Common Infection But Need Help [Archive]

k8fox1

2008-01-27, 16:55

This should be better,,,,,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:28 AM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTN Monitor - {2FDC8E29-E942-4307-97C5-69FFA934B331} - C:\WINDOWS\ddwlxtqgmq.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Office toolbar - {5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\RICH\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O21 - SSODL: agrlmvp - {86DB0B19-2384-424D-8100-3615289850E3} - (no file)
O21 - SSODL: bmlvqkn - {49D43136-C96F-4375-97EF-52AD45000C98} - C:\WINDOWS\bmlvqkn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9294 bytes

Shaba

2008-01-27, 16:56

Hi

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

k8fox1

2008-01-27, 17:14

SmitFraudFix v2.274

Scan done at 11:10:45.06, Sun 01/27/2008
Run from C:\Documents and Settings\RICH\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 www.siri.geekstogo.com
127.0.0.1 siri.geekstogo.com
127.0.0.1 noahdfear.geekstogo.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org
127.0.0.1 siri.urz.free.fr
127.0.0.1 www.siri.urz.free.fr

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\RICH

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\RICH\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RICH\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=" "

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA7D5781-48B2-41F4-B1A1-C3C63F29F5DD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA7D5781-48B2-41F4-B1A1-C3C63F29F5DD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA7D5781-48B2-41F4-B1A1-C3C63F29F5DD}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Shaba

2008-01-27, 18:36

Hi

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download and scan with SUPERAntiSpyware (http://www.superantispyware.com/) Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.superantispyware.com/definitions.html).)
______________________________

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________

Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Delete these if still present:

C:\WINDOWS\ddwlxtqgmq.dll
C:\WINDOWS\enqvwkp.dll
C:\WINDOWS\bmlvqkn.dll

Empty Recycle Bin.

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
For Internet Explorer 4.x - 6.x
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
For Netscape 4.x and Up
Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.
For Opera
Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Open SUPERAntiSpyware.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply. Click Close to exit the program.
______________________________

Please post:
c:\rapport.txt
SUPERAntiSpyware log
A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

k8fox1

2008-01-27, 19:10

Ok i will do this. May take an hour or so before I get a reply put here. Thanks.-Mike

Shaba

2008-01-27, 19:15

Hi

Ok, take your time :)

k8fox1

2008-01-27, 21:38

The Superantispyware is under way. In attempting to clean up one of the temp folders i was unable to delete the following file as it was list as in use or protected:

Perflib_Perfdata.2fc

-Mike

k8fox1

2008-01-28, 02:32

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2008 at 05:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Custom Scan
Total Scan Time : 02:57:12

Memory items scanned : 237
Memory threats detected : 0
Registry items scanned : 6711
Registry threats detected : 7
File items scanned : 87746
File threats detected : 122

Rogue.Files-Secure
HKCR\sysosa.Video
HKCR\sysosa.Video\Clsid
HKCR\AppId\sysosa.dll
HKCR\AppId\sysosa.dll#AppID
HKCR\AppId\{5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46}
HKCR\AppId\{5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46}#DllSurrogate
HKCR\AppId\{5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46}#AccessPermission

Adware.Tracking Cookie
C:\Documents and Settings\JESSICA\Cookies\jessica@3.adbrite[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@5.go.globaladsales[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@a.findarticles[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@a.websponsors[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ad.contentmedianetwork[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ad.coupons[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ad.greenmarquee[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ad.uk.tangozebra[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ad.xplusone[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@adinterax[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@adlegend[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.active[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.addesktop[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.ak.facebook[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.as4x.tmcs[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.associatedcontent[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.cartoondollemporium[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.cnn[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.gamesbannernet[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.k8l[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.pointroll[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.realtechnetwork[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.realtechnetwork[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads.revsci[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads3.blastro[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ads4.blastro[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@adserver6.teracent[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@apmebf[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@ar.atwola[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@atwola[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@azjmp[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@azoogleads[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@banner.32vegas[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@bannerads.zwire[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@bannerads.zwire[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@banners.broadwayworld[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@bizrate[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@clickauditor[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@clicksor[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@collective-media[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@creative.clicksor[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@drivecleaner[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@entrepreneur[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@eyewonder[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@freecodesource.advertserve[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@gcc-00.googleadservices[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@go.drivecleaner[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@go.drivecleaner[3].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@iacas.adbureau[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@icc.intellisrv[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@imrworldwide[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@interclick[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@kanoodle[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@keywordmax[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@media.mtvnservices[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@media303[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@media6degrees[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@mywebsearch[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@nextag[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@offers.intermediainteractive[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@partner2profit[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@partners.tattomedia[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@precisionclick[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@qnsr[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@redorbit.us.intellitxt[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@redorbit[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@richmedia.yahoo[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@rocku.adbureau[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@roiservice[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@s.clickability[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sales.liveperson[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sales.liveperson[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sales.liveperson[3].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sales.liveperson[6].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sales.liveperson[7].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sec1.liveperson[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@securepx.medianetwork[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@server.lon.liveperson[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@serving.rpowermedia[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sexcriminals[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@sexinfo101[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@shoplocl.adbureau[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@socialmedia[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@stats.drivecleaner[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@stats.privacyprotector[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@statse.webtrendslive[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@t4.trackalyzer[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@tatoofinder[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@tattoofinder[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@track.markarch[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@traffic.buyservices[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@tremor.adbureau[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@tripod[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@vhost.oddcast[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@videoegg.adbureau[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@winantispyware[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@winantivirus[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.clickxchange[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.drivecleaner[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.findarticles[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.googleadservices[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.googleadservices[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.googleadservices[3].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.sexandthecityquotes[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.teensay.co[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.ticketsnow[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.trackerlicious[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.winantispyware[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.winantivirus[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www.xctrk[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www4.addfreestats[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www5.addfreestats[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www7.addfreestats[1].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@www8.addfreestats[2].txt
C:\Documents and Settings\JESSICA\Cookies\jessica@xiti[1].txt
C:\Documents and Settings\LACY\Cookies\lacy@adinterax[2].txt
C:\Documents and Settings\LACY\Cookies\lacy@eyewonder[1].txt
C:\Documents and Settings\LACY\Cookies\lacy@interclick[2].txt
C:\Documents and Settings\LACY\Cookies\lacy@mywebsearch[1].txt
C:\Documents and Settings\LACY\Cookies\lacy@nextag[2].txt
C:\Documents and Settings\LACY\Cookies\lacy@popularscreensavers[1].txt

k8fox1

2008-01-28, 02:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:40 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTN Monitor - {2FDC8E29-E942-4307-97C5-69FFA934B331} - C:\WINDOWS\ddwlxtqgmq.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Office toolbar - {5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\WINDOWS\enqvwkp.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\RICH\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: agrlmvp - {86DB0B19-2384-424D-8100-3615289850E3} - (no file)
O21 - SSODL: bmlvqkn - {49D43136-C96F-4375-97EF-52AD45000C98} - C:\WINDOWS\bmlvqkn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8683 bytes

k8fox1

2008-01-28, 02:47

SmitFraudFix v2.274

Scan done at 13:45:10.06, Sun 01/27/2008
Run from C:\Documents and Settings\RICH\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.1 www.it-mate.co.uk
127.0.0.1 it-mate.co.uk
127.0.0.1 mysteryfcm.co.uk
127.0.0.1 www.internetinspiration.co.uk
127.0.0.1 www.mvps.org
127.0.0.1 bughunter.it-mate.co.uk
127.0.0.1 www.bughunter.it-mate.co.uk
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 acilot.cn #[Malicious.Links.Codec]
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
127.0.0.1 web.acumenpi.com #[AdvertPro]
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adagencypro.com

k8fox1

2008-01-28, 02:48

127.0.0.1 ads.adap.tv
127.0.0.1 ad.pop1.adbn.ru
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 adcp.adcentriconline.com
127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
127.0.0.1 content.adcentriconline.com
127.0.0.1 media.adcentriconline.com
127.0.0.1 publicis.adcentriconline.com
127.0.0.1 ad-clix.com
127.0.0.1 www.ad-clix.com
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
127.0.0.1 adcode.adengage.com
127.0.0.1 stats2.adengage.com
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 track.adform.net
127.0.0.1 www.adfusion.com
127.0.0.1 harvest.adgardener.com
127.0.0.1 harvest6.adgardener.com
127.0.0.1 harvest7.adgardener.com
127.0.0.1 harvest8.adgardener.com
127.0.0.1 harvest11.adgardener.com
127.0.0.1 harvest12.adgardener.com
127.0.0.1 harvest13.adgardener.com
127.0.0.1 harvest163.adgardener.com
127.0.0.1 harvest176.adgardener.com
127.0.0.1 seeds.adgardener.com
127.0.0.1 www.adgroups.net
127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 www.adgauge.com
127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]
127.0.0.1 host2.adhese.be
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net]
127.0.0.1 host4.adhese.be
127.0.0.1 ads.adhsm.adhese.com
127.0.0.1 pool.adhsm.adhese.com
127.0.0.1 ssl3.adhost.com
127.0.0.1 www2.adhost.com
127.0.0.1 ads.adhostingsolutions.com #[eTrust.Tracking.Cookie]
127.0.0.1 www.adimpact.com
127.0.0.1 www.adinventoryrecorder.com
127.0.0.1 adfarm1.adition.com
127.0.0.1 imagesrv.adition.com
127.0.0.1 ad.adition.net
127.0.0.1 adsearch.adkontekst.pl
127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 pk.adlandpro.com
127.0.0.1 te.adlandpro.com #[eTrust.Tracking.Cookie]
127.0.0.1 trafficex.adlandpro.com
127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 engine.adland.ru #[eTrust.Tracking.Cookie]
127.0.0.1 publicidad.adlead.com
127.0.0.1 ad.adlegend.com #[affects Webroot AlertNet]
127.0.0.1 media.adlegend.com #[eTrust.Tracking.Cookie]
127.0.0.1 www.adlimg03.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 rc.de.adlink.net #[eTrust.Tracking.Cookie]
127.0.0.1 tr.de.adlink.net
127.0.0.1 ads3.adman.gr #[eTrust.Tracking.Cookie]
127.0.0.1 r2d2.adman.gr
127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie]
127.0.0.1 apps.admission.net #[Spotlight Ads]
127.0.0.1 appcache.admission.net
127.0.0.1 view.admission.net
127.0.0.1 rms.admeta.com #[admeta.basefarm.net][eTrust.Tracking.Cookie]
127.0.0.1 ads.admodus.com #[eTrust.Tracking.Cookie]
127.0.0.1 ad.adnet.biz #[eTrust.Tracking.Cookie]
127.0.0.1 engine.adnet.ru
127.0.0.1 ad2.adnetinteractive.com
127.0.0.1 ad.adnetwork.com.br
127.0.0.1 s1.ad.adocean.pl #[Ewido.Tracking.Cookie]
127.0.0.1 s2.ad.adocean.pl
127.0.0.1 s1.centrumcz.adocean.pl #[eTrust.Tracking.Cookie]
127.0.0.1 s1.czgde.adocean.pl
127.0.0.1 s1.skgde.adocean.pl
127.0.0.1 ad01.adonspot.com
127.0.0.1 ad02.adonspot.com
127.0.0.1 isohunt.adonspot.com
127.0.0.1 ab.adpro.com.ua
127.0.0.1 ac.adpro.com.ua
127.0.0.1 system.adquick.nl
127.0.0.1 www.adquest.nl
127.0.0.1 adreactor.com
127.0.0.1 adserver.adreactor.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 adx.adrenaline.cz
127.0.0.1 www.adscampaign.com
127.0.0.1 www.adsforindians.com
127.0.0.1 ad.adrefer.net
127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com]
127.0.0.1 cntr.adrime.com
127.0.0.1 images.adrime.com
127.0.0.1 ad.adriver.ru
127.0.0.1 www.adrotate.net
127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ad.ads8.com
127.0.0.1 vip.ads8.com
127.0.0.1 www.ads183.com
127.0.0.1 ad.adsandads.net #[Trojan.Advatrix]
127.0.0.1 cpv.adsandads.net
127.0.0.1 antevenio.flux.ads-click.com
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 adservercentral.com
127.0.0.1 banners.adservercentral.com
127.0.0.1 www.adservercentral.com #[SunBelt.adservercentral.com]
127.0.0.1 adservicedomain.info
127.0.0.1 adsfac.net #[Facilitate Tracking Code]
127.0.0.1 images.adshuffle.com
127.0.0.1 this.content.served.by.adshuffle.com
127.0.0.1 ad-soft.net #[regfreeze.net]
127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan]
127.0.0.1 www.adsaway.com #[Google.Warning]
127.0.0.1 adsfac.eu
127.0.0.1 www.adshot.de
127.0.0.1 network.adsmarket.com
127.0.0.1 allchix.adsmax.com
127.0.0.1 www2.adsmax.com
127.0.0.1 www.adsodainteractive.com
127.0.0.1 www.adspace.be
127.0.0.1 g.adspeed.net
127.0.0.1 serv.adspeed.com
127.0.0.1 ads.adsponse.de
127.0.0.1 banner.adsrevenue.net
127.0.0.1 creative.adsrevenue.net
127.0.0.1 popunder.adsrevenue.net
127.0.0.1 adserve.adster.com
127.0.0.1 images.adster.com
127.0.0.1 adsvert.com
127.0.0.1 o.adtargeter.com
127.0.0.1 ads.adtiger.de
127.0.0.1 www.adtiger.de
127.0.0.1 ads.adgoto.com
127.0.0.1 adsrv.admindshare.com
127.0.0.1 adtology.com
127.0.0.1 adtology2.com
127.0.0.1 ad.adtoma.com
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com
127.0.0.1 www.adtrade.net
127.0.0.1 www.adtrader.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 ads.advancedpcmedia.com
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 www.adventideas.com #[Adcycle]
127.0.0.1 www.adversal.com
127.0.0.1 www.adversalservers.com
127.0.0.1 austria1.adverserve.net #[Ad-Aware.Tracking.Cookie]
127.0.0.1 ads.advertise.net
127.0.0.1 www.advertisingspaces.net
127.0.0.1 www.advertisingstats.com
127.0.0.1 advertisingpurchase.com
127.0.0.1 ad.adverticum.net
127.0.0.1 img.adverticum.net
127.0.0.1 imgs.adverticum.net
127.0.0.1 ads.advertisingz.com
127.0.0.1 ad.advertstream.com
127.0.0.1 adviva.com
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[Panda.Spyware:Cookie/Adviva]
127.0.0.1 de.ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 www.traf.advscripts.com
127.0.0.1 ad.adworx.at
127.0.0.1 www.ad-z.de
127.0.0.1 banners.adzones.com
127.0.0.1 clicks.adzones.com
127.0.0.1 feeds.adzones.com
127.0.0.1 www.adzones.com
127.0.0.1 aeoworld.de
127.0.0.1 www.aeoworld.de #[W32/WMF-exploit]
127.0.0.1 banners.affilimatch.de
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 adz.afterdawn.net
127.0.0.1 ad.afy11.net
127.0.0.1 stats.agent.co.il
127.0.0.1 agentmediagroup.com #[Javascript.Exploit]
127.0.0.1 www.agentmediagroup.com
127.0.0.1 rmbannerserver.agestado.com.br
127.0.0.1 stats.agentinteractive.com
127.0.0.1 api.aggregateknowledge.com
127.0.0.1 aams1.aim4media.com
127.0.0.1 artwork.aim4media.com
127.0.0.1 www.aim4media.com #[SunBelt.Adserver.aim4media]
127.0.0.1 adlik.akavita.com
127.0.0.1 adlik2.akavita.com #[server down?]
127.0.0.1 adserver.akqa.net #[Ad-Aware Tracking.Cookie]
127.0.0.1 www.alaqiq.net #[Javascript.Exploit]
127.0.0.1 aldorawar.com
127.0.0.1 www.aldorawar.com #[JS/Exploit.ADODB.Stream.NAP]
127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB][AdWare.ToolBar.Alibabar.b]
127.0.0.1 tracking.allposters.com
127.0.0.1 ad.allstar.cz
127.0.0.1 bokee.allyes.com
127.0.0.1 demoafp.allyes.com
127.0.0.1 eastmoney.allyes.com
127.0.0.1 smarttrade.allyes.com
127.0.0.1 taobaoafp.allyes.com
127.0.0.1 tom.allyes.com
127.0.0.1 uuseeafp.allyes.com
127.0.0.1 www.almondnetworks.com
127.0.0.1 www.almoso3h.com #[Trojan-PSW.Win32.VB.cl]
127.0.0.1 www.alsaloumainvestment.com #[Win32/SpamTool.Gadina]
127.0.0.1 ad.altervista.org
127.0.0.1 marx2.altervista.org #[server down?]
127.0.0.1 pqwaker.altervista.org
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 adimg.alice.it
127.0.0.1 adv.alice.it
127.0.0.1 count1.altastat.com
127.0.0.1 altmedia101.com
127.0.0.1 www.alldep.com #[Spamdexing]
127.0.0.1 adserver.alt.com
127.0.0.1 c0.amazingcounters.com
127.0.0.1 c1.amazingcounters.com
127.0.0.1 c2.amazingcounters.com
127.0.0.1 c3.amazingcounters.com
127.0.0.1 c4.amazingcounters.com
127.0.0.1 c5.amazingcounters.com
127.0.0.1 c6.amazingcounters.com
127.0.0.1 c7.amazingcounters.com
127.0.0.1 c8.amazingcounters.com
127.0.0.1 www.amazingcounters.com
127.0.0.1 banner.ambercoastcasino.com
127.0.0.1 ads.amdmb.com
127.0.0.1 whos.amung.us #[WebBug]
127.0.0.1 advert.ananzi.co.za
127.0.0.1 advert2.ananzi.co.za
127.0.0.1 adserver.ancestry.com #[RealMedia]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 www.andyhoppe.com
127.0.0.1 angpeu.info #[Win32/TrojanDownloader.Ani.Gen][server down?]
127.0.0.1 ads.angryape.com
127.0.0.1 banners.ads.angryape.com
127.0.0.1 www.antarasystems.com
127.0.0.1 www.anticlown.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 www.arcadebanners.com
127.0.0.1 www.arcadebannerexchange.com
127.0.0.1 ard114.info #[Spamdexing]
127.0.0.1 areabuyreal.com
127.0.0.1 act.areabuyreal.com #[Win32/TrojanDownloader.Zlob]
127.0.0.1 click.areabuyreal.com #[WildCard DNS]
127.0.0.1 www.areabuyreal.com
127.0.0.1 demiurge.arstechnica.com
127.0.0.1 artsklimited.info #[Win32/Padodor.NAQ]
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.asia1.com.sg
127.0.0.1 asimpleinternet.com #[Tenebril.SpecialOffers]
127.0.0.1 www.asimpleinternet.com
127.0.0.1 ads.ask.com #[sv-click.looksmart.com]
127.0.0.1 www.askyaya.com #[SunBelt.AskYaya]
127.0.0.1 ads.aspalliance.com
127.0.0.1 ads.associatedcontent.com
127.0.0.1 f.astaz.info #[Malicious.Links.Codec]
127.0.0.1 www.ati-etailer.de
127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent][Adware-Atlas]
127.0.0.1 ads.auctionads.com
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 ads.auctioncity.co.nz
127.0.0.1 www.autosurfpro.com
127.0.0.1 ads.autotrader.co.za
127.0.0.1 adserving.autotrader.com #[SunBelt.AdServing.AutoTrader.com]
127.0.0.1 engine.awaps.net
127.0.0.1 www.axill.com
127.0.0.1 images.axill.in
127.0.0.1 www.axill.in
127.0.0.1 axload.to #[Adware.Webprefix][Trojan.Downloader.6588.E]
127.0.0.1 valid.axload.to
127.0.0.1 ayiosamvrosios.com #[Javascript.Exploit]
127.0.0.1 www.azads.net
127.0.0.1 azresults.com #[Spamdexing]
127.0.0.1 www.azresults.com
127.0.0.1 azsearch.org
127.0.0.1 babla.info #[Spamdexing]
127.0.0.1 adserver1.backbeatmedia.com
127.0.0.1 adserver1-images.backbeatmedia.com
127.0.0.1 bullseye.backbeatmedia.com
127.0.0.1 www.badhyip.org #[Google.Warning]
127.0.0.1 ads.badische-zeitung.de
127.0.0.1 bar.baidu.com #[Win32/Adware.Toolbar.Baidu][Sophos.JS/BDHelper-A]
127.0.0.1 download.baigoo.com #[AdWare.Win32.Baigoo.a][Trackware.Baigoo]
127.0.0.1 balticaffiliate.com #[Spamdexing]

k8fox1

2008-01-28, 02:48

127.0.0.1 www.baltictop.com
127.0.0.1 adsrv.bankrate.com
127.0.0.1 click.banneradv.com
127.0.0.1 adserver.banneradministration.com
127.0.0.1 www.bannerbox.cn
127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
127.0.0.1 clicks.bannerboxes.com
127.0.0.1 feeds.bannerboxes.com
127.0.0.1 www.bannerboxes.com
127.0.0.1 bannerbg.com
127.0.0.1 www.banner-exchange.nl
127.0.0.1 ad.bannerhost.ru
127.0.0.1 banners.bannerlandia.com.ar
127.0.0.1 www.bannermanagement.nl
127.0.0.1 www.bannerout.com
127.0.0.1 www.banneroverdrive.com
127.0.0.1 www.bannerpromotion.it
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com
127.0.0.1 www3.bannerspace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com #[Tenebril.Tracking.Cookie]
127.0.0.1 www.bannerswap.ca
127.0.0.1 ads.vg.basefarm.net #[RealMedia]
127.0.0.1 ads.baz.ch
127.0.0.1 ad2.bbmedia.cz
127.0.0.1 bbeplayer.com #[WebBug]
127.0.0.1 autocontext.begun.ru
127.0.0.1 adlogger.bertgeens.be
127.0.0.1 www.belstat.be
127.0.0.1 www.belstat.com
127.0.0.1 www.belstat.nl
127.0.0.1 oas.benchmark.fr #[RealMedia]
127.0.0.1 bengilani.com #[VBS/Envary.A]
127.0.0.1 bestinfosearch.com
127.0.0.1 www.bestinfosearch.com #[Malicious.Links]
127.0.0.1 bestinshowjewelry.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 www.bestinshowjewelry.com
127.0.0.1 webtrends.besite.be
127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
127.0.0.1 ads.betanews.com
127.0.0.1 banner.betfred.com
127.0.0.1 www.bettertextads.com
127.0.0.1 big4top.com
127.0.0.1 www.big4top.com #[IFrame.Exploit]
127.0.0.1 stats.big-boards.com
127.0.0.1 ad0.bigmir.net
127.0.0.1 ad1.bigmir.net
127.0.0.1 ad4.bigmir.net
127.0.0.1 ad5.bigmir.net
127.0.0.1 ad6.bigmir.net
127.0.0.1 ad7.bigmir.net
127.0.0.1 adi.bigmir.net
127.0.0.1 c.bigmir.net #[SecuritySpace.WebBug]
127.0.0.1 i.bigmir.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 counter.bigli.ru
127.0.0.1 bigstats.net
127.0.0.1 banex.bikers-engine.com
127.0.0.1 ad2.billboard.cz
127.0.0.1 adserver.bizhat.com
127.0.0.1 counter.bizland.com
127.0.0.1 dc.bizjournals.com
127.0.0.1 www.black-hole.co.uk
127.0.0.1 ads2.blastro.com
127.0.0.1 ads3.blastro.com
127.0.0.1 ads4.blastro.com
127.0.0.1 ads.blick.ch
127.0.0.1 streamstats1.blinkx.com
127.0.0.1 ads.blizzard.com
127.0.0.1 blogadswap.com
127.0.0.1 tracker.blogbeat.net
127.0.0.1 ads.blogdrive.com
127.0.0.1 banners.blogexplosion.com
127.0.0.1 counter.blogexplosion.com
127.0.0.1 blogtextlinks.blogexplosion.com
127.0.0.1 rentblog.blogexplosion.com
127.0.0.1 mapstats.blogflux.com
127.0.0.1 www.blogpatrol.com
127.0.0.1 t.blogreaderproject.com #[WebBug]
127.0.0.1 ads1.prod.bluetape.com
127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
127.0.0.1 track.blogcounter.de
127.0.0.1 www.blogcounter.de
127.0.0.1 adserver.bluewin.ch
127.0.0.1 www.bmmetrix.com #[WebBug][Tracking.Cookie]
127.0.0.1 ads.boardtracker.com
127.0.0.1 ranks.boardtracker.com
127.0.0.1 adimage.bokee.com
127.0.0.1 ad.bol.bg
127.0.0.1 adv.bol.bg
127.0.0.1 ads.bomis.com
127.0.0.1 banners.bookmaker.com
127.0.0.1 ccc.boolans.com #[Adware.Rugo]
127.0.0.1 err.boom.ru
127.0.0.1 www.borlander.cn #[Adware.Borlan]
127.0.0.1 www.borlander.com.cn #[ADSPY/Boran.X.19.C]
127.0.0.1 ads.brainiads.com
127.0.0.1 ads.breakthru.com
127.0.0.1 bans.bride.ru
127.0.0.1 cc.bridgetrack.com
127.0.0.1 citi.bridgetrack.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 citi.bridgetrack.com.edgesuite.net
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 banners.broadwayworld.com
127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
127.0.0.1 bsdpng.info
127.0.0.1 btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.bulletads.com
127.0.0.1 redemption.bullseye-media.net
127.0.0.1 users.bullseye-media.net
127.0.0.1 www.bullseye-media.net
127.0.0.1 bunnezone.com #[Win32/Jep.Russ]
127.0.0.1 burnsrecyclinginc.com #[Win32/TrojanDropper.Agent.NBX]
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 ad1.bustcash.com
127.0.0.1 www.buy404s.com
127.0.0.1 www.buycheapadvertising.com
127.0.0.1 www.buzzclick.com
127.0.0.1 tr.buzzlogic.com
127.0.0.1 tracking.byindia.com
127.0.0.1 www.byip.cn #[Google.Warning]
127.0.0.1 multi.byulcom.com #[Win32/TrojanDownloader.Small.BIV]
127.0.0.1 ads.calgarystampede.com
127.0.0.1 canadianhw.ca #[VBS/Envary.A]
127.0.0.1 www.canadianhw.ca
127.0.0.1 ads.capablenet.com
127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
127.0.0.1 www.cashfiesta.net
127.0.0.1 banner.casinoking.com #[AdWare.Win32.Casino.ae]
127.0.0.1 www.cashventure.com
127.0.0.1 ads.casino.com
127.0.0.1 ad.caradisiac.com
127.0.0.1 ads.cars.com
127.0.0.1 blockbuster.com.7.ccg360.com
127.0.0.1 blockbuster.med.ccg360.com
127.0.0.1 www.cd321.com
127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
127.0.0.1 ads.cdrinfo.com
127.0.0.1 stats.cdrinfo.com #[WebBug]
127.0.0.1 www.celebritypicturesarchive.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 www.celebrity-pictures-world.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 clicktracker.centrum.cz
127.0.0.1 mds.centrport.net #[Ad-Aware.Tracking.Cookie]
127.0.0.1 cetrk.com #[Crazy Egg]
127.0.0.1 cesp.be #[HTML/TrojanDownloader.Agent.NAB]
127.0.0.1 adserver.cducinema.com
127.0.0.1 counter.cgiworld.net
127.0.0.1 tracker.cgiworld.net
127.0.0.1 cts.channelintelligence.com #[switch.atdmt.com]
127.0.0.1 abc.checkm8.com
127.0.0.1 rmm1u.checkm8.com
127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
127.0.0.1 web2.checkm8.com
127.0.0.1 ads.checkm8.co.za
127.0.0.1 ads.chellomedia.com
127.0.0.1 ads.china.com
127.0.0.1 www.china3q.com #[Trojan.Startpage.S]
127.0.0.1 ad.chip.de
127.0.0.1 www.chsniper.com #[Downloader.Sniper]
127.0.0.1 chunkypig.com #[AdWare.Win32.Chiem.c]
127.0.0.1 www.chunkypig.com
127.0.0.1 ad.cibleclick.com #[eTrust.Cibleclick]
127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 www.classicequipment.com #[Google.Warning]
127.0.0.1 board.classifieds1000.com
127.0.0.1 xp.classifieds1000.com
127.0.0.1 www.classifieds1000.com #[SiteAdvisor.classifieds1000.com]
127.0.0.1 images.clckm.com
127.0.0.1 pics.clckm.com #[Parking Service]
127.0.0.1 cleanfeed.info #[Spamdexing]
127.0.0.1 ads.clickad.com #[eTrust.Tracking.Cookie]
127.0.0.1 clickbank.net #[Ad-Aware.Tracking.Cookie]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
127.0.0.1 ssl.clickbank.net
127.0.0.1 zzz.clickbank.net #[Ewido.TrackingCookie.Clickbank]
127.0.0.1 publishers.clickbooth.com #[directleads.com]
127.0.0.1 clickboothlnk.com
127.0.0.1 www.clickboothlnk.com
127.0.0.1 j.clickdensity.com
127.0.0.1 r.clickdensity.com
127.0.0.1 dsml.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 www.clickmanage.com
127.0.0.1 clicktopsite.com #[Spamdexing]
127.0.0.1 clicktracks.com #[McAfee.Cookie-Clicktracks]
127.0.0.1 stats.clicktracks.com #[Tenebril.Tracking.Cookie]
127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking.Cookie]
127.0.0.1 stats2.clicktracks.com #[SpySweeper.Spy.Cookie]
127.0.0.1 stats3.clicktracks.com
127.0.0.1 stats4.clicktracks.com
127.0.0.1 www.clicktracks.com #[SunBelt.ClickTracks]
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 hit.click2006.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[SunBelt.ClickHouse]
127.0.0.1 www.click-power.com #[Win32/TrojanDownloader.VB.JL][Win32.Virtumonde.by]
127.0.0.1 www.clicksbroker.com
127.0.0.1 ad1.clickhype.com #[Ewido.TrackingCookie.Clickhype]
127.0.0.1 clickoly.com #[Spamdexing]
127.0.0.1 redirect.clickshield.net
127.0.0.1 clickthru.net
127.0.0.1 ads.clickthru.net
127.0.0.1 icon.clickthru.net
127.0.0.1 clicktorrent.info
127.0.0.1 static.clicktorrent.info
127.0.0.1 www.clicktorrent.info #[phpAds]
127.0.0.1 www1.clicktorrent.info
127.0.0.1 norbert_sirot.club.fr #[Trojan-Spy.Win32.Banker.anv]
127.0.0.1 banner.clubdicecasino.com
127.0.0.1 adserver.clix.pt
127.0.0.1 ad.cmfu.com
127.0.0.1 www.cnstats.com
127.0.0.1 ad.coas2.co.kr
127.0.0.1 ads.cobrad.com
127.0.0.1 codeads.com
127.0.0.1 www.codeads.com
127.0.0.1 collectiveads.net
127.0.0.1 comcord.info #[Spamdexing]
127.0.0.1 www.contextpanel.com #[searchant.com]
127.0.0.1 www.combimedia.nl
127.0.0.1 bdx.comclick.com
127.0.0.1 br.comclick.com
127.0.0.1 ct2.comclick.com #[Tenebril.Tracking.Cookie]
127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Ewido.TrackingCookie.Comclick]
127.0.0.1 members.commissionmonster.com
127.0.0.1 www.connectingslice.com #[JS/TrojanDownloader.Psyme.CZ.Gen]
127.0.0.1 aa.connextra.com
127.0.0.1 bb.connextra.com #[a22.g.akamai.net]
127.0.0.1 cc.connextra.com
127.0.0.1 dd.connextra.com
127.0.0.1 ee.connextra.com
127.0.0.1 ff.connextra.com #[a22.g.akamai.net]
127.0.0.1 data.connextra.com
127.0.0.1 linkexchange.consoleunderground.com
127.0.0.1 www.consoleunderground.com #[Adware.Begin2search]
127.0.0.1 ads.consumeraffairs.com
127.0.0.1 ads.contactmusic.com #[AdvertPro]
127.0.0.1 servedby.contextuad.org
127.0.0.1 svp.contextuad.org #[SunBelt.ContextuAd]
127.0.0.1 www.contextualclick.com #[Dynamic keywords analyser]
127.0.0.1 ads.console.net
127.0.0.1 su.copylouis.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 banners.copyscape.com
127.0.0.1 www.countit.ch
127.0.0.1 counter.co.kz #[server down?]
127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 www.countercentral.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter-shop.net
127.0.0.1 htm-pop-ky.counterstat.net
127.0.0.1 www.counting4free.com
127.0.0.1 www.counter.cz
127.0.0.1 www.counti.de
127.0.0.1 www.countmypage.com
127.0.0.1 log1.countomat.com
127.0.0.1 connectionzone.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 test.coremetrics.com #[SpySweeper.Spy.Cookie]
127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 banner.coza.com
127.0.0.1 www.cpaclicks.com #[Spamdexing]
127.0.0.1 server.cpmstar.com #[ads.shizmoo.com]
127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
127.0.0.1 www.cracks.am #[fuck-portal.com][Adware.CramToolbar]
127.0.0.1 ads.cracked.com
127.0.0.1 track.cracked.com
127.0.0.1 www.crackserver.com #[StopBadware.Report]
127.0.0.1 new.crashextads.co.uk #[server down?]
127.0.0.1 crawl.ws
127.0.0.1 cont.crawl.ws #[AdWare.Win32.MegaKiss.b]
127.0.0.1 www.crawl.ws
127.0.0.1 counter.credo.ru
127.0.0.1 www.cridem.org #[Win32/Spy.Banker.AHY]
127.0.0.1 www.crispads.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 ads.crucialparadigm.com
127.0.0.1 crunet.info #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 media.customeracquisitionsite.com #[customeracquisitionsite.adlegend.com]
127.0.0.1 cxss358.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 cyberbounty.com
127.0.0.1 clk.cyberbounty.com
127.0.0.1 pop.cyberbounty.com
127.0.0.1 serve.cyberbounty.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 banner.cybertechdev.com
127.0.0.1 cybertown.ru
127.0.0.1 search.cygo.net
127.0.0.1 www.cygo.net #[McAfee.Adware-Cygo]
127.0.0.1 cytron.com #[DailyWinner][eTrust.Cytron]
127.0.0.1 www.cytron.com
127.0.0.1 dabestdomain.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 ads.dada.it
127.0.0.1 www.dailykeys.com #[Google.Warning]
127.0.0.1 mm.dalumm.com #[Win32/TrojanDownloader.Small.TZ]
127.0.0.1 www.data-jpn.com #[Trojan.Pajatan]
127.0.0.1 banner.date.com #[Tenebril.Tracking.Cookie]
127.0.0.1 www.dateclix.com #[DateClix.com Banner Exchange Code]
127.0.0.1 datingbanners.net
127.0.0.1 ads.datinggold.com
127.0.0.1 ad.db3nf.com
127.0.0.1 dcstat.com
127.0.0.1 deansplanet.com #[Malicious.Links.Zango]
127.0.0.1 www.deansplanet.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 deepcom.com #[SiteAdvisor.deepcom.com]
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]

k8fox1

2008-01-28, 02:51

127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Microsoft]
127.0.0.1 demsas-iran.com #[VBS/Envary.A]
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 ad.depositfiles.com
127.0.0.1 ad.detik.com
127.0.0.1 desire-search.com #[Spamdexing]
127.0.0.1 ads.deviantart.com
127.0.0.1 adsvr.deviantart.com
127.0.0.1 phpadsnew.devstart.com
127.0.0.1 banners.diariodelaltoaragon.es
127.0.0.1 track.did-it.com #[Panda.Spyware:Cookie/did-it]
127.0.0.1 counter.dieit.de
127.0.0.1 digiwexonline.com #[W32/Kibik.a]
127.0.0.1 www.digink.com #[PcTools.SysCheckBop32]
127.0.0.1 ads.digitalpoint.com
127.0.0.1 geo.digitalpoint.com
127.0.0.1 comm1.digits.com
127.0.0.1 counter.digits.com
127.0.0.1 ads.dir.bg
127.0.0.1 banners.dir.bg
127.0.0.1 ad.directaclick.com
127.0.0.1 direct-ip.com #[Adware-DirectIP][SecurityRisk.DirectIP]
127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
127.0.0.1 ad.directconnect.se
127.0.0.1 banners.directnic.com #[SecuritySpace.WebBug]
127.0.0.1 dnads.directnic.com
127.0.0.1 parked.directnic.com
127.0.0.1 stats.directnic.com
127.0.0.1 www.directnicparking.com
127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
127.0.0.1 ads.directnetadvertising.net #[SiteAdvisor.directnetadvertising.net]
127.0.0.1 www.directnetadvertising.net #[Ad-Aware Tracking.Cookie]
127.0.0.1 ad.displayadsmedia.com
127.0.0.1 agentq.ditto.com
127.0.0.1 js.ditto.com
127.0.0.1 matrix.ditto.com
127.0.0.1 media.ditto.com #[a232.x.akamai.net]
127.0.0.1 www.ditto.com #[AdWare.Win32.Softomate.c]
127.0.0.1 cnads.dixcom.com
127.0.0.1 dcww.dmcast.com #[Adware-DesktopMedia]
127.0.0.1 ad1.dmcmedia.co.kr
127.0.0.1 dmdl.dmcast.com
127.0.0.1 install.dmcast.com #[Adware-DesktopMedia.dr]
127.0.0.1 track.dmipartners.com
127.0.0.1 ads.dmnews.com
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 searchportal.dnparking.com #[Parking Service]
127.0.0.1 www.dnscaching.net #[SiteAdvisor.dnscaching.net]
127.0.0.1 dnv-counter.com
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 www.dodostats.com
127.0.0.1 a.doginhispen.com #[Downloader-BEW]
127.0.0.1 dontouchmyad.com #[drivecleaner.com]
127.0.0.1 doorgen.com #[Spamdexing]
127.0.0.1 www.doorgen.com
127.0.0.1 ads.dotomi.com
127.0.0.1 www.down988.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 www.download-services.com #[VBA32.Trojan-Downloader.Agent.26]
127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
127.0.0.1 banners.dpnet.com.br
127.0.0.1 drmx01.net #[Spamdexing]
127.0.0.1 counter.dreamhost.com
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.dreamadvert.com #[SunBelt.Dreamadvert]
127.0.0.1 www.dropthehammer.com #[Win32/Spy.Banker.AHY]
127.0.0.1 ads.drugs.com
127.0.0.1 b.ds1.nl
127.0.0.1 ddd.dudu.com #[Tenebril.DuDu Accelerator]
127.0.0.1 ulink4.dudu.com #[Adware.DDDClient][SunBelt.DuDuAccelerator]
127.0.0.1 ulink13.dudu.com #[Win32/Adware.DM]
127.0.0.1 www.dudu.com #[McAfee.Downloader-AVV]
127.0.0.1 www.duenow.com
127.0.0.1 www.dutty.de #[W32.Peerload.A]
127.0.0.1 www.dzy520.com #[Google.Warning]
127.0.0.1 hits.e.cl
127.0.0.1 banners.earnunited.com
127.0.0.1 blogads.ebanner.nl
127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 www.earncashontheinternet.com #[SunBelt.OpinionBar]
127.0.0.1 click.easilyfound.com #[Tenebril.AdTraffic]
127.0.0.1 www.easilyfound.com
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 easyhitcounters.com #[server down?]
127.0.0.1 beta.easyhitcounters.com
127.0.0.1 easytrader.bg
127.0.0.1 static.easytrader.bg
127.0.0.1 www.ebannertraffic.com
127.0.0.1 easy-web-stats.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 mailer.ebates.com
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 ads.eccentrix.com
127.0.0.1 b.economedia.bg #[ban.etaligent.net]
127.0.0.1 ads.ecrush.com #[AdvertPro]
127.0.0.1 www.eden21.net #[Win32/Haxdoor][TR/Dldr.Botol.D.1]
127.0.0.1 c6.edgesuite.net #[RealMedia]
127.0.0.1 einfachstarten.com #[Trojan.Firpage]
127.0.0.1 eisenstein.dk #[tracking.ping]
127.0.0.1 www.ejmx.com #[Adware.ElectroJMX]
127.0.0.1 ad.e-kolay.net
127.0.0.1 www.ek21.com #[Trojan.Chost.B]
127.0.0.1 www.elancenet.org #[Worm/Eyeveg.CH]
127.0.0.1 ads.elmaz.com
127.0.0.1 now.eloqua.com #[WebBug]
127.0.0.1 ads.eluniversal.com.mx
127.0.0.1 hits.eluniversal.com.mx
127.0.0.1 publicidad.eluniversal.com.mx
127.0.0.1 elwebsearch.info #[Malicious Links.Umax]
127.0.0.1 wwv.elwebsearch.info
127.0.0.1 www.elwebsearch.info
127.0.0.1 ad1.emediate.dk
127.0.0.1 eas.apm.emediate.eu
127.0.0.1 ad1.emediate.se
127.0.0.1 www.emoinstaller.com #[Win32/Adware.NdotNet][SiteAdvisor.emoinstaller.com]
127.0.0.1 www.emusic.com #[McAfee.Adware-eMusic][F-Secure.Adware.eMusic]
127.0.0.1 dotnet.endai.com
127.0.0.1 stats.engineseeker.com
127.0.0.1 entk.net
127.0.0.1 log.enquisite.com
127.0.0.1 adv.entercasino.com #[Adware.Casino.V]
127.0.0.1 enthro.com
127.0.0.1 enthro.info #[Malicious.Links.DriveCleaner]
127.0.0.1 enthro.net
127.0.0.1 enthro.org
127.0.0.1 ads.eog.com
127.0.0.1 ads.e-planning.net
127.0.0.1 ads.us.e-planning.net
127.0.0.1 adserving03.epi.es
127.0.0.1 www.e-referrer.com
127.0.0.1 launcheruk.escritorioactivo.com
127.0.0.1 vipuk.escritorioactivo.com #[HJTH.123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[eTrust.EScorcher]
127.0.0.1 gtb.etology.com
127.0.0.1 pages.etology.com
127.0.0.1 www.etracker.de
127.0.0.1 www.etxh.com #[Win32/Prosti.C]
127.0.0.1 ads.ero-advertising.com
127.0.0.1 banners.ero-advertising.com
127.0.0.1 data.ero-advertising.com
127.0.0.1 thumbs.ero-advertising.com
127.0.0.1 adopt.euroclick.com #[Ewido.TrackingCookie.Euroclick]
127.0.0.1 cdn.euroclick.com
127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
127.0.0.1 advert.eurotip.cz
127.0.0.1 www.euros4click.de
127.0.0.1 ad.eurosport.com #[oas.eurosport.com]
127.0.0.1 www.eurowebstats.com
127.0.0.1 www.everestpoker.com #[AdWare.Win32.Casino.t]
127.0.0.1 advert.exaccess.ru
127.0.0.1 dynamic.exaccess.ru
127.0.0.1 static.exaccess.ru
127.0.0.1 www.exchangead.com
127.0.0.1 exchange.bg
127.0.0.1 www.exchange.bg
127.0.0.1 exitexchange.com #[SiteAdvisor.exitexchange.com]
127.0.0.1 ads.exitexchange.com
127.0.0.1 count.exitexchange.com #[McAfee.Cookie-Exitexchange]

k8fox1

2008-01-28, 02:52

127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.exittrade.com
127.0.0.1 www.exittraffic.net #[SiteAdvisor.exittraffic.net]
127.0.0.1 syndication.exoclick.com
127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
127.0.0.1 www.experclick.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ads.expressindia.com
127.0.0.1 banners.expressindia.com
127.0.0.1 cdn.eyewonder.com #[SunBelt.EyeWonder]
127.0.0.1 cdn4.eyewonder.com
127.0.0.1 pixel1097.everesttech.net
127.0.0.1 pixel1324.everesttech.net
127.0.0.1 pixel1370.everesttech.net
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 evilman.cn #[Win32/TrojanDownloader.VB.APY]
127.0.0.1 ads2.exhedra.com
127.0.0.1 ads.expedia.com
127.0.0.1 extra-video.org #[Win32/TrojanDownloader.Small.NFP]
127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
127.0.0.1 feedback.eyereturn.com
127.0.0.1 resources.eyereturn.com
127.0.0.1 timespent.eyereturn.com
127.0.0.1 voken.eyereturn.com
127.0.0.1 ads.ezboard.com
127.0.0.1 eziin.com #[Adware.Eziin]
127.0.0.1 www.eziin.com
127.0.0.1 www.ezurl.co.kr #[Spyware.Ezurl]
127.0.0.1 ads.facebook.com #[facebook-ads.vo.llnwd.net]
127.0.0.1 ads.ak.facebook.com
127.0.0.1 www.factorygames.com #[SiteAdvisor.factorygames.com]
127.0.0.1 banner.fairpoker.com #[AdWare.Win32.Casino.w]
127.0.0.1 ehs.familydoctor.org #[ads.digitalhealthcare.com]
127.0.0.1 tmp.farfly.org #[Trojan.Farfli]
127.0.0.1 www.fast-adv.it
127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Win32/Adware.MediaBack]
127.0.0.1 fastonlineusers.com
127.0.0.1 fasttrack.nu
127.0.0.1 fastwebcounter.com
127.0.0.1 counter.fateback.com
127.0.0.1 counter1.fc2.com
127.0.0.1 www.ffxiforums.net #[Trojan-PSW.Win32.OnLineGames.kw]
127.0.0.1 filcu.cn #[Malicious.Links.Codec]
127.0.0.1 alex.fileburst.com #[Win32/TrojanDropper.Agent.NBT]
127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 findover.org #[Spamdexing]
127.0.0.1 search.findscout.com
127.0.0.1 www.findscout.com #[W32/Delf.KPZ]
127.0.0.1 ai.p.findology.com
127.0.0.1 banner.finn.no
127.0.0.1 ads.firingsquad.com
127.0.0.1 ads2.firingsquad.com
127.0.0.1 firstdor.info #[Spamdexing]
127.0.0.1 ads.firstgrand.com
127.0.0.1 fishclix.com
127.0.0.1 www.fishclix.com
127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
127.0.0.1 www.fjordbergen.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.fjjyjy.net #[Win32/Hipigon][W32.Fijjy]
127.0.0.1 www.flashadengine.com
127.0.0.1 cdn.flashedmail.com #[Parked?]
127.0.0.1 tracker1.flashedmail.com
127.0.0.1 adserver4.fluent.ltd.uk
127.0.0.1 adserver.fmpub.net
127.0.0.1 dynamic.fmpub.net
127.0.0.1 static.fmpub.net
127.0.0.1 ads.fmwinc.com
127.0.0.1 rnews.focus-news.net
127.0.0.1 www.foofle.net #[Backdoor.Foobot]
127.0.0.1 adcycle.footymad.net
127.0.0.1 www.forodeortodoncia.com #[Backdoor.IRC.Zapchast]
127.0.0.1 js.forrestersurveys.com
127.0.0.1 socratos.forrestersurveys.com
127.0.0.1 forso.info #[Malicious.Links.Codec]
127.0.0.1 akcr.free.fr #[Win32/Spy.Bancos.U]
127.0.0.1 googlelite.free.fr #[Spamdexing]
127.0.0.1 ad.freecity.de
127.0.0.1 ads05.freecity.de
127.0.0.1 freecounters.xp.tl
127.0.0.1 www.free-counter.com
127.0.0.1 maurobb.freecounter.it
127.0.0.1 www.freecounter.it
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 www.freedownloadhq.com #[SiteAdvisor.freedownloadhq.com]
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehitwebsitecounter.com
127.0.0.1 www.freehitwebcounters.com
127.0.0.1 adverts.freeloader.com
127.0.0.1 freelogs.com #[server down?]
127.0.0.1 bar.freelogs.com
127.0.0.1 goo.freelogs.com
127.0.0.1 htm.freelogs.com #[server down?]
127.0.0.1 ico.freelogs.com #[server down?]
127.0.0.1 joe.freelogs.com
127.0.0.1 mom.freelogs.com #[server down?]
127.0.0.1 xyz.freelogs.com
127.0.0.1 adserver.freenet.de
127.0.0.1 freeonlineusers.com
127.0.0.1 www.free-ranking.de
127.0.0.1 www.freerip.com #[AdTool.Win32.MyWebSearch.ak]
127.0.0.1 free-stats.com
127.0.0.1 abbyssh.freestats.com
127.0.0.1 insurancejournal.freestats.com
127.0.0.1 www.freestat.ws
127.0.0.1 www.freestats.ws
127.0.0.1 banners.freett.com
127.0.0.1 count.freett.com
127.0.0.1 counters.freewebs.com
127.0.0.1 ads.freeonlinegames.com
127.0.0.1 stats.freeonlinegames.com
127.0.0.1 error.freewebsites.com
127.0.0.1 www.freewebsites.com
127.0.0.1 media.ftv-publicite.fr #[RealMedia]
127.0.0.1 fullddl.com
127.0.0.1 www.fullddl.com #[HTML/TrojanDownloader.XXXToolbar]
127.0.0.1 404.funpic.de
127.0.0.1 funppc.com
127.0.0.1 www.funppc.com
127.0.0.1 ads.gad-network.com
127.0.0.1 adserver.gadu-gadu.pl
127.0.0.1 banners.gamblingmasters.com
127.0.0.1 www.gamersbanner.com
127.0.0.1 ads.gameservers.com
127.0.0.1 ads.gamespy.com #[SpySweeper.Spy.Cookie]
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 www.gameurdr.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 server.gamyun.net
127.0.0.1 www.gamyun.net #[Adware.GamyunIeToolbar]
127.0.0.1 ad.garantiarkadas.com
127.0.0.1 ads.gather.com
127.0.0.1 track.gawker.com #[WebBug]
127.0.0.1 haymarket-adserver.gcnpublishing.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 sda.geek.com #[AdvertPro]
127.0.0.1 adserver.geenstijl.nl
127.0.0.1 kassa.geenstijl.nl
127.0.0.1 adserver.geizkragen.de
127.0.0.1 gnt01.generation-nt.com
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 geotarget.info #[Whois.Blacklisted]
127.0.0.1 banners.geotarget.info
127.0.0.1 www.geotarget.info
127.0.0.1 www.geowhere.net #[SunBelt.GeoWhere Search]
127.0.0.1 get-access.host.sk #[McAfee.StartPage-IR]
127.0.0.1 getclicky.com
127.0.0.1 static.getclicky.com
127.0.0.1 www.getmusicvideocodes.com #[Malicious.Links.Zango]
127.0.0.1 www.getsmart.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b][Adware.Getup]
127.0.0.1 www.giantdating.com #[Spamdexing.adultfriendfinder]
127.0.0.1 banner.giantvegas.com
127.0.0.1 truehits.gits.net.th
127.0.0.1 truehits1.gits.net.th
127.0.0.1 ads.globo.com
127.0.0.1 ads.img.globo.com
127.0.0.1 glory-movy.net #[Javascript.Exploit]
127.0.0.1 duke.gocomics.com #[ads.uclick.com]
127.0.0.1 www.god74.com #[Trojan.Huanux]
127.0.0.1 www.godesktop.com #[SiteAdvisor.godesktop.com]
127.0.0.1 adserver2.goals365.com
127.0.0.1 golden-keys.net #[Spamdexing]
127.0.0.1 banner.goldenpalace.com #[Tenebril.Tracking.Cookie]
127.0.0.1 stage.goldkey.com #[Parking Service]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 www.goodhealth-search.com #[Spamdexing]
127.0.0.1 google0.info #[Google.Warning]
127.0.0.1 www.google0.info
127.0.0.1 google9.info
127.0.0.1 www.google9.info
127.0.0.1 google-moogle.com #[Spamdexing]
127.0.0.1 www.google-moogle.com
127.0.0.1 www.google-hard.com #[Win32/TrojanProxy.Agent.LK]
127.0.0.1 google-pharmacy.com #[Spamdexing]
127.0.0.1 goooglegulp.com #[Spamdexing]
127.0.0.1 www.gogogo.com #[PremiumTraffic.Parking Service]
127.0.0.1 partner.gonamic.de
127.0.0.1 googlus.com #[Spamdexing]
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 stat.org.gosite.ws
127.0.0.1 gostats.com
127.0.0.1 as.gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com #[SpySweeper.Spy.Cookie]
127.0.0.1 c3.gostats.com
127.0.0.1 c4.gostats.com #[Panda.Spyware:Cookie/GoStats]
127.0.0.1 ded.gostats.com
127.0.0.1 monster.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 ads.goyk.com
127.0.0.1 graffitifonts.com
127.0.0.1 www.graffitifonts.com #[Malicious.Links.Zango]
127.0.0.1 graficastrigo.com #[Trojan.Tabela.E]
127.0.0.1 www.gratis-counter-gratis.de
127.0.0.1 www.gratis-toplist.de
127.0.0.1 adv.gratuito.st
127.0.0.1 www.greasypalm.co.uk #[PcTools.GreasyPalm bar]
127.0.0.1 greencunt.org #[Javascript.Exploit]
127.0.0.1 adserver.gruprc.ro
127.0.0.1 publi.grupocorreo.es #[RealMedia]
127.0.0.1 ads.guru3d.com
127.0.0.1 www.g-wizzads.net #[adbureau.net]
127.0.0.1 www.h148.cn #[Google.Warning]
127.0.0.1 ads2.haber3.com
127.0.0.1 www.handyarchive.com #[SiteAdvisor.handyarchive.com]
127.0.0.1 www.haosf128.com #[Google.Warning]
127.0.0.1 streamit.hardwarezone.com
127.0.0.1 ad1.hardware.no #[AdvertPro]
127.0.0.1 adserver.hardwareanalysis.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 ds1.harmony-central.com
127.0.0.1 www.harmonyhollow.net #[SiteAdvisor.harmonyhollow.net]
127.0.0.1 ads.harpers.org
127.0.0.1 hartim.com
127.0.0.1 ad0.haynet.com
127.0.0.1 ad.hbv.de
127.0.0.1 ads.heias.com
127.0.0.1 helpingfind.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 helpyourpcnow.com
127.0.0.1 www.helpyourpcnow.com
127.0.0.1 www.henbang.net #[Adware.Henbang][SPYW_HAP.A]
127.0.0.1 www.hentaibanners.com
127.0.0.1 www.hentaicashmachine.com
127.0.0.1 www.hentaiclicks.com
127.0.0.1 www.hentaicounter.com
127.0.0.1 www.hentaihits.com
127.0.0.1 www.hentaipop.com #[Electronic Group Dialer]
127.0.0.1 www.hentaiseeker.com
127.0.0.1 www.hentaitoonami.com
127.0.0.1 ads.herbalsmokeshop.com
127.0.0.1 www.herbalsmokeshops.com
127.0.0.1 www2.hermoment.com
127.0.0.1 www.hermoment.com
127.0.0.1 ads.hexun.com
127.0.0.1 www.hey.lt
127.0.0.1 ads.highdefdigest.com
127.0.0.1 www.hiperstat.com
127.0.0.1 adserver.hispanoclick.com
127.0.0.1 www.hitscount.com
127.0.0.1 hits-counter.com
127.0.0.1 www.hits-counter.com
127.0.0.1 ctr.hitcounter-1.com
127.0.0.1 www.hit-counter-download.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com #[ADW_HITHOPPER.A]

k8fox1

2008-01-28, 02:53

127.0.0.1 rdr.hitmngr.com
127.0.0.1 hitmodel.net
127.0.0.1 www.hit-counts.com
127.0.0.1 hit-now.com
127.0.0.1 www.hitscreamer.com
127.0.0.1 hitslog.com
127.0.0.1 h1.hitslog.com
127.0.0.1 s4.histats.com
127.0.0.1 s10.histats.com
127.0.0.1 s11.histats.com
127.0.0.1 www.hitstats.co.uk
127.0.0.1 hitstats.net
127.0.0.1 www.hittracking.com
127.0.0.1 images.hitwise.co.uk
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 adserver.hostfinderguy.com
127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
127.0.0.1 www.adserver.home.pl
127.0.0.1 www.homeoffun.com #[SiteAdvisor.homeoffun.com]
127.0.0.1 counters.honesty.com
127.0.0.1 cgi.honesty.com
127.0.0.1 ad.hosting.pl
127.0.0.1 ns1.hosting101.biz #[JS/Small.DN]
127.0.0.1 hot8888.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 hot8888.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 ad2.hotels.com
127.0.0.1 www.hot-lindsay.com #[Malicious.Links.Zango]
127.0.0.1 hotlinkbanners.com
127.0.0.1 www.hotlinkbanners.com
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hotstream.info
127.0.0.1 ads.hotword.com.br
127.0.0.1 ads2.hotword.com.br
127.0.0.1 ads3.hotword.com.br
127.0.0.1 ads4.hotword.com.br
127.0.0.1 ads5.hotword.com.br
127.0.0.1 ads6.hotword.com.br
127.0.0.1 ads7.hotword.com.br
127.0.0.1 ad.howstuffworks.com #[RealMedia][SpySweeper.Spy.Cookie]
127.0.0.1 hpod.com
127.0.0.1 htepo.com #[Rogue/Suspect Affiliate.sites]
127.0.0.1 www.htmate2.com #[Cursor.MySpace]
127.0.0.1 adserver.html.it
127.0.0.1 click.html.it
127.0.0.1 vip.huigezi.com #[Backdoor.Graybird.Q][W32.Looked.F]
127.0.0.1 down.hunll.com #[BDS/Agent.ahj.701]
127.0.0.1 ads.hurra.de
127.0.0.1 www.huxley-online.net #[Win32/Spy.Elite.10.A]
127.0.0.1 hyip-review.info #[Javascript.Exploit]
127.0.0.1 www.hypercounter.com
127.0.0.1 www.hypertracker.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 ads.ibox.bg
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com #[SunBelt.ICDirect.com]
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 tracker.icerocket.com
127.0.0.1 ads.idgnow.com.br
127.0.0.1 banners.idg.com.br
127.0.0.1 adidm07.idmnet.pl
127.0.0.1 adidm.idmnet.pl
127.0.0.1 ieicon.com
127.0.0.1 www.ieicon.com
127.0.0.1 ie-exe.com #[AdWare.Win32.Softomate.x]
127.0.0.1 ad.ifrance.com
127.0.0.1 ijk.cc #[JS/Downloader-BCP][server down?]
127.0.0.1 ilovemyloves.com #[IFrame.Exploit][server down?]
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 adserver.ig.com.br
127.0.0.1 gate.ilogbox.com
127.0.0.1 ads.imeem.com
127.0.0.1 bbn.img.com.ua
127.0.0.1 content-ads.impactengine.com
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 ads.ims.nl
127.0.0.1 in2search.org #[JS/TrojanDropper.Tivso.gen]
127.0.0.1 1.in2search.org
127.0.0.1 2.in2search.org
127.0.0.1 dns.in2search.org
127.0.0.1 s201.indexstats.com
127.0.0.1 stats.indexstats.com #[Analytics Tracking Code]
127.0.0.1 stats.indextools.com #[eTrust.Tracking.Cookie]
127.0.0.1 campaign.indieclick.com
127.0.0.1 optimize.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 get.inetbar.com #[SunBelt.INetBar]
127.0.0.1 juggler.inetinteractive.com
127.0.0.1 rotator.juggler.inetinteractive.com
127.0.0.1 banners.inetfast.com
127.0.0.1 adserving.infinite-ads.com
127.0.0.1 www.infineo.de #[Win32/Spy.Banker.AWA]
127.0.0.1 www.info--bits.com
127.0.0.1 infospot.infocious.com
127.0.0.1 ads.infospace.com #[ADW_DEALHELPER.C]
127.0.0.1 msxml.infospace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.infotelsrl.com #[eTrust.Infotel srl]
127.0.0.1 ads.injersey.com #[RealMedia][server down?]
127.0.0.1 bimonline.insites.be
127.0.0.1 ads.intellicast.com #[weather.com]
127.0.0.1 strtt.interfree.it #[W32.Iberio]
127.0.0.1 counter.internet.ge
127.0.0.1 indiads.com
127.0.0.1 images.indiads.com
127.0.0.1 servedby.indiads.com #[RealMedia]
127.0.0.1 www.imiclk.com
127.0.0.1 inexplorer.com
127.0.0.1 toolbar.inexplorer.com #[Win32/Parite.B]
127.0.0.1 www.inexplorer.com
127.0.0.1 www.inpopo.com #[W32.Validin]
127.0.0.1 oc.inspectorclick.com
127.0.0.1 trax.inspectorclick.com
127.0.0.1 v2.inspectorclick.com
127.0.0.1 v3.inspectorclick.com
127.0.0.1 instantbuzz.com #[NOD32.Win32/Adware.InstantBuzz]
127.0.0.1 www2.instantbuzz.com
127.0.0.1 www.instantbuzz.com #[Adware.ToolBar.InstantBuzz.a]
127.0.0.1 media.intelia.it
127.0.0.1 anm.intelli-direct.com #[IntelliTracker]
127.0.0.1 info.intelli-direct.com
127.0.0.1 oxfam.intelli-direct.com
127.0.0.1 tui.intelli-direct.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 newadserver.interfree.it #[Adcycle]
127.0.0.1 internet-explorer.name #[Trojan-Clicker.Win32.Agent.ip]
127.0.0.1 www.internet-explorer.name
127.0.0.1 www.interstats.nl
127.0.0.1 www.intrastats.com
127.0.0.1 channels.intwined.com #[Adware/ToolBar.ISearch.c]
127.0.0.1 search.intwined.com
127.0.0.1 www.intwined.com #[McAfee.Adware-SSF!Hosts]
127.0.0.1 ad.investor.bg
127.0.0.1 www.invinc.com #[Troj/Dloader-J]
127.0.0.1 www.ipcounter.de
127.0.0.1 ad2.ip.ro
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipqwe.com #[Exploit.ANI]
127.0.0.1 content.ipro.com #[WebBug]
127.0.0.1 www.ipstat.com
127.0.0.1 isecurepages.net #[Google.Warning]
127.0.0.1 www.isecurepages.net #[IFrame.Exploit]
127.0.0.1 a.isohunt.com
127.0.0.1 adserver1.isohunt.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 banman.isoftmarketing.com
127.0.0.1 ads1.itadnetwork.co.uk
127.0.0.1 itcompany.com #[SunBelt.Family Cyber Alert]
127.0.0.1 www.itcompany.com #[Symantec.Spyware.CyberAlert]
127.0.0.1 itisbest.info #[Spamdexing]
127.0.0.1 www.itrackpages.com
127.0.0.1 ilead.itrack.it
127.0.0.1 adserver.itsfogo.com
127.0.0.1 partnerfeed.itsfogo.com
127.0.0.1 www1.itsun.com
127.0.0.1 www8.itsun.com
127.0.0.1 ads.itv.com #[adbureau.net]
127.0.0.1 barafranca.iwarp.com #[Win32/Spy.ProAgent]
127.0.0.1 www.iwebmusic.com
127.0.0.1 ad.jamba.de
127.0.0.1 ad.jamba.net
127.0.0.1 ad.jamster.com
127.0.0.1 www.jcount.com
127.0.0.1 www.jellycounter.com
127.0.0.1 www.jethit.com
127.0.0.1 t1.jfglass.net #[Trojan.Booha]
127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 jimmybuttons.com #[eTrust.Win32/Nirbot]
127.0.0.1 www.jm-my.com #[BackDoor-CXI]
127.0.0.1 ad.joetec.net
127.0.0.1 jointmediagroup.com #[Trojan-Spy.Win32.Delf.uc]
127.0.0.1 ads.jokaroo.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 banners.joost.com
127.0.0.1 ads.jossip.com
127.0.0.1 pastorale.jpn.org #[Win32/Spy.Banker.AHY]
127.0.0.1 www.joltid.com #[Adware.P2PNetworking][SPYW_PPNETWORK.B]
127.0.0.1 promotion.jpds.com
127.0.0.1 www.jprmthome.com #[Trojan-PSW.Win32.Maran.ei][server down?]
127.0.0.1 www.jstracker.com
127.0.0.1 ads.jt.org
127.0.0.1 www.justfreegames.com #[AdWare.Win32.Relevant.a]
127.0.0.1 925.vip.jx828.net #[HTML/Exploit.IframeBof]
127.0.0.1 jxdoe.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 www.k265.com #[Adware.Borlan]
127.0.0.1 stat.katalysatormedia.no
127.0.0.1 kazantip-top.com
127.0.0.1 www.kazantip-top.com #[HTML/Exploit.VMLFill]
127.0.0.1 ads.webfever.kadserver.com
127.0.0.1 ads.deblok.net.kadserver.com
127.0.0.1 ads.zebest-3000.net.kadserver.com
127.0.0.1 countus.get.kadserver.com
127.0.0.1 geo113prod.kadserver.com
127.0.0.1 get.kadserver.com
127.0.0.1 scripts.kataweb.it
127.0.0.1 kazaalite.pl
127.0.0.1 www.kazaalite.pl #[MHTMLRedir.Exploit]
127.0.0.1 gavzad.keenspot.com
127.0.0.1 ad.kewlbox.com
127.0.0.1 a.keyrun.com #[Adware-TargetAD]
127.0.0.1 u.keyrun.com
127.0.0.1 union.keyrun.com
127.0.0.1 ww.keyrun.com
127.0.0.1 www1.keyrun.com
127.0.0.1 www.keyrun.com
127.0.0.1 banner.kiev.ua
127.0.0.1 kikclick.com #[Spamdexing]
127.0.0.1 adserve.kikizo.com
127.0.0.1 union.db.kingsoft.com #[PopupAds]
127.0.0.1 www.kiss-search.net
127.0.0.1 ebay.kisswin.com #[Adware.Kiswin]
127.0.0.1 kjsc.org #[Win32/Spy.Banker.ANV]
127.0.0.1 ads.kleinman.com #[Adcycle]
127.0.0.1 klik777.info #[Malicious.Links]
127.0.0.1 www.klikvipresources.com #[Spamdexing]
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 ads.klixxx.com
127.0.0.1 www.km-nyc.com #[W32.Lecna.A]
127.0.0.1 click.kmindex.ru
127.0.0.1 counter.kmindex.ru
127.0.0.1 counting.kmindex.ru
127.0.0.1 www.kmindex.ru
127.0.0.1 www.knacads.com
127.0.0.1 xx.ko51.com #[Google.Warning]
127.0.0.1 images.kolmic.com
127.0.0.1 pics.kolmic.com #[Parking Service]
127.0.0.1 ads.komli.com
127.0.0.1 www.kompass-intl.com #[Win32/Adware.Toolbar.PowerSearch]
127.0.0.1 de.komtrack.com
127.0.0.1 koolbar.net #[Adware Bundler][ADW_KOOLBAR.A]
127.0.0.1 www.koolbar.net #[eTrust.AutoSearch]
127.0.0.1 sitestat.kpn-is.nl
127.0.0.1 kuaiso.com #[AdWare.Win32.Kuaiso.a]
127.0.0.1 toolsbar.kuaiso.com #[Adware.Kuaiso]

k8fox1

2008-01-28, 02:53

127.0.0.1 www.kuaiso.com
127.0.0.1 kustusch.com #[Javascript.Exploit]
127.0.0.1 adserver.kyoceramita-europe.com
127.0.0.1 www.kz163.net #[Win32/Virut]
127.0.0.1 laconicsoftware.org #[Malicious.Links.Codec]
127.0.0.1 alwaysforfriend.land.ru #[Trojan-Downloader.Win32.Banload.bdp]
127.0.0.1 www.animacoes.land.ru #[Downloader.Swif.B]
127.0.0.1 landinghall.com #[Spamdexing]
127.0.0.1 www.latinbusca.com #[Adware-CommanderNET]
127.0.0.1 ads.lawnsite.com
127.0.0.1 layer-ads.de
127.0.0.1 www.layer-ads.de
127.0.0.1 banner.lbs.km.ru
127.0.0.1 iframe.leadacceptor.com
127.0.0.1 leakedcelebvideos.com #[Win32/TrojanDownloader.Agent.BCZ]
127.0.0.1 www.leakedcelebvideos.com
127.0.0.1 lem0n.info #[server down?]
127.0.0.1 pubs.lemonde.fr
127.0.0.1 www.leopardsearch.com
127.0.0.1 www.letusearch.com #[Google.Warning]
127.0.0.1 www.letzebuerg.biz
127.0.0.1 ts1.lexmark.com
127.0.0.1 adserver.libero.it
127.0.0.1 adv-banner.libero.it
127.0.0.1 lilohost.hk #[Google.Warning]
127.0.0.1 phpads.lime.com
127.0.0.1 link.ru
127.0.0.1 link.link.ru
127.0.0.1 www.linkads.net
127.0.0.1 ads.linki.nl
127.0.0.1 www.linkads.de
127.0.0.1 linkbuddies.com
127.0.0.1 banners.linkbuddies.com
127.0.0.1 www.linkbuddies.com
127.0.0.1 linkcounter.cc #[Trojan.AXPlayer]
127.0.0.1 www.linkcounter.com
127.0.0.1 linksexchange.net
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 click.linkstattrack.com #[SiteAdvisor.linkstattrack.com]
127.0.0.1 linktarget.com
127.0.0.1 banner.linktech.cn
127.0.0.1 www.linkworth.com
127.0.0.1 ads.linuxjournal.com
127.0.0.1 www.ligue13.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.liveads.org
127.0.0.1 livecounter.net
127.0.0.1 www.livecounter.net
127.0.0.1 image.adv.livedoor.com
127.0.0.1 js.livehelper.com
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 ads.livescore.com
127.0.0.1 traffic.liveuniversenetwork.com
127.0.0.1 trafficcdn.liveuniversenetwork.com
127.0.0.1 traffic.livevideo.com
127.0.0.1 broadent.vo.llnwd.net
127.0.0.1 lw.lnkworld.com
127.0.0.1 omnituretrack.local.com
127.0.0.1 ads.locators.com
127.0.0.1 toolbar.locators.com #[AdWare.Win32.Locator.f]
127.0.0.1 www.lojastal.com.br #[Win32/Spy.Banker.ANV]
127.0.0.1 lol.to #[HTML/Exploit.Mht]
127.0.0.1 err.lolipop.jp
127.0.0.1 www.lookde5.com #[W32.Looked]
127.0.0.1 lookoutsoft.net #[SiteAdvisor.lookoutsoft.net]
127.0.0.1 screensavers.lookoutsoft.net
127.0.0.1 a.loomia.com #[Tracking.Cookie]
127.0.0.1 www.lookoutsoft.net #[AdWare.Win32.WinAD.b]
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 adserv.lowyat.net
127.0.0.1 hexusads.fluent.ltd.uk
127.0.0.1 www.luxemil.com #[Google.Warning]
127.0.0.1 ads-apsa.lvz-online.de
127.0.0.1 www.lynxtrack.com
127.0.0.1 counter.lyricsdownload.com
127.0.0.1 m2k.ru
127.0.0.1 ad.m5prod.net
127.0.0.1 ad.m-adx.com
127.0.0.1 media.m-adx.com
127.0.0.1 www.macrcmedia.com #[Exploit.ANI]
127.0.0.1 www.macrcmedia.net
127.0.0.1 ads.madisonavenue.com
127.0.0.1 resource.madisonavenue.com
127.0.0.1 textads.madisonavenue.com
127.0.0.1 www.madrascements.com #[Win32/Spy.Banker.Big]
127.0.0.1 banner.magicboxcasino.com #[AdWare.Win32.Casino.w]
127.0.0.1 msn-sexoweb.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 humortadela.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 www.novogerador.mail15.com
127.0.0.1 www.uolcard.mail15.com #[Trojan-Spy.Win32.Banker.ark]
127.0.0.1 voegol.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 humortadela0.mail333.com #[Win32/Spy.Banker.AHY]
127.0.0.1 destino-gol.mail333.com #[Win32/Spy.Banker.BCK]
127.0.0.1 www.mailcleaner.com #[McAfee.Adware-VCatch]
127.0.0.1 www.messengerbeta.mail333.com #[Win32/Spy.Banker.BCK]
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 ads.marketing-internet.com
127.0.0.1 marketing-know-how.com #[TR/Dldr.iBill.V][server down?]
127.0.0.1 adsnew.maktoob.com #[AdvertPro]
127.0.0.1 aw.masterstats.com
127.0.0.1 erotic.masterstats.com
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 vw.masterstats.com #[Ewido.TrackingCookie.Masterstats]
127.0.0.1 ads.affiliates.match.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.maxi-music.fr #[Win32/Spy.Banker.ANV]
127.0.0.1 ads.maxivip.fr
127.0.0.1 sitestat.mayoclinic.com
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com #[Tenebril.Tracking.Cookie]
127.0.0.1 md55.net #[Google.Warning]
127.0.0.1 www2.md80.cn
127.0.0.1 www.md80.cn #[W32.Validin]
127.0.0.1 tracker.measuremap.com
127.0.0.1 mcmads.mediacapital.pt #[DoubleClick]
127.0.0.1 matrix.mediavantage.de
127.0.0.1 adland.medialand.ru
127.0.0.1 adnet.medialand.ru
127.0.0.1 content.medialand.ru
127.0.0.1 ads.mediamayhemcorp.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 acvs.mediaonenetwork.net
127.0.0.1 acvsrv.mediaonenetwork.net
127.0.0.1 ads1.mediaops.com.br
127.0.0.1 ad2.pl.mediainter.net
127.0.0.1 servedby.mediaplace.tv #[ad.firstadsolution.com]
127.0.0.1 media-servers.net
127.0.0.1 search.mediatarget.com
127.0.0.1 ads.mediaturf.net #[McAfee.Cookie-Mediaturf]
127.0.0.1 adv.medscape.com #[ads.webmd.com]
127.0.0.1 www.megapromition.net #[SiteAdvisor.megapromition.net]
127.0.0.1 www.megastats.com
127.0.0.1 exit.megago.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.megago.com #[typo squatter]
127.0.0.1 www.mercuras.com
127.0.0.1 reklama.metacafe.com
127.0.0.1 adserv2.meritdesigns.com
127.0.0.1 ads.metropol.dk
127.0.0.1 automagazine.metriweb.be
127.0.0.1 hln-frinfos.metriweb.be
127.0.0.1 levif.metriweb.be
127.0.0.1 line01.metriweb.be #[Ad-Aware.Tracking.Cookie]
127.0.0.1 line02.metriweb.be
127.0.0.1 line03.metriweb.be
127.0.0.1 line04.metriweb.be #[SpySweeper.Spy Cookie]
127.0.0.1 line05.metriweb.be
127.0.0.1 line06.metriweb.be
127.0.0.1 line07.metriweb.be #[Panda.Spyware:Cookie]
127.0.0.1 line08.metriweb.be
127.0.0.1 line09.metriweb.be
127.0.0.1 line10.metriweb.be
127.0.0.1 line11.metriweb.be
127.0.0.1 line12.metriweb.be
127.0.0.1 line13.metriweb.be
127.0.0.1 line14.metriweb.be
127.0.0.1 line15.metriweb.be
127.0.0.1 line16.metriweb.be
127.0.0.1 line17.metriweb.be
127.0.0.1 line18.metriweb.be
127.0.0.1 line19.metriweb.be
127.0.0.1 line20.metriweb.be
127.0.0.1 line24.metriweb.be
127.0.0.1 line26.metriweb.be
127.0.0.1 line32.metriweb.be
127.0.0.1 rtbf09.metriweb.be
127.0.0.1 skynet-news.metriweb.be
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[AdTool.Win32.MyWebSearch.ak]
127.0.0.1 ads.milenio.com
127.0.0.1 www.milesdebanners.com
127.0.0.1 adc1.mingpao.com
127.0.0.1 ads.mininova.org
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 counter.mirohost.net
127.0.0.1 misofthelp.com
127.0.0.1 www.misofthelp.com #[Google Warning]
127.0.0.1 banner.missbingo.com #[AdWare.Win32.Casino.ae]
127.0.0.1 banner.missingkids.com
127.0.0.1 misterbanner.com
127.0.0.1 ads.mixi.jp
127.0.0.1 img.ads.mixi.jp
127.0.0.1 www.mlclick.com
127.0.0.1 mlcro-soft.cn #[Javascript.Exploit][server down?]
127.0.0.1 mmcodecs.com #[Trojan.Codec]
127.0.0.1 www.mmcodecs.com
127.0.0.1 vod.mmdy.org #[McAfee.StartPage-JN!CC32C55]
127.0.0.1 www.mnogotrafa.net #[Spamdexing]

k8fox1

2008-01-28, 02:55

This file is HUGE and will take at least 20 more posts or so. Should I continue?? Thanis-Mike

Shaba

2008-01-28, 11:13

Hi

Edit out entire hosts section and post back what is after that, please.

Download HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your desktop

Click "Make Hosts Writable?" upper right corner (if available)
Click "Restore MS Hosts File" and then click OK
Close HostsXpert
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually

Please post after that a fresh HijackThis log in taken in normal mode and rest of rapport.txt.

k8fox1

2008-01-28, 15:28

SmitFraudFix v2.274

Scan done at 13:45:10.06, Sun 01/27/2008

Run from C:\Documents and Settings\RICH\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
OMITTED AS INSTRUCTED

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA7D5781-48B2-41F4-B1A1-C3C63F29F5DD}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA7D5781-48B2-41F4-B1A1-C3C63F29F5DD}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BA7D5781-48B2-41F4-B1A1-C3C63F29F5DD}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=" "

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

k8fox1

2008-01-28, 15:29

I will run HostsXpert this evening when I get home. Thanks!

Shaba

2008-01-28, 15:34

Hi

After that hostsxpert thing please do the following:

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: XTN Monitor - {2FDC8E29-E942-4307-97C5-69FFA934B331} - C:\WINDOWS\ddwlxtqgmq.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Office toolbar - {5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\WINDOWS\enqvwkp.dll (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O21 - SSODL: agrlmvp - {86DB0B19-2384-424D-8100-3615289850E3} - (no file)
O21 - SSODL: bmlvqkn - {49D43136-C96F-4375-97EF-52AD45000C98} - C:\WINDOWS\bmlvqkn.dll (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

k8fox1

2008-01-28, 15:42

Ok give me a day or so to do this. Man my girlfriend's Sister owes me big time for this, This is her computer and I told her that in the future to keeps it away from her 16 year old son! Thanks and I'll be back as soon as possible.

Shaba

2008-01-28, 15:43

Hi

No problem, take your time :)

k8fox1

2008-01-28, 19:04

Should HostsXpert be launched in safe mode?

Shaba

2008-01-28, 19:07

Hi

No, in normal mode :)

k8fox1

2008-01-29, 00:04

Ok No problem. I will be reporting back as soon as possible.

k8fox1

2008-01-29, 00:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:21 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTN Monitor - {2FDC8E29-E942-4307-97C5-69FFA934B331} - C:\WINDOWS\ddwlxtqgmq.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Office toolbar - {5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The enqvwkp - {CC4B2067-D903-427A-854B-632735A570D9} - C:\WINDOWS\enqvwkp.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\RICH\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: agrlmvp - {86DB0B19-2384-424D-8100-3615289850E3} - (no file)
O21 - SSODL: bmlvqkn - {49D43136-C96F-4375-97EF-52AD45000C98} - C:\WINDOWS\bmlvqkn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9573 bytes

k8fox1

2008-01-29, 02:11

This report was HUGE. Here is the very beginning. If you need to see all let me know but it will take many, many posts to get it all out there.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 28, 2008 8:00:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/01/2008
Kaspersky Anti-Virus database records: 534986
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 94292
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:24:59
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_6186d379-f6e6-47d0-aa1f-0fb2941f06ba Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0001\47BD0AE1.VBN Infected: Trojan-Downloader.Win32.Delf.dvv skipped

k8fox1

2008-01-29, 02:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:12 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\RICH\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8784 bytes

Shaba

2008-01-29, 10:19

Hi

Please post those entries with infected from kaspersky log :)

k8fox1

2008-01-29, 14:39

Here's what I was able to pull from pages and pages of text:

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0001\47BD0AE1.VBN Infected: Trojan-Downloader.Win32.Delf.dvv skipped

C:\Documents and Settings\RICH\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\RICH\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\RICH\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\RICH\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\WINDOWS\fxtqdrl.exe Infected: not-a-virus:AdWare.Win32.Vapsup.aay skipped

Shaba

2008-01-29, 15:21

Hi

Empty this folder:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Delete this:

C:\WINDOWS\fxtqdrl.exe

Empty Recycle Bin.

Still problems?

k8fox1

2008-01-29, 15:28

Will do tonight when i get home. Should I run anymore scans? Thanks

Shaba

2008-01-29, 15:33

Hi

No unless you have some symptoms left :)

Post back anyway after that and I'll give you final instructions.

k8fox1

2008-01-29, 15:42

Ok thanks will do. What a nice learning experience this has been. Thanks.

Shaba

2008-01-31, 11:46

Hi

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware (http://www.clickz.com/showPage.html?page=3561546).
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
Do the same for each Viewpoint component.

Next we remove all used tools.

Please download OTMoveIt2 (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and save it to desktop.

Double-click OTMoveIt2.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

Instructions for Spybot S & D (http://www.bleepingcomputer.com/forums/?showtutorial=43)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb: