1 foxy.acim.com
127.0.0.1 foxy.track4.com
127.0.0.1 ftp.acim.com
127.0.0.1 ftp.track4.com
127.0.0.1 gate.acim.com
127.0.0.1 gifttree.track4.com
127.0.0.1 maximizer.acim.com
127.0.0.1 ns1.acim.com
127.0.0.1 ns2.acim.com
127.0.0.1 plum.acim.com
127.0.0.1 sz.track4.com
127.0.0.1 toten.acim.com
127.0.0.1 towerrecords.track4.com
127.0.0.1 track4.com
127.0.0.1 translucent.acim.com
127.0.0.1 1.track4.com
127.0.0.1 2.track4.com
127.0.0.1 3.track4.com
127.0.0.1 3Aad.doubleclick.net
127.0.0.1 aa.doubleclick.net
127.0.0.1 accord.netgravity.com
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.contentzone.com
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.my.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.sq.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad1.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 adcenter1.netgravity.com
127.0.0.1 ADS-SECONDARY.doubleclick.net
127.0.0.1 ads.double-click.com
127.0.0.1 bay-sw-10.netgravity.com
127.0.0.1 bbn-gw.NYC1.doubleclick.net
127.0.0.1 caelum.netgravity.com
127.0.0.1 de1.doubleclick.net
127.0.0.1 demo.netgravity.com
127.0.0.1 double-click.com
127.0.0.1 doubleclick.com
127.0.0.1 doubleclick.net
127.0.0.1 draco.netgravity.com
127.0.0.1 dyson.netgravity.com
127.0.0.1 ecommerce.netgravity.com
127.0.0.1 engpptp.netgravity.com
127.0.0.1 enterprise.netgravity.com
127.0.0.1 exnjadgda1.doubleclick.net
127.0.0.1 exnjadgda2.doubleclick.net
127.0.0.1 exnjadgds1.doubleclick.net
127.0.0.1 exnjmdgda1.doubleclick.net
127.0.0.1 exnjmdgds1.doubleclick.net
127.0.0.1 exodus-gw.EWR1.doubleclick.net
127.0.0.1 fr1.doubleclick.net
127.0.0.1 ftp.netgravity.com
127.0.0.1 gatekeeper.netgravity.com
127.0.0.1 gd20.doubleclick.net
127.0.0.1 gd25.doubleclick.net
127.0.0.1 gd28.doubleclick.net
127.0.0.1 gd4.doubleclick.net
127.0.0.1 gravitychannel.netgravity.com
127.0.0.1 gravityhome.netgravity.com
127.0.0.1 home.netgravity.com
127.0.0.1 In.doubleclick.net
127.0.0.1 joinchannel.netgravity.com
127.0.0.1 jp.doubleclick.net
127.0.0.1 listserver.netgravity.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 lon-router.netgravity.com
127.0.0.1 london.netgravity.com
127.0.0.1 lucian.netgravity.com
127.0.0.1 m.doubleclick.com
127.0.0.1 m.doubleclick.net
127.0.0.1 m2.doubleclick.net
127.0.0.1 MAILEXODUS.doubleclick.net
127.0.0.1 mdist.doubleclick.net
127.0.0.1 mplex-dfa.doubleclick.net
127.0.0.1 myhome.netgravity.com
127.0.0.1 nda.netgravity.com
127.0.0.1 netgravity.com
127.0.0.1 network-199-95-207-10.doubleclick.net
127.0.0.1 network-199-95-207-138.doubleclick.net
127.0.0.1 network-199-95-207-148.doubleclick.net
127.0.0.1 network-199-95-207-2.doubleclick.net
127.0.0.1 network-199-95-207-3.doubleclick.net
127.0.0.1 network-199-95-207-4.doubleclick.net
127.0.0.1 network-199-95-207-5.doubleclick.net
127.0.0.1 network-199-95-207-6.doubleclick.net
127.0.0.1 network-199-95-207-7.doubleclick.net
127.0.0.1 network-199-95-207-8.doubleclick.net
127.0.0.1 network-199-95-207-9.doubleclick.net
127.0.0.1 network-199-95-208-10.doubleclick.net
127.0.0.1 network-199-95-208-2.doubleclick.net
127.0.0.1 network-199-95-208-3.doubleclick.net
127.0.0.1 network-199-95-208-4.doubleclick.net
127.0.0.1 network-199-95-208-5.doubleclick.net
127.0.0.1 network-199-95-208-6.doubleclick.net
127.0.0.1 network-199-95-208-7.doubleclick.net
127.0.0.1 network-199-95-208-8.doubleclick.net
127.0.0.1 network-209-67-38-10.doubleclick.net
127.0.0.1 network-209-67-38-2.doubleclick.net
127.0.0.1 network-209-67-38-3.doubleclick.net
127.0.0.1 network-209-67-38-4.doubleclick.net
127.0.0.1 network-209-67-38-5.doubleclick.net
127.0.0.1 network-209-67-38-6.doubleclick.net
127.0.0.1 network-209-67-38-7.doubleclick.net
127.0.0.1 network-209-67-38-8.doubleclick.net
127.0.0.1 network-209-67-38-9.doubleclick.net
127.0.0.1 news.netgravity.com
127.0.0.1 ng-webserver.netgravity.com
127.0.0.1 nl.doubleclick.net
127.0.0.1 no.doubleclick.net
127.0.0.1 ns.doubleclick.net
127.0.0.1 ns1.doubleclick.net
127.0.0.1 ns2.doubleclick.net
127.0.0.1 ny-router.netgravity.com
127.0.0.1 ny.netgravity.com
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 pptp-server.netgravity.com
127.0.0.1 pptp.netgravity.com
127.0.0.1 proxy.netgravity.com
127.0.0.1 rdbox.doubleclick.net
127.0.0.1 resolver.doubleclick.net
127.0.0.1 sanders.netgravity.com
127.0.0.1 se.doubleclick.net
127.0.0.1 se1.doubleclick.net
127.0.0.1 SITEPAGES.doubleclick.net
127.0.0.1 smhq-fe1-0.netgravity.com
127.0.0.1 sold.netgravity.com
127.0.0.1 suitespot.netgravity.com
127.0.0.1 support.netgravity.com
127.0.0.1 uk.doubleclick.net
127.0.0.1 uk1.doubleclick.net
127.0.0.1 us.doubleclick.net
127.0.0.1 uunet-gw.NYC1.doubleclick.net
127.0.0.1 uunyadgda1.doubleclick.net
127.0.0.1 uunyadgds1.doubleclick.net
127.0.0.1 3.netgravity.com
127.0.0.1 4.netgravity.com
127.0.0.1 zac.netgravity.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 speedbit.com
127.0.0.1 54.conducent.com
127.0.0.1 addbtest.conducent.com
127.0.0.1 addbtest.timesink.com
127.0.0.1 addltest.conducent.com
127.0.0.1 addltest.timesink.com
127.0.0.1 adqa.conducent.com
127.0.0.1 contentalpha.conducent.com
127.0.0.1 contentqa.conducent.com
127.0.0.1 contents.conducent.com
127.0.0.1 contents1.conducent.com
127.0.0.1 contenttest.conducent.com
127.0.0.1 digisle.conducent.com
127.0.0.1 DNS1.CONDUCENT.COM
127.0.0.1 download.timesink.com
127.0.0.1 eroom.conducent.com
127.0.0.1 firewall.conducent.com
127.0.0.1 firewall.timesink.com
127.0.0.1 ftp.conducent.com
127.0.0.1 hermes.conducent.com
127.0.0.1 ip134.conducent.com
127.0.0.1 ip134.timesink.com
127.0.0.1 Jerry.conducent.com
127.0.0.1 mail.conducent.com
127.0.0.1 mail.timesink.com
127.0.0.1 nandbob.conducent.com
127.0.0.1 nid.conducent.com
127.0.0.1 nid.timesink.com
127.0.0.1 nidinternal.conducent.com
127.0.0.1 nidinternal.timesink.com
127.0.0.1 nidinternaltest.conducent.com
127.0.0.1 nidtest.conducent.com
127.0.0.1 nidtest.timesink.com
127.0.0.1 nt2.conducent.com
127.0.0.1 pop3.conducent.com
127.0.0.1 pop3.timesink.com
127.0.0.1 proxytest.conducent.com
127.0.0.1 pushv5.conducent.com
127.0.0.1 redirectqa.conducent.com
127.0.0.1 redirects.conducent.com
127.0.0.1 redirects.timesink.com
127.0.0.1 redirecttest.conducent.com
127.0.0.1 smtp.conducent.com
127.0.0.1 smtp.timesink.com
127.0.0.1 softwares.conducent.com
127.0.0.1 softwares.timesink.com
127.0.0.1 sterlinga.conducent.com
127.0.0.1 sterlingf.conducent.com
127.0.0.1 updates2.conducent.com
127.0.0.1 updatetest.conducent.com
127.0.0.1 warsport.timesink.com
127.0.0.1 conducent.com
127.0.0.1 test.conducent.com
127.0.0.1 test.timesink.com
127.0.0.1 zeus.conducent.com
127.0.0.1 zeus.timesink.com
127.0.0.1 bob.web3000.com
127.0.0.1 tasha.web3000.com
127.0.0.1 web3000.com
127.0.0.1 7.web3000.com
127.0.0.1 abbott.radiate.com
127.0.0.1 ad2-1.aureate.com
127.0.0.1 ad2-2.aureate.com
127.0.0.1 ad2-3.aureate.com
127.0.0.1 ad2-4.aureate.com
127.0.0.1 adam.radiate.com
127.0.0.1 adserv2-301-sjc2.radiate.com
127.0.0.1 adserv3-408-sjc2.radiate.com
127.0.0.1 adsoftware.com
127.0.0.1 aim.adsoftware.com
127.0.0.1 aim.aureate.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim1.aureate.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim2.aureate.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim3.aureate.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim4.aureate.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 aim5.aureate.com
127.0.0.1 aim6.adsoftware.com
127.0.0.1 alexander.aureate.com
127.0.0.1 ans-test.adsoftware.com
127.0.0.1 ans1.adsoftware.com
127.0.0.1 ans10.adsoftware.com
127.0.0.1 ans2.adsoftware.com
127.0.0.1 ans3.adsoftware.com
127.0.0.1 apc-pdu-1.aureate.com
127.0.0.1 apc-pdu-2.aureate.com
127.0.0.1 aristotle.aureate.com
127.0.0.1 ask-a-chick.com
127.0.0.1 aureate-colo-hp2424m.aureate.com
127.0.0.1 aureate-main-2611.aureate.com
127.0.0.1 aureate.com
127.0.0.1 aureatemedia.com
127.0.0.1 bach.aureate.com
127.0.0.1 bc-208-184-172-192.radiate.com
127.0.0.1 bigmama.radiate.com
127.0.0.1 binarybliss.com
127.0.0.1 bonnie2.radiate.com
127.0.0.1 brinks.radiate.com
127.0.0.1 brutus.radiate.com
127.0.0.1 caesar.aureate.com
127.0.0.1 confucius.aureate.com
127.0.0.1 constantine.aureate.com
127.0.0.1 cook.aureate.com
127.0.0.1 copernicus.aureate.com
127.0.0.1 corona.radiate.com
127.0.0.1 costello.radiate.com
127.0.0.1 curly.aureate.com
127.0.0.1 cyrus.aureate.com
127.0.0.1 deadmanwalking.radiate.com
127.0.0.1 dell.radiate.com
127.0.0.1 dillinger.aureate.com
127.0.0.1 dolphinsfootball.com
127.0.0.1 dosequis.radiate.com
127.0.0.1 download.binarybliss.com
127.0.0.1 foreigner.radiate.com
127.0.0.1 freud.aureate.com
127.0.0.1 ftp.gozilla.com
127.0.0.1 gameboy.aureate.com
127.0.0.1 gd1.radiate.com
127.0.0.1 gizmo.net
127.0.0.1 godzilla.radiate.com
127.0.0.1 gozilla.com
127.0.0.1 group-mail.com
127.0.0.1 gzs-6509.radiate.com
127.0.0.1 gzs-7206.radiate.com
127.0.0.1 gzs-ld.radiate.com
127.0.0.1 h-208-184-172-10.radiate.com
127.0.0.1 h-208-184-172-100.radiate.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 www.mm.delfinproject.com
127.0.0.1 http://www.perfectedsecurity.com/
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 www.ads.vitalix.net
127.0.0.1 www.zedo.net

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINNT\system32\kgkdbsk.dll -> Hoax.Win32.Renos.gen.l
C:\WINNT\system32\kgkdbsk.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video ActiveX Access\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64467CC3-5772-4771-96AE-12A0C8546144}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64467CC3-5772-4771-96AE-12A0C8546144}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64467CC3-5772-4771-96AE-12A0C8546144}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#7 w8n4srvc

w8n4srvc

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 13 May 2007 - 10:50 AM

AVG log::

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:26:25 PM 5/13/2007

+ Scan result:



:mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.251:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.261:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.264:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.267:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.269:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.270:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.525:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.548:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.626:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.677:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.491:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.492:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.493:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.494:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.495:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.496:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.397:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.54:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.55:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.56:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.57:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.58:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.59:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.552:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adengage : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.363:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.364:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.365:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.366:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.367:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.368:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.369:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.53:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.571:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.598:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.358:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.733:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.379:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.454:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.456:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.457:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.458:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.459:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.460:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.461:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.462:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.476:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.477:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.806:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.807:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.627:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Cnn : No action taken.
:mozilla.790:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.50:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.794:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.795:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.796:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.797:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.374:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.425:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.447:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.511:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.545:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.734:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.747:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.607:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.631:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.578:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.601:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.371:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.372:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.373:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.61:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
:mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.444:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.813:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.21:C:\Documents and Settings\FMM\Application Data\Mozilla\Firefox\Profiles\8q03yfrw.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
:mozilla.618:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.619:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.620:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.621:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.622:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.549:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.550:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.551:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.599:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.600:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@ads1.revenue[1].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.239:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.240:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.361:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.305:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.306:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.307:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.382:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.383:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.384:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.385:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.386:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.387:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.708:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.709:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.808:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.352:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.353:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.354:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.355:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.356:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.357:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.359:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.360:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.560:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.561:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.562:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.563:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.812:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Toplist : No action taken.
:mozilla.729:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.339:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.439:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.440:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.441:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.442:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end





HIJthis report3::

Logfile of HijackThis v1.99.1
Scan saved at 12:29:09 PM, on 5/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155017924051
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CleanService - Unknown owner - C:\PROGRA~1\STOMPS~1\FILESH~1\CleanService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe








All instructions were followed to the letter. With exception-- control panel/display/security info tab.. This was not found and i attempted this while in safe mode. re-advise if this is a necessary step that i need to go back to and rescan all reports again??

#8 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 14 May 2007 - 10:11 AM

Don't worry about the websettings. There not avaailable in win 2000. My fault.



Where AVG anti malware scanner says " NO Action taken"
You should rescan with this program and have it quarintine everything it found.

:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xuaethcz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.






___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



Open HJT

this time click on
Misc tools section

then:
Open uninstall Manager
click on save list.
Post that for me.
______________________________________________________________________
Can you tell me what program this belongs to ? I can find no good solid information on it. :scratch:

O23 - Service: CleanService - Unknown owner - C:\PROGRA~1\STOMPS~1\FILESH~1\CleanService.exe

If you don't know have Hijackthis fix this line for now.

Then :



_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, and a button to browse with:

You will have to browse to this area and find this file. As I can't tell you exactly what the path is.


C:\PROGRAM files\ ( then something that looks like) STOMPS~1\FILESH~1\CleanService.exe
cleanservice.exe is the file I need scanned.


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html




In your next reply I would like to see:
  • A new HJT log done in Normal mode.
  • The report from Jottis/Vius Total.
  • The uninstall list from HJT

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#9 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 18 May 2007 - 11:23 AM

Still with me ?
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#10 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 21 May 2007 - 04:56 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·