Hijackthis Log File..Someone PLS diagnose it and tell me whats wrong please!

Started by jonathan23, Nov 12 2007 06:10 PM

You cannot reply to this topic

5 replies to this topic

#1 OFFLINE jonathan23

Newbie

Members
3 posts

Posted 12 November 2007 - 06:10 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:17:46 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IUO8N5IT\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geeksquad.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?2bbefd1474004226af50750b7cde742a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?2bbefd1474004226af50750b7cde742a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: arturo - {48a7a70a-e118-4506-a373-c9d4e8a212a1} - C:\WINDOWS\system32\eulbn.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9553 bytes

#2 OFFLINE askey127

Advanced Member

Members
108 posts

Gender:Male
Location:New Hampshire, US

Posted 14 November 2007 - 11:19 PM

Hi jonathan23,
------------------------------------------------------
Please download SmitFraudFix.exe by S!Ri and save it to the desktop.

Double click on SmitfraudFix.exe.
Press 1 then hit the Enter key.
It will create a report named rapport.txt, usually in the root of your C drive
Please copy/paste the content of that text file report (C:\rapport.txt) into your next reply.

askey127

Microsoft MVP 2007-2008
FixEdit | FixEdit User Guide | Log Comparator |

#3 OFFLINE jonathan23

Newbie

Members
3 posts

Posted 19 November 2007 - 07:21 AM

askey127, on Nov 14 2007, 03:19 PM, said:

Hi jonathan23,
------------------------------------------------------
Please download SmitFraudFix.exe by S!Ri and save it to the desktop.

Double click on SmitfraudFix.exe.
Press 1 then hit the Enter key.
It will create a report named rapport.txt, usually in the root of your C drive
Please copy/paste the content of that text file report (C:\rapport.txt) into your next reply.

askey127

here askey127 hopefully u or someone can help me pls!! thanks

SmitFraudFix v2.253

Scan done at 23:16:20.49, Sun 11/18/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\eulbn.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\AntiVirGear 3.8\ FOUND !
C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F6849BC-CEAB-4C5F-9C64-50E0CE140E17}: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8F6849BC-CEAB-4C5F-9C64-50E0CE140E17}: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F6849BC-CEAB-4C5F-9C64-50E0CE140E17}: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

#4 OFFLINE askey127

Advanced Member

Members
108 posts

Gender:Male
Location:New Hampshire, US

Posted 19 November 2007 - 11:23 AM

jonathan23,
Best if you don't wait too long between posts. Things can change.
Please perform the steps in the sequence given, and refrain from running any extra scans, removals, or installations while we are working on your machine. It is important that you DO NOT Turn OFF System Restore, your AntiVirus Program or your Firewall unless instructed to do so. If there is anything you can't do, or any instruction that you don't understand, then please let me know in a reply.
------------------------------------------------------
Please either print this out or save these instructions to a Notepad text file, as the Internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
------------------------------------------------------
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Don't run AVG yet. Will do it a bit later.
------------------------------------------------------
Download ATFCleaner and save to your desktop. Don't run it yet.
------------------------------------------------------
Start Your Computer in Safe Mode.
Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list. In some systems, this may be the F5 key, so try that if F8 doesn't work. Additional Info is here: http://www.computerh...sues/chsafe.htm
------------------------------------------------------
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted :
Registry cleaning - Do you want to clean the registry ?
answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question
Replace infected file ?
by typing Y and hit Enter.
------------------------------------------------------
Reboot back into normal mode.
------------------------------------------------------
Double-click ATF-Cleaner.exe or your shortcut to run the program.
Under Main, choose Select All
Click Empty Selected

If you use the Firefox browser,
Click Firefox at the top and choose Select All
Click on Empty Selected
NOTE: If you would like to keep any saved passwords, please click No at the prompt.
Click Exit to close.
------------------------------------------------------
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Unselect Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

------------------------------------------------------
Reboot
------------------------------------------------------
Please Post:

contents of C:\rapport.txt
AVG Anti-Spyware log
a fresh HJT log.

askey127

Microsoft MVP 2007-2008
FixEdit | FixEdit User Guide | Log Comparator |

#5 OFFLINE jonathan23

Newbie

Members
3 posts

Posted 20 November 2007 - 01:15 AM

this is the new fresh hijackthis log..
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:11:38 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5LA0GD97\HiJackThis_v2[1].exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?2bbefd1474004226af50750b7cde742a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?2bbefd1474004226af50750b7cde742a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7878 bytes

THE RAPPORT
SmitFraudFix v2.253

Scan done at 15:27:31.79, Mon 11/19/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 www.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.preferances.com #SpySweeperCASS
127.0.0.1 ad.doubleclick.com #SpySweeperCASS
127.0.0.1 ads.web.aol.com #SpySweeperCASS

127.0.0.1 ad.preferences.com #SpySweeperCASS
127.0.0.1 ad.washingtonpost.com #SpySweeperCASS
127.0.0.1 adpick.switchboard.com #SpySweeperCASS
127.0.0.1 ads.doubleclick.com #SpySweeperCASS
127.0.0.1 ads.infospace.com #SpySweeperCASS
127.0.0.1 ads.msn.com #SpySweeperCASS
127.0.0.1 ads.switchboard.com #SpySweeperCASS
127.0.0.1 ads.enliven.com #SpySweeperCASS
127.0.0.1 oz.valueclick.com #SpySweeperCASS
127.0.0.1 doubleclick.net #SpySweeperCASS
127.0.0.1 ads.doubleclick.net #SpySweeperCASS
127.0.0.1 ad2.doubleclick.net #SpySweeperCASS
127.0.0.1 ad3.doubleclick.net #SpySweeperCASS
127.0.0.1 ad4.doubleclick.net #SpySweeperCASS
127.0.0.1 ad5.doubleclick.net #SpySweeperCASS
127.0.0.1 ad6.doubleclick.net #SpySweeperCASS
127.0.0.1 ad7.doubleclick.net #SpySweeperCASS
127.0.0.1 ad8.doubleclick.net #SpySweeperCASS
127.0.0.1 ad9.doubleclick.net #SpySweeperCASS
127.0.0.1 ad10.doubleclick.net #SpySweeperCASS
127.0.0.1 ad11.doubleclick.net #SpySweeperCASS
127.0.0.1 ad12.doubleclick.net #SpySweeperCASS
127.0.0.1 ad13.doubleclick.net #SpySweeperCASS
127.0.0.1 ad14.doubleclick.net #SpySweeperCASS
127.0.0.1 ad15.doubleclick.net #SpySweeperCASS
127.0.0.1 ad16.doubleclick.net #SpySweeperCASS
127.0.0.1 ad17.doubleclick.net #SpySweeperCASS
127.0.0.1 ad18.doubleclick.net #SpySweeperCASS
127.0.0.1 ad19.doubleclick.net #SpySweeperCASS
127.0.0.1 ad20.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.linkexchange.com #SpySweeperCASS
127.0.0.1 banner.linkexchange.com #SpySweeperCASS
127.0.0.1 ads*.focalink.com #SpySweeperCASS
127.0.0.1 ads.imdb.com #SpySweeperCASS
127.0.0.1 commonwealth.riddler.com #SpySweeperCASS
127.0.0.1 globaltrak.net #SpySweeperCASS
127.0.0.1 nrsite.com #SpySweeperCASS
127.0.0.1 www.nrsite.com #SpySweeperCASS
127.0.0.1 ad-up.com #SpySweeperCASS
127.0.0.1 ad.adsmart.net #SpySweeperCASS
127.0.0.1 ad.atlas.cz #SpySweeperCASS
127.0.0.1 ad.blm.net #SpySweeperCASS
127.0.0.1 ad.dogpile.com #SpySweeperCASS
127.0.0.1 ad.infoseek.com #SpySweeperCASS
127.0.0.1 ad.net-service.de #SpySweeperCASS
127.0.0.1 ad.preferences.com #SpySweeperCASS
127.0.0.1 ad.vol.at #SpySweeperCASS
127.0.0.1 adbot.com #SpySweeperCASS
127.0.0.1 adbureau.net #SpySweeperCASS
127.0.0.1 adcount.hollywood.com #SpySweeperCASS
127.0.0.1 add.yaho.com #SpySweeperCASS
127.0.0.1 adex3.flycast.com #SpySweeperCASS
127.0.0.1 adforce.adtech.de #SpySweeperCASS
127.0.0.1 adforce.imgis.com #SpySweeperCASS
127.0.0.1 adimage.blm.net #SpySweeperCASS
127.0.0.1 adlink.deh.de #SpySweeperCASS
127.0.0.1 ads.criticalmass.com #SpySweeperCASS
127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS
127.0.0.1 ads.filez.com #SpySweeperCASS
127.0.0.1 ads.imagine-inc.com #SpySweeperCASS
127.0.0.1 ads.imdb.com #SpySweeperCASS
127.0.0.1 ads.infospace.com #SpySweeperCASS
127.0.0.1 ads.jwtt3.com #SpySweeperCASS
127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS
127.0.0.1 ads.msn.com #SpySweeperCASS
127.0.0.1 ads.narrowline.com #SpySweeperCASS
127.0.0.1 ads.newcitynet.com #SpySweeperCASS
127.0.0.1 ads.realcities.com #SpySweeperCASS
127.0.0.1 ads.realmedia.com #SpySweeperCASS
127.0.0.1 ads.switchboard.com #SpySweeperCASS
127.0.0.1 ads.tripod.com #SpySweeperCASS
127.0.0.1 ads.usatoday.com #SpySweeperCASS
127.0.0.1 ads.washingtonpost.com #SpySweeperCASS
127.0.0.1 ads.web.de #SpySweeperCASS
127.0.0.1 ads.web21.com #SpySweeperCASS
127.0.0.1 adserv.newcentury.net #SpySweeperCASS
127.0.0.1 adservant.guj.de #SpySweeperCASS
127.0.0.1 adservant.mediapoint.de #SpySweeperCASS
127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS
127.0.0.1 advert.heise.de #SpySweeperCASS
127.0.0.1 banners.internetextra.com #SpySweeperCASS
127.0.0.1 bannerswap.com #SpySweeperCASS
127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS
127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS
127.0.0.1 globaltrack.com #SpySweeperCASS
127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
127.0.0.1 garden.ngadcenter.net #SpySweeperCASS
127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS
127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS
127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS
127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS
127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS
127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS
127.0.0.1 ad.adsmart.net #SpySweeperCASS
127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.linkexchange.com #SpySweeperCASS
127.0.0.1 ad.linksynergy.com #SpySweeperCASS
127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.sma.punto.net #SpySweeperCASS
127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.webprovider.com #SpySweeperCASS
127.0.0.1 ad08.focalink.com #SpySweeperCASS
127.0.0.1 adcontroller.unicast.com #SpySweeperCASS
127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS
127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS
127.0.0.1 adforce.imgis.com #SpySweeperCASS
127.0.0.1 adfu.blockstackers.com #SpySweeperCASS
127.0.0.1 adimages.earthweb.com #SpySweeperCASS
127.0.0.1 adimg.egroups.com #SpySweeperCASS
127.0.0.1 admedia.xoom.com #SpySweeperCASS
127.0.0.1 adremote.pathfinder.com #SpySweeperCASS
127.0.0.1 ads.admaximize.com #SpySweeperCASS
127.0.0.1 ads.bfast.com #SpySweeperCASS
127.0.0.1 ads.clickhouse.com #SpySweeperCASS
127.0.0.1 ads.fairfax.com.au #SpySweeperCASS
127.0.0.1 ads.fool.com #SpySweeperCASS
127.0.0.1 ads.freshmeat.net #SpySweeperCASS
127.0.0.1 ads.hollywood.com #SpySweeperCASS
127.0.0.1 ads.i33.com #SpySweeperCASS
127.0.0.1 ads.infi.net #SpySweeperCASS
127.0.0.1 ads.link4ads.com #SpySweeperCASS
127.0.0.1 ads.lycos.com #SpySweeperCASS
127.0.0.1 ads.madison.com #SpySweeperCASS
127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS
127.0.0.1 ads.msn.com #SpySweeperCASS
127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS
127.0.0.1 ads.seattletimes.com #SpySweeperCASS
127.0.0.1 ads.smartclicks.com #SpySweeperCASS
127.0.0.1 ads.smartclicks.net #SpySweeperCASS
127.0.0.1 ads.sptimes.com #SpySweeperCASS
127.0.0.1 ads.web.aol.com #SpySweeperCASS
127.0.0.1 ads.x10.com #SpySweeperCASS
127.0.0.1 ads.xtra.co.nz #SpySweeperCASS
127.0.0.1 ads.zdnet.com #SpySweeperCASS
127.0.0.1 ads01.focalink.com #SpySweeperCASS
127.0.0.1 ads02.focalink.com #SpySweeperCASS
127.0.0.1 ads03.focalink.com #SpySweeperCASS
127.0.0.1 ads04.focalink.com #SpySweeperCASS
127.0.0.1 ads05.focalink.com #SpySweeperCASS
127.0.0.1 ads06.focalink.com #SpySweeperCASS
127.0.0.1 ads08.focalink.com #SpySweeperCASS
127.0.0.1 ads09.focalink.com #SpySweeperCASS
127.0.0.1 ads1.activeagent.at #SpySweeperCASS
127.0.0.1 ads10.focalink.com #SpySweeperCASS
127.0.0.1 ads11.focalink.com #SpySweeperCASS
127.0.0.1 ads12.focalink.com #SpySweeperCASS
127.0.0.1 ads14.focalink.com #SpySweeperCASS
127.0.0.1 ads16.focalink.com #SpySweeperCASS
127.0.0.1 ads17.focalink.com #SpySweeperCASS
127.0.0.1 ads18.focalink.com #SpySweeperCASS
127.0.0.1 ads19.focalink.com #SpySweeperCASS
127.0.0.1 ads2.zdnet.com #SpySweeperCASS
127.0.0.1 ads20.focalink.com #SpySweeperCASS
127.0.0.1 ads21.focalink.com #SpySweeperCASS
127.0.0.1 ads22.focalink.com #SpySweeperCASS
127.0.0.1 ads23.focalink.com #SpySweeperCASS
127.0.0.1 ads24.focalink.com #SpySweeperCASS
127.0.0.1 ads25.focalink.com #SpySweeperCASS
127.0.0.1 ads3.zdnet.com #SpySweeperCASS
127.0.0.1 ads5.gamecity.net #SpySweeperCASS
127.0.0.1 adserv.iafrica.com #SpySweeperCASS
127.0.0.1 adserv.quality-channel.de #SpySweeperCASS
127.0.0.1 adserver.dbusiness.com #SpySweeperCASS
127.0.0.1 adserver.garden.com #SpySweeperCASS
127.0.0.1 adserver.janes.com #SpySweeperCASS
127.0.0.1 adserver.merc.com #SpySweeperCASS
127.0.0.1 adserver.monster.com #SpySweeperCASS
127.0.0.1 adserver.track-star.com #SpySweeperCASS
127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS
127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS
127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS
127.0.0.1 au.ads.link4ads.com #SpySweeperCASS
127.0.0.1 banner.media-system.de #SpySweeperCASS
127.0.0.1 banner.orb.net #SpySweeperCASS
127.0.0.1 banner.relcom.ru #SpySweeperCASS
127.0.0.1 banners.easydns.com #SpySweeperCASS
127.0.0.1 banners.looksmart.com #SpySweeperCASS
127.0.0.1 banners.wunderground.com #SpySweeperCASS
127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS
127.0.0.1 beseenad.looksmart.com #SpySweeperCASS
127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS
127.0.0.1 bn.bfast.com #SpySweeperCASS
127.0.0.1 c3.xxxcounter.com #SpySweeperCASS
127.0.0.1 califia.imaginemedia.com #SpySweeperCASS
127.0.0.1 cds.mediaplex.com #SpySweeperCASS
127.0.0.1 click.avenuea.com #SpySweeperCASS
127.0.0.1 click.go2net.com #SpySweeperCASS
127.0.0.1 click.linksynergy.com #SpySweeperCASS
127.0.0.1 cookies.cmpnet.com #SpySweeperCASS
127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS
127.0.0.1 counter.hitbox.com #SpySweeperCASS
127.0.0.1 crux.songline.com #SpySweeperCASS
127.0.0.1 erie.smartage.com #SpySweeperCASS
127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS
127.0.0.1 fp.valueclick.com #SpySweeperCASS
127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS
127.0.0.1 gm.preferences.com #SpySweeperCASS
127.0.0.1 gp.dejanews.com #SpySweeperCASS
127.0.0.1 hg1.hitbox.com #SpySweeperCASS
127.0.0.1 image.click2net.com #SpySweeperCASS
127.0.0.1 image.eimg.com #SpySweeperCASS
127.0.0.1 images2.nytimes.com #SpySweeperCASS
127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS
127.0.0.1 kansas.valueclick.com #SpySweeperCASS
127.0.0.1 leader.linkexchange.com #SpySweeperCASS
127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS
127.0.0.1 ln.doubleclick.net #SpySweeperCASS
127.0.0.1 m.doubleclick.net #SpySweeperCASS
127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS
127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS
127.0.0.1 media.preferences.com #SpySweeperCASS
127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS
127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS
127.0.0.1 nbc.adbureau.net #SpySweeperCASS
127.0.0.1 newads.cmpnet.com #SpySweeperCASS
127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS
127.0.0.1 ngads.smartage.com #SpySweeperCASS
127.0.0.1 nsads.hotwired.com #SpySweeperCASS
127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS
127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS
127.0.0.1 realads.realmedia.com #SpySweeperCASS
127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS
127.0.0.1 redirect.click2net.com #SpySweeperCASS
127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS
127.0.0.1 s2.focalink.com #SpySweeperCASS
127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS
127.0.0.1 spin.spinbox.net #SpySweeperCASS
127.0.0.1 static.admaximize.com #SpySweeperCASS
127.0.0.1 stats.superstats.com #SpySweeperCASS
127.0.0.1 sview.avenuea.com #SpySweeperCASS
127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS
127.0.0.1 tracker.clicktrade.com #SpySweeperCASS
127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS
127.0.0.1 v0.extreme-dm.com #SpySweeperCASS
127.0.0.1 v1.extreme-dm.com #SpySweeperCASS
127.0.0.1 van.ads.link4ads.com #SpySweeperCASS
127.0.0.1 view.accendo.com #SpySweeperCASS
127.0.0.1 view.avenuea.com #SpySweeperCASS
127.0.0.1 w113.hitbox.com #SpySweeperCASS
127.0.0.1 w25.hitbox.com #SpySweeperCASS
127.0.0.1 web2.deja.com #SpySweeperCASS
127.0.0.1 webads.bizservers.com #SpySweeperCASS
127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS
127.0.0.1 www.ad-up.com #SpySweeperCASS
127.0.0.1 www.admex.com #SpySweeperCASS
127.0.0.1 www.alladvantage.com #SpySweeperCASS
127.0.0.1 www.burstnet.com #SpySweeperCASS
127.0.0.1 www.commission-junction.com #SpySweeperCASS
127.0.0.1 www.eads.com #SpySweeperCASS
127.0.0.1 www.freestats.com #SpySweeperCASS
127.0.0.1 www.imaginemedia.com #SpySweeperCASS
127.0.0.1 www.netdirect.nl #SpySweeperCASS
127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS
127.0.0.1 www.targetshop.com #SpySweeperCASS
127.0.0.1 www.teknosurf2.com #SpySweeperCASS
127.0.0.1 www.teknosurf3.com #SpySweeperCASS
127.0.0.1 www.valueclick.com #SpySweeperCASS
127.0.0.1 www.websitefinancing.com #SpySweeperCASS
127.0.0.1 www2.burstnet.com #SpySweeperCASS
127.0.0.1 www4.trix.net #SpySweeperCASS
127.0.0.1 www80.valueclick.com #SpySweeperCASS
127.0.0.1 z.extreme-dm.com #SpySweeperCASS
127.0.0.1 z0.extreme-dm.com #SpySweeperCASS
127.0.0.1 z1.extreme-dm.com #SpySweeperCASS
127.0.0.1 ads.forbes.net #SpySweeperCASS
127.0.0.1 ads.newcity.com #SpySweeperCASS
127.0.0.1 ads.ign.com #SpySweeperCASS
127.0.0.1 adserver.ign.com #SpySweeperCASS
127.0.0.1 ads.scifi.com #SpySweeperCASS
127.0.0.1 adengine.theglobe.com #SpySweeperCASS
127.0.0.1 ads.tucows.com #SpySweeperCASS
127.0.0.1 adcontent.gamespy.com #SpySweeperCASS
127.0.0.1 ads4.advance.net #SpySweeperCASS
127.0.0.1 ads1.advance.net #SpySweeperCASS
127.0.0.1 eur.yimg.com #SpySweeperCASS
127.0.0.1 us.a1.yimg.com #SpySweeperCASS
127.0.0.1 ad.harmony-central.com #SpySweeperCASS
127.0.0.1 sg.yimg.com #SpySweeperCASS
127.0.0.1 adverity.adverity.com #SpySweeperCASS
127.0.0.1 ads.bloomberg.com #SpySweeperCASS
127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS
127.0.0.1 ads.mysimon.com #SpySweeperCASS
127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS
127.0.0.1 adimages.go.com #SpySweeperCASS
127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS
127.0.0.1 ad.kimo.com.tw #SpySweeperCASS
127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS
127.0.0.1 ads.paxnet.com #SpySweeperCASS
127.0.0.1 ads.eu.msn.com #SpySweeperCASS
127.0.0.1 ads.admonitor.net #SpySweeperCASS
127.0.0.1 wwa.hitbox.com #SpySweeperCASS
127.0.0.1 ads.nytimes.com #SpySweeperCASS
127.0.0.1 ads.erotism.com #SpySweeperCASS
127.0.0.1 banner.rootsweb.com #SpySweeperCASS
127.0.0.1 ads.ole.com #SpySweeperCASS
127.0.0.1 adimg1.chosun.com #SpySweeperCASS
127.0.0.1 ss.mtree.com #SpySweeperCASS
127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS
127.0.0.1 adserver.ugo.com #SpySweeperCASS
127.0.0.1 ad.sales.olympics.com #SpySweeperCASS
127.0.0.1 m2.doubleclick.net #SpySweeperCASS
127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS
127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS
127.0.0.1 www.datais.com #SpySweeperCASS
127.0.0.1 oas.mmd.ch #SpySweeperCASS
127.0.0.1 pub-g.ifrance.com #SpySweeperCASS
127.0.0.1 ads.bianca.com #SpySweeperCASS
127.0.0.1 wap.adlink.de #SpySweeperCASS
127.0.0.1 click.adlink.de #SpySweeperCASS
127.0.0.1 banner.adlink.de #SpySweeperCASS
127.0.0.1 hurricane.adlink.de #SpySweeperCASS
127.0.0.1 west.adlink.de #SpySweeperCASS
127.0.0.1 scand.adlink.de #SpySweeperCASS
127.0.0.1 regio.adlink.de #SpySweeperCASS
127.0.0.1 direct.adlink.de #SpySweeperCASS
127.0.0.1 classic.adlink.de #SpySweeperCASS
127.0.0.1 adlui001.adlink.de #SpySweeperCASS
127.0.0.1 banner1.adlink.de #SpySweeperCASS
127.0.0.1 click.mp3.com #SpySweeperCASS
127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS
127.0.0.1 icover.realmedia.com #SpySweeperCASS
127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS
127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS
127.0.0.1 ads.tmcs.net #SpySweeperCASS
127.0.0.1 amedia.techies.com #SpySweeperCASS
127.0.0.1 www.exchange-it.com #SpySweeperCASS
127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 ad.tomshardware.com #SpySweeperCASS
127.0.0.1 ads.currantbun.com #SpySweeperCASS
127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS
127.0.0.1 ads15.focalink.com #SpySweeperCASS
127.0.0.1 ads13.focalink.com #SpySweeperCASS
127.0.0.1 adserver.colleges.com #SpySweeperCASS
127.0.0.1 ads.nwsource.com #SpySweeperCASS
127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS
127.0.0.1 ads.newsint.co.uk #SpySweeperCASS
127.0.0.1 ads.starnews.com #SpySweeperCASS
127.0.0.1 www.linksynergy.com #SpySweeperCASS
127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS
127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS
127.0.0.1 ads.newsdigital.net #SpySweeperCASS
127.0.0.1 arc5.msn.com #SpySweeperCASS
127.0.0.1 arc4.msn.com #SpySweeperCASS
127.0.0.1 arc3.msn.com #SpySweeperCASS
127.0.0.1 arc2.msn.com #SpySweeperCASS
127.0.0.1 arc1.msn.com #SpySweeperCASS
127.0.0.1 ads.discovery.com #SpySweeperCASS
127.0.0.1 im.800.com #SpySweeperCASS
127.0.0.1 img.cmpnet.com #SpySweeperCASS
127.0.0.1 ad7.internetadserver.com #SpySweeperCASS
127.0.0.1 ads.dai.net #SpySweeperCASS
127.0.0.1 ads.cbc.ca #SpySweeperCASS
127.0.0.1 www75.valueclick.com #SpySweeperCASS
127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS
127.0.0.1 ti.click2net.com #SpySweeperCASS
127.0.0.1 www.onresponse.com #SpySweeperCASS
127.0.0.1 ads.list-universe.com #SpySweeperCASS
127.0.0.1 advert.bayarea.com #SpySweeperCASS
127.0.0.1 www3.pagecount.com #SpySweeperCASS
127.0.0.1 www.netsponsors.com #SpySweeperCASS
127.0.0.1 adthru.com #SpySweeperCASS
127.0.0.1 ads.newtimes.com #SpySweeperCASS
127.0.0.1 ads.ugo.com #SpySweeperCASS
127.0.0.1 ads.belointeractive.com #SpySweeperCASS
127.0.0.1 wwb.hitbox.com #SpySweeperCASS
127.0.0.1 comtrack.comclick.com #SpySweeperCASS
127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS
127.0.0.1 www.click-fr.com #SpySweeperCASS
127.0.0.1 www.cibleclick.com #SpySweeperCASS
127.0.0.1 reply.mediatris.net #SpySweeperCASS
127.0.0.1 cgi.declicnet.com #SpySweeperCASS
127.0.0.1 pubs.mgn.net #SpySweeperCASS
127.0.0.1 ads.mcafee.com #SpySweeperCASS
127.0.0.1 ads1.ad-flow.com #SpySweeperCASS
127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.adtraq.com #SpySweeperCASS
127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS
127.0.0.1 adpop.theglobe.com #SpySweeperCASS
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS
127.0.0.1 ads.adflight.com #SpySweeperCASS
127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS
127.0.0.1 ads.ecircles.com #SpySweeperCASS
127.0.0.1 ads.god.co.uk #SpySweeperCASS
127.0.0.1 ads.hyperbanner.net #SpySweeperCASS
127.0.0.1 ads.jpost.com #SpySweeperCASS
127.0.0.1 ads.netmechanic.com #SpySweeperCASS
127.0.0.1 ads.webcash.nl #SpySweeperCASS
127.0.0.1 adserver.netcast.nl #SpySweeperCASS
127.0.0.1 adserver.webads.com #SpySweeperCASS
127.0.0.1 adserver.webads.nl #SpySweeperCASS
127.0.0.1 adserver1.realtracker.com #SpySweeperCASS
127.0.0.1 adserver2.realtracker.com #SpySweeperCASS
127.0.0.1 adserver3.realtracker.com #SpySweeperCASS
127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS
127.0.0.1 holland.hyperbanner.net #SpySweeperCASS
127.0.0.1 images.webads.nl #SpySweeperCASS
127.0.0.1 sc.clicksupply.com #SpySweeperCASS
127.0.0.1 service.bfast.com #SpySweeperCASS
127.0.0.1 www.ad4ex.com #SpySweeperCASS
127.0.0.1 www.bannercampaign.com #SpySweeperCASS
127.0.0.1 www.cyberbounty.com #SpySweeperCASS
127.0.0.1 www.netvertising.be #SpySweeperCASS
127.0.0.1 www.speedyclick.com #SpySweeperCASS
127.0.0.1 www.webads.nl #SpySweeperCASS
127.0.0.1 ads.snowball.com #SpySweeperCASS
127.0.0.1 ads.amazingmedia.com #SpySweeperCASS
127.0.0.1 www10.valueclick.com #SpySweeperCASS
127.0.0.1 js1.hitbox.com #SpySweeperCASS
127.0.0.1 rd1.hitbox.com #SpySweeperCASS
127.0.0.1 mt37.mtree.com #SpySweeperCASS
127.0.0.1 ads.gameanswers.com #SpySweeperCASS
127.0.0.1 ads7.udc.advance.net #SpySweeperCASS
127.0.0.1 www23.valueclick.com #SpySweeperCASS
127.0.0.1 ads.fortunecity.com #SpySweeperCASS
127.0.0.1 banners.nextcard.com #SpySweeperCASS
127.0.0.1 ads.iwon.com #SpySweeperCASS
127.0.0.1 www.qksrv.net #SpySweeperCASS
127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS
127.0.0.1 ads-b.focalink.com #SpySweeperCASS
127.0.0.1 ad2.peel.com #SpySweeperCASS
127.0.0.1 ads.floridatoday.com #SpySweeperCASS
127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS
127.0.0.1 ads18.bpath.com #SpySweeperCASS
127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS
127.0.0.1 global.msads.net #SpySweeperCASS
127.0.0.1 pluto1.iserver.net #SpySweeperCASS
127.0.0.1 ads1.intelliads.com #SpySweeperCASS
127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS
127.0.0.1 ads.stileproject.com #SpySweeperCASS
127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS
127.0.0.1 www.blissnet.net #SpySweeperCASS
127.0.0.1 www.consumerinfo.com #SpySweeperCASS
127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS
127.0.0.1 k5ads.osdn.com #SpySweeperCASS
127.0.0.1 actionsplash.com #SpySweeperCASS
127.0.0.1 campaigns.f2.com.au #SpySweeperCASS
127.0.0.1 adserver.news.com.au #SpySweeperCASS
127.0.0.1 servedby.advertising.com #SpySweeperCASS
127.0.0.1 java.yahoo.com #SpySweeperCASS
127.0.0.1 ad.howstuffworks.com #SpySweeperCASS
127.0.0.1 ads.1for1.com #SpySweeperCASS
127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS
127.0.0.1 ads.devx.com #SpySweeperCASS
127.0.0.1 utils.mediageneral.com #SpySweeperCASS
127.0.0.1 banners.friendfinder.com #SpySweeperCASS
127.0.0.1 adserver.matchcraft.com #SpySweeperCASS
127.0.0.1 www.dnps.com #SpySweeperCASS
127.0.0.1 creative.whi.co.nz #SpySweeperCASS
127.0.0.1 rmedia.boston.com #SpySweeperCASS
127.0.0.1 webaffiliate.covad.com #SpySweeperCASS
127.0.0.1 ad.iwin.com #SpySweeperCASS
127.0.0.1 www.nailitonline2.com #SpySweeperCASS
127.0.0.1 mds.centrport.net #SpySweeperCASS
127.0.0.1 oas.dispatch.com #SpySweeperCASS
127.0.0.1 adserver.ads360.com #SpySweeperCASS
127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS
127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS
127.0.0.1 ads.clickagents.com #SpySweeperCASS
127.0.0.1 banners.chek.com #SpySweeperCASS
127.0.0.1 zi.r.tv.com #SpySweeperCASS
127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS
127.0.0.1 ads.greensboro.com #SpySweeperCASS
127.0.0.1 ad2.adcept.net #SpySweeperCASS
127.0.0.1 ads.colo.kiva.net #SpySweeperCASS
127.0.0.1 adsrv.iol.co.za #SpySweeperCASS
127.0.0.1 mjxads.internet.com #SpySweeperCASS
127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS
127.0.0.1 ads.vnuemedia.com #SpySweeperCASS
127.0.0.1 affiliate.doteasy.com #SpySweeperCASS
127.0.0.1 m.tribalfusion.com #SpySweeperCASS
127.0.0.1 oas.lee.net #SpySweeperCASS
127.0.0.1 www.banneroverdrive.com #SpySweeperCASS
127.0.0.1 ad3.peel.com #SpySweeperCASS
127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS
127.0.0.1 adserver.snowball.com #SpySweeperCASS
127.0.0.1 media15.fastclick.net #SpySweeperCASS
127.0.0.1 ads5.advance.net #SpySweeperCASS
127.0.0.1 ads3.advance.net #SpySweeperCASS
127.0.0.1 ads2.advance.net #SpySweeperCASS
127.0.0.1 ads.advance.net #SpySweeperCASS
127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS
127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS
127.0.0.1 oas.villagevoice.com #SpySweeperCASS
127.0.0.1 www.ad-flow.com #SpySweeperCASS
127.0.0.1 ads.guardian.co.uk #SpySweeperCASS
127.0.0.1 ads.hitcents.com #SpySweeperCASS
127.0.0.1 media19.fastclick.net #SpySweeperCASS
127.0.0.1 a.tribalfusion.com #SpySweeperCASS
127.0.0.1 ads.nypost.com #SpySweeperCASS
127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS
127.0.0.1 ads.ad-flow.com #SpySweeperCASS
127.0.0.1 adserver.hispavista.com #SpySweeperCASS
127.0.0.1 ads.musiccity.com #SpySweeperCASS
127.0.0.1 banners.revenuelink.com #SpySweeperCASS
127.0.0.1 ads1.sptimes.com #SpySweeperCASS
127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS
127.0.0.1 ads.adtegrity.net #SpySweeperCASS
127.0.0.1 media13.fastclick.net #SpySweeperCASS
127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS
127.0.0.1 ads.live365.com #SpySweeperCASS
127.0.0.1 ads.fredericksburg.com #SpySweeperCASS
127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS

127.0.0.1 ads.bigcitytools.com #SpySweeperCASS
127.0.0.1 netshelter.adtrix.com #SpySweeperCASS
127.0.0.1 y.ibsys.com #SpySweeperCASS
127.0.0.1 adserver.nydailynews.com #SpySweeperCASS
127.0.0.1 s0b.bluestreak.com #SpySweeperCASS
127.0.0.1 images.scripps.com #SpySweeperCASS
127.0.0.1 images.cybereps.com #SpySweeperCASS
127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS
127.0.0.1 krd.realcities.com #SpySweeperCASS
127.0.0.1 www3.bannerspace.com #SpySweeperCASS
127.0.0.1 view.atdmt.com #SpySweeperCASS
127.0.0.1 ads7.advance.net #SpySweeperCASS
127.0.0.1 ad.abcnews.com #SpySweeperCASS
127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS
127.0.0.1 secure.webconnect.net #SpySweeperCASS
127.0.0.1 ads.nandomedia.com #SpySweeperCASS
127.0.0.1 banners.babylon-x.com #SpySweeperCASS
127.0.0.1 media17.fastclick.net #SpySweeperCASS
127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS
127.0.0.1 ads.exhedra.com #SpySweeperCASS
127.0.0.1 ad.trafficmp.com #SpySweeperCASS
127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS
127.0.0.1 banner.northsky.com #SpySweeperCASS
127.0.0.1 ftp.nacorp.com #SpySweeperCASS
127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS
127.0.0.1 c1.zedo.com #SpySweeperCASS
127.0.0.1 ads4.condenet.com #SpySweeperCASS
127.0.0.1 www.brilliantdigital.com #SpySweeperCASS
127.0.0.1 desktop.kazaa.com #SpySweeperCASS
127.0.0.1 shop.kazaa.com #SpySweeperCASS
127.0.0.1 www.bonzi.com #SpySweeperCASS
127.0.0.1 www.b3d.com #SpySweeperCASS
127.0.0.1 neighborhood.standard.net #SpySweeperCASS
127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS
127.0.0.1 spinbox.techtracker.com #SpySweeperCASS
127.0.0.1 toads.osdn.com #SpySweeperCASS
127.0.0.1 ads.themes.org #SpySweeperCASS
127.0.0.1 adserver.trb.com #SpySweeperCASS

127.0.0.1 banner.easyspace.com #SpySweeperCASS
127.0.0.1 www.banner2u.com #SpySweeperCASS
127.0.0.1 ads.thestar.com #SpySweeperCASS
127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS
127.0.0.1 www.fineclicks.com #SpySweeperCASS
127.0.0.1 ads.mdchoice.com #SpySweeperCASS
127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
127.0.0.1 adtegrity.thruport.com #SpySweeperCASS
127.0.0.1 a.mktw.net #SpySweeperCASS
127.0.0.1 ads.pennyweb.com #SpySweeperCASS
127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 ads.forbes.com #SpySweeperCASS
127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS
127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS
127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS
127.0.0.1 ads1.condenet.com #SpySweeperCASS
127.0.0.1 adserver.anm.co.uk #SpySweeperCASS
127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS
127.0.0.1 bidclix.net #SpySweeperCASS
127.0.0.1 media.popuptraffic.com #SpySweeperCASS
127.0.0.1 coreg.flashtrack.net #SpySweeperCASS
127.0.0.1 rmads.msn.com #SpySweeperCASS
127.0.0.1 ads.icq.com #SpySweeperCASS
127.0.0.1 cb.icq.com #SpySweeperCASS
127.0.0.1 cf.icq.com #SpySweeperCASS
127.0.0.1 www2.newtopsites.com #SpySweeperCASS
127.0.0.1 adserv.internetfuel.com #SpySweeperCASS
127.0.0.1 images.fastclick.net #SpySweeperCASS
127.0.0.1 adserver.securityfocus.com #SpySweeperCASS
127.0.0.1 www.avsads.com #SpySweeperCASS
127.0.0.1 banners.moviegoods.com #SpySweeperCASS
127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS
127.0.0.1 ads.iambic.com #SpySweeperCASS
127.0.0.1 sfads.osdn.com #SpySweeperCASS
127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS
127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS
127.0.0.1 marketing.nyi.net #SpySweeperCASS
127.0.0.1 www.netflip.com #SpySweeperCASS
127.0.0.1 image.imgfarm.com #SpySweeperCASS
127.0.0.1 ads.viaarena.com #SpySweeperCASS
127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS
127.0.0.1 ads.astalavista.us #SpySweeperCASS
127.0.0.1 banner.coza.com #SpySweeperCASS
127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS
127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS
127.0.0.1 adlog.com.com #SpySweeperCASS
127.0.0.1 adimg.com.com #SpySweeperCASS
127.0.0.1 adimage.bankrate.com #SpySweeperCASS
127.0.0.1 ads.mediadevil.com #SpySweeperCASS
127.0.0.1 imageserv.adtech.de #SpySweeperCASS
127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS
127.0.0.1 ads.cashsurfers.com #SpySweeperCASS
127.0.0.1 ads.specificpop.com #SpySweeperCASS
127.0.0.1 z1.adserver.com #SpySweeperCASS
127.0.0.1 images.bizrate.com #SpySweeperCASS
127.0.0.1 q.pni.com #SpySweeperCASS
127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS
127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS
127.0.0.1 images.newsx.cc #SpySweeperCASS
127.0.0.1 www.adireland.com #SpySweeperCASS
127.0.0.1 ads.iafrica.com #SpySweeperCASS
127.0.0.1 ads.nyi.net #SpySweeperCASS
127.0.0.1 geoads.osdn.com #SpySweeperCASS
127.0.0.1 www.crisscross.com #SpySweeperCASS
127.0.0.1 netcomm.spinbox.net #SpySweeperCASS
127.0.0.1 ads.videoaxs.com #SpySweeperCASS
127.0.0.1 mediamgr.ugo.com #SpySweeperCASS
127.0.0.1 adserver.pollstar.com #SpySweeperCASS
127.0.0.1 information.gopher.com #SpySweeperCASS
127.0.0.1 ads.adviva.net #SpySweeperCASS
127.0.0.1 adsrv.bankrate.com #SpySweeperCASS
127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS
127.0.0.1 speed.pointroll.com #SpySweeperCASS
127.0.0.1 amch.questionmarket.com #SpySweeperCASS
127.0.0.1 ads.gamespy.com #SpySweeperCASS

127.0.0.1 ads.columbian.com #SpySweeperCASS
127.0.0.1 clickit.go2net.com #SpySweeperCASS
127.0.0.1 vpdc.ru4.com #SpySweeperCASS
127.0.0.1 ads.developershed.com #SpySweeperCASS
127.0.0.1 ads.globeandmail.com #SpySweeperCASS
127.0.0.1 ads.nerve.com #SpySweeperCASS
127.0.0.1 iv.doubleclick.net #SpySweeperCASS
127.0.0.1 ads2.condenet.com #SpySweeperCASS
127.0.0.1 www.burstnet.com #SpySweeperCASS
127.0.0.1 ads5.canoe.ca #SpySweeperCASS
127.0.0.1 askmen.thruport.com #SpySweeperCASS
127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS
127.0.0.1 ads.theolympian.com #SpySweeperCASS
127.0.0.1 ads.courierpostonline.com #SpySweeperCASS
127.0.0.1 i.timeinc.net #SpySweeperCASS
127.0.0.1 oasads.whitepages.com #SpySweeperCASS
127.0.0.1 rad.msn.com #SpySweeperCASS
127.0.0.1 serve.thisbanner.com #SpySweeperCASS
127.0.0.1 images.trafficmp.com #SpySweeperCASS
127.0.0.1 www.kaplanindex.com #SpySweeperCASS
127.0.0.1 kaplanindex.com #SpySweeperCASS
127.0.0.1 1.httpdads.com #SpySweeperCASS
127.0.0.1 spinbox.maccentral.com #SpySweeperCASS
127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS
127.0.0.1 webad.ajeeb.com #SpySweeperCASS
127.0.0.1 ads.granadamedia.com #SpySweeperCASS
127.0.0.1 oas.uniontrib.com #SpySweeperCASS
127.0.0.1 ads.wnd.com #SpySweeperCASS
127.0.0.1 a3.suntimes.com #SpySweeperCASS
127.0.0.1 tmsads.tribune.com #SpySweeperCASS
127.0.0.1 ads.peel.com #SpySweeperCASS
127.0.0.1 ads.mh5.com #SpySweeperCASS
127.0.0.1 ad.usatoday.com #SpySweeperCASS
127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
127.0.0.1 ads.mediaturf.net #SpySweeperCASS
127.0.0.1 ads4.clearchannel.com #SpySweeperCASS
127.0.0.1 ads.clearchannel.com #SpySweeperCASS
127.0.0.1 ads2.clearchannel.com #SpySweeperCASS
127.0.0.1 ads.jacksonsun.com #SpySweeperCASS
127.0.0.1 servads.aip.org #SpySweeperCASS
127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
127.0.0.1 adng.ascii24.com #SpySweeperCASS
127.0.0.1 engage.speedera.net #SpySweeperCASS
127.0.0.1 ads.msn-ppe.com #SpySweeperCASS
127.0.0.1 ad.openfind.com.tw #SpySweeperCASS
127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS
127.0.0.1 ads.northjersey.com #SpySweeperCASS
127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS
127.0.0.1 banners.valuead.com #SpySweeperCASS
127.0.0.1 ad1.aaddzz.com #SpySweeperCASS
127.0.0.1 ds.eyeblaster.com #SpySweeperCASS
127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
127.0.0.1 oas.uniontrib.com #SpySweeperCASS
127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS
127.0.0.1 ads.centralohio.com #SpySweeperCASS

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\eulbn.dll Deleted
C:\Program Files\AntiVirGear 3.8\ Deleted
C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F6849BC-CEAB-4C5F-9C64-50E0CE140E17}: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8F6849BC-CEAB-4C5F-9C64-50E0CE140E17}: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F6849BC-CEAB-4C5F-9C64-50E0CE140E17}: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.94.156.1 68.94.157.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

AND THE AVG ANTISPYWARE LOG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:49:54 PM 11/19/2007

+ Scan result:

HKU\S-1-5-21-4121513805-2820878500-917325846-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP34\A0009036.dll -> Downloader.Bojo.r : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).

::Report end

#6 OFFLINE askey127

Advanced Member

Members
108 posts

Gender:Male
Location:New Hampshire, US

Posted 20 November 2007 - 11:14 AM

jonathan23,
The version of HiJackThis you are running is an old beta version.
Please delete it, and download the newest one and install it as follows:
-----------------------------------------------
Download HJTInstall.exe and save to your Desktop.

Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and a text log file will open in notepad.
Make sure Notepad's Format Menu has Word Wrap Unchecked.
Copy/Paste the entire log into your next reply please.
No matter what it says in the QuickStart Guide or elsewhere, DON'T USE the "ANALYZE THIS" button.
Its Findings can be Dangerous for your machine.
Please Don't have Hijackthis fix anything yet.
Most of what it is in the log are legitimate entries, necessary for the operation of your computer.

----------------------------------------------------------
Download and Install CCleaner

Download CCleaner from here
Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
Click OK
Click Next
Click I agree
Click Next
Click Install
Once the installation has finished, click Finish

-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours.
Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
Please post the contents of install.txt and the new HiJackThis log.
askey127

Microsoft MVP 2007-2008
FixEdit | FixEdit User Guide | Log Comparator |

Back to Spyware Hell