• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
rmetz

infected again

10 posts in this topic

I am posting a Hijackthis 2.0 Logfile. I am hoping that someone can help me out with this:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:40:01 PM, on 5/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\WINDOWS\system32\ctfmon.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\program files\common files\mcafee\redirsvc\redirsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)

O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)

O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\PROGRA~1\MYWEBS~1\bar\4.bin\W6BAR.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll

O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)

O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)

O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iDEAL Calendar] "C:\Program Files\IDEAL Calendar\calendar.exe"

O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [Democracy Player] C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy.exe

O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe

O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe

O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\atmclk.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe

O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe

O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] tpvvym.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Windows Compliant] tpvvym.exe (User 'Default user')

O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')

O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171575612346

O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O17 - HKLM\Software\..\Telephony: DomainName = your-sz7x7sefxo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - (no file)

O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

--

End of file - 10755 bytes

 

I realize that i have 2 virus programs running, but i have tried to uninstall mcaffee since it isn't working properly and it keeps hanging. I did manage to uninstall the McAffee virus detector I think. Any help would be wonderful. Thanks in advance

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

* Go to start > controlpanel > software > Add or Remove Programs and uninstall MyWebsearch if present.

 

Also, I notice that you have Weatherbug installed on your computer – This is very much an ad-enabled application which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts can also draw unwanted ads and popups to your computer.

You may also want to read this why weatherbug is not recommended: http://fravia.com/weatherbug.htm

 

Our recommendation would be to uninstall it using the Add or Remove Programs feature in Control Panel.

 

If you want a program which provides weather information there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from http://www.snapfiles.com/get/weatherwatcher.html.

 

Of course this remains entirely your choice, but please be aware that if you decide to continue using Weatherbug, your computer will be at an increased risk of infection from malware.

 

Reboot after uninstalling.

Then,

 

* Please download SmitfraudFix (by S!Ri)

 

* Reboot into Safe Mode`: ( without networking support !)

°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

 

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)

O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)

O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\PROGRA~1\MYWEBS~1\bar\4.bin\W6BAR.DLL

O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll

O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)

O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe

O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe

O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\atmclk.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe

O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe

O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] tpvvym.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Windows Compliant] tpvvym.exe (User 'Default user')

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?

O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab

O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - (no file)

O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)

O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

* Doubleclick SmitFraudFix to start the tool.

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwards

 

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

 

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

 

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process.

 

Post the log from smitfraudfix in your next reply together with a new hijackthislog.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

 

extra note:

I realize that i have 2 virus programs running, but i have tried to uninstall mcaffee since it isn't working properly and it keeps hanging

* Download and run the McAfee Consumer Products Removal tool (MCPR.exe).

Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.

  • McAfee Security Center
  • McAfee VirusScan
  • McAfee Personal Firewall Plus
  • McAfee Privacy Service
  • McAfee SpamKiller
  • McAfee Wireless Network Security
  • McAfee SiteAdvisor
  • McAfee Data Backup
  • McAfee Network Manager
  • McAfee Easy Network
  • McAfee AntiSpyware

Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe

  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Double-click MCPR.exe.
  • Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
    Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
    After the second window appears, the program will begin the cleanup.
  • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
    The machine must reboot to complete the un-installation. Reboot now? [y.n]
     
  • Press Y on the keyboard.
  • Wait for the computer to restart.

All McAfee products are now removed from your computer.

These McAfee removal instructions can be found at http://ts.mcafeehelp.com/faq3.asp?docid=408302

Share this post


Link to post
Share on other sites

miekiemoes, Thank you so much for your time in getting this computer fixed. As requested, I uninstalled weatherbug. Here is the new HJT log:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:03:25 PM, on 6/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\IDEAL Calendar\calendar.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iDEAL Calendar] "C:\Program Files\IDEAL Calendar\calendar.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171575612346

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O17 - HKLM\Software\..\Telephony: DomainName = your-sz7x7sefxo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

 

--

End of file - 5521 bytes

 

Here also is rapport.txt:

 

SmitFraudFix v2.192

 

Scan done at 19:40:42.35, Mon 06/04/2007

Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

127.0.0.1 absoluagency.com #[Trojan.StartPage.H]

127.0.0.1 acestats.com

127.0.0.1 www.acestats.com

127.0.0.1 www.activesearch.com #[Adware.ActiveSearch]

127.0.0.1 actualnames.com #[Parasite.ActualNames][spyware.ActualNames]

127.0.0.1 www.actualnames.com

127.0.0.1 ad-up.com

127.0.0.1 www.ad-up.com

127.0.0.1 adatom.com

127.0.0.1 aesp.adatom.com

127.0.0.1 adbest.com #[iE-SpyAd]

127.0.0.1 www.adcipta.net #[W32/Malware]

127.0.0.1 adserv.adbonus.com #[iE-SpyAd]

127.0.0.1 www.adbonus.com

127.0.0.1 media.adcentriconline.com #[iE-SpyAd]

127.0.0.1 ad2.adcept.net

127.0.0.1 ad3.adcept.net

127.0.0.1 www.adcept.net #[iE-SpyAd]

127.0.0.1 adcomplete.com #[iE-SpyAd]

127.0.0.1 www.adcomplete.com

127.0.0.1 www.adcopy.info

127.0.0.1 ads.adcorps.com

127.0.0.1 ads.addynamix.com #[iE-SpyAd]

127.0.0.1 pt.server1.adexit.com

127.0.0.1 www.adexit.com #[iE-SpyAd]

127.0.0.1 www.ad4ever.com #[iE-SpyAd]

127.0.0.1 adhearus.com

127.0.0.1 ads.adhearus.com

127.0.0.1 display2.adhearus.com

127.0.0.1 display3.adhearus.com

127.0.0.1 ssl3.adhost.com #[iE-SpyAd]

127.0.0.1 www2.adhost.com

127.0.0.1 www.addme.com #[iE-SpyAd]

127.0.0.1 www.adinfinity.com #[iE-SpyAd]

127.0.0.1 adsvr.adknowledge.com #[iE-SpyAd]

127.0.0.1 web.adknowledge.com

127.0.0.1 te.adlandpro.com #[iE-SpyAd]

127.0.0.1 media.adlegend.com

127.0.0.1 classic.adlink.de #[iE-SpyAd]

127.0.0.1 regio.adlink.de

127.0.0.1 west.adlink.de

127.0.0.1 www.adminder.com #[iE-SpyAd]

127.0.0.1 adsfac.net #[iE-SpyAd]

127.0.0.1 www.adonweb.com

127.0.0.1 adserver.adreactor.com

127.0.0.1 www.adrelevance.com #[NetRatings][iE-SpyAd]

127.0.0.1 media.adrevolver.com #[iE-SpyAd]

127.0.0.1 serv.ad-rotator.com

127.0.0.1 serv2.ad-rotator.com

127.0.0.1 ad.ads.dk #[iE-SpyAd]

127.0.0.1 tdkads.ads.dk

127.0.0.1 ads.adsag.com

127.0.0.1 di.adsag.com

127.0.0.1 img.adsag.com

127.0.0.1 adserv.com

127.0.0.1 www.adserv.com

127.0.0.1 ads.adtomi.com #[iE-SpyAd]

127.0.0.1 www.adtomi.com #[Adware.Adtomi]

127.0.0.1 downldcl.adtoolsinc.com

127.0.0.1 www.adtoolsinc.com #[iE-SpyAd]

127.0.0.1 www.adtrader.com #[iE-SpyAd]

127.0.0.1 survey.advantageresearch.com #[iE-SpyAd]

127.0.0.1 ad.adver.com.tw

127.0.0.1 ads.advertise.net #[iE-SpyAd]

127.0.0.1 advertisingvision.com #[iE-SpyAd]

127.0.0.1 www.advertisingvision.com #[Adware.Advision]

127.0.0.1 adviva.com #[iE-SpyAd]

127.0.0.1 www.adviva.com

127.0.0.1 ads.adviva.net #[iE-SpyAd]

127.0.0.1 adstats.adviva.net

127.0.0.1 tracker.affistats.com #[iE-SpyAd][msvrl.dll]

127.0.0.1 banners.affiliatefuel.com

127.0.0.1 www.affiliatefuel.com #[iE-SpyAd]

127.0.0.1 affiliatetarget.com #[iE-SpyAd][server down?]

127.0.0.1 www.affiliatetarget.com

127.0.0.1 fcds.affiliatetracking.net

127.0.0.1 our.affiliatetracking.net

127.0.0.1 www.affiliatetracking.net #[iE-SpyAd]

127.0.0.1 www.affiliatetracking.com #[iE-SpyAd]

127.0.0.1 aams1.aim4media.com

127.0.0.1 adcodes.aim4media.com

127.0.0.1 adserver.aim4media.com

127.0.0.1 adtest.aim4media.com

127.0.0.1 pops.aim4media.com

127.0.0.1 www.aim4media.com #[iE-SpyAd]

127.0.0.1 crs.akamai.com

127.0.0.1 soap.alexa.com #[spyware.Alexa][Alexa Toolbar]

127.0.0.1 traffic.alexa.com

127.0.0.1 xsltcache.alexa.com

127.0.0.1 www.alexa.com #[iE-SpyAd]

127.0.0.1 www.allthatsearch.com #[iE-SpyAd]

127.0.0.1 v8.alwaysupdatednews.com #[Trojan.Alwayup]

127.0.0.1 www.alwaysupdatednews.com #[Trojan-Downloader.Win32.Small.akz]

127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster][iE-SpyAd]

127.0.0.1 bantam.ai.net #[iE-SpyAd]

127.0.0.1 fiona.ai.net

127.0.0.1 ads.amazingmedia.com #[iE-SpyAd]

127.0.0.1 adserver04.ancestry.com #[RealMedia]

127.0.0.1 search.antarasystems.com #[spyware.SearchPounder]

127.0.0.1 www.antarasystems.com

127.0.0.1 ads.antionline.com

127.0.0.1 junior.apk.net

127.0.0.1 banner.arttoday.com

127.0.0.1 ads.aspalliance.com

127.0.0.1 associmg.com #[iE-SpyAd][amazon.com]

127.0.0.1 armbender.com #[uCSearch.ucUCSearch][W32.Adclicker.F.Trojan]

127.0.0.1 www.armbender.com #[uCSearch.ArmBender]

127.0.0.1 te.audiencematch.net

127.0.0.1 audiogalaxy.com

127.0.0.1 www.audiogalaxy.com

127.0.0.1 adserving.autotrader.com

127.0.0.1 www.avres.net #[iE-SpyAd]

127.0.0.1 www.aweber.com #[iE-SpyAd]

127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]

127.0.0.1 ad.backyardgardener.com

127.0.0.1 ad1.backyardgardener.com

127.0.0.1 ad2.backyardgardener.com

127.0.0.1 baidu.com #[iE-SpyAd]

127.0.0.1 bar.baidu.com #[Parasite.ClientMan][Adware/BDSToolbar]

127.0.0.1 mp3.baidu.com

127.0.0.1 p4p.baidu.com

127.0.0.1 top.baidu.com

127.0.0.1 www.baidu.com #[[Adware.Baidu]

127.0.0.1 www.banner-mania.com

127.0.0.1 www.bannerspace.com #[iE-SpyAd]

127.0.0.1 www2.bannerspace.com

127.0.0.1 www3.bannerspace.com

127.0.0.1 www5.bannerspace.com

127.0.0.1 www6.bannerspace.com

127.0.0.1 www7.bannerspace.com

127.0.0.1 bannerswap.com #[iE-SpyAd]

127.0.0.1 www.bannerswap.com

127.0.0.1 ads.betanews.com

127.0.0.1 ads.bidclix.com #[iE-SpyAd]

127.0.0.1 www.bidclix.com

127.0.0.1 bidclix.net #[iE-SpyAd]

127.0.0.1 www.bidclix.net

127.0.0.1 bigtracker.com

127.0.0.1 bighits.net #[iE-SpyAd]

127.0.0.1 bigticker.bighits.net

127.0.0.1 bounty.bighits.net

127.0.0.1 www.bighits.net

127.0.0.1 download.bigwebportal.com #[iE-SpyAd]

127.0.0.1 www.bigwebportal.com #[hotwebsearch.com]

127.0.0.1 counter.bizland.com

127.0.0.1 webads.bizservers.com

127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]

127.0.0.1 www.blazehits.net #[gonnasearch.com]

127.0.0.1 cluster.blingblingcontent.com

127.0.0.1 gb.blingblingcontent.com

127.0.0.1 s7.blingblingcontent.com #[Easywebinstaller Control]

127.0.0.1 ads.bmais.net #[bluemountain]

127.0.0.1 bookedspace.com #[Parasite.BookedSpace]

127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]

127.0.0.1 a.boom.ro

127.0.0.1 s.boom.ro #[iE-SpyAd]

127.0.0.1 bans.bride.ru #[iE-SpyAd]

127.0.0.1 citi.bridgetrack.com #[iE-SpyAd]

127.0.0.1 rccl.bridgetrack.com

127.0.0.1 www.browserplugin.com #[WebHlprObj Class]

127.0.0.1 install.browsertoolbar.com #[backdoor.Autoupder][browserToolbar]

127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]

127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]

127.0.0.1 www.buildtraffic.com

127.0.0.1 www.buldog-search.com

127.0.0.1 www.buldog-stats.com #[MHTMLRedir.Exploit]

127.0.0.1 ads5.canoe.ca

127.0.0.1 www.cashventure.com

127.0.0.1 casino-on-net.com

127.0.0.1 java2.casino-on-net.com

127.0.0.1 www.casino-on-net.com

127.0.0.1 cc-dt.com

127.0.0.1 ads.cc-dt.com

127.0.0.1 clickserve.cc-dt.com

127.0.0.1 www.care2.com #[TopMoxie]

127.0.0.1 ads.cars.com

127.0.0.1 www.cashforclicks.com #[iE-SpyAd]

127.0.0.1 www.cashpile.com

127.0.0.1 ads.cc214142.com

127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]

127.0.0.1 cellaphone.net #[MHTMLRedir.Exploit]

127.0.0.1 www.celebritaspoglie.net #[iE-SpyAd]

127.0.0.1 mds.centrport.net #[iE-SpyAd]

127.0.0.1 c.clickaire.com #[iE-SpyAd]

127.0.0.1 classifieds1000.com

127.0.0.1 www.classifieds1000.com

127.0.0.1 clearfind.com

127.0.0.1 www.clearfind.com #[iE-SpyAd]

127.0.0.1 hop.clickbank.net #[Adware.Clickbank]

127.0.0.1 zzz.clickbank.net

127.0.0.1 clickedyclick.com #[iE-SpyAd]

127.0.0.1 www.clickexchange.ru #[iE-SpyAd]

127.0.0.1 click2boost.com #[iE-SpyAd]

127.0.0.1 secure.click2boost.com

127.0.0.1 service.click2boost.com

127.0.0.1 www.click2boost.com

127.0.0.1 servedby.clickexperts.net

127.0.0.1 www.clicks2you.com #[iE-SpyAd]

127.0.0.1 stats1.clicktracks.com

127.0.0.1 www.is1.clixgalore.com

127.0.0.1 www.clixgalore.com #[iE-SpyAd]

127.0.0.1 www1.click-fr.com

127.0.0.1 www2.click-fr.com

127.0.0.1 www3.click-fr.com

127.0.0.1 www4.click-fr.com

127.0.0.1 www.clickhouse.com #[iE-SpyAd]

127.0.0.1 www.clicks4u.com #[iE-SpyAd]

127.0.0.1 cfg.clipgenie.com

127.0.0.1 download.clipgenie.com

127.0.0.1 dldw.clipgenie.com

127.0.0.1 ss.clipgenie.com

127.0.0.1 www.clipgenie.com #[Adware.ClipGenie]

127.0.0.1 comclick.com #[iE-SpyAd]

127.0.0.1 ct2.comclick.com

127.0.0.1 fl01.ct2.comclick.com

127.0.0.1 ihm01.ct2.comclick.com

127.0.0.1 www.comclick.com

127.0.0.1 www.comedy-planet.com #[Adware.ComedyPlanet]

127.0.0.1 www.thecoolbar.com #[softomate Toolbar][The Coolbar]

127.0.0.1 www.compactbanner.com #[iE-SpyAd]

127.0.0.1 ads.console.net

127.0.0.1 www.contextuads.com #[iE-SpyAd]

127.0.0.1 www1.contextweb.com

127.0.0.1 coolshader.com

127.0.0.1 c.coolshader.com #[Win32.Harnig]

127.0.0.1 www.coolshader.com

127.0.0.1 counted.com #[iE-SpyAd]

127.0.0.1 bilbo.counted.com

127.0.0.1 www.counted.com

127.0.0.1 www.counterguide.com

127.0.0.1 counter4u.de #[iE-SpyAd]

127.0.0.1 connectionzone.com

127.0.0.1 count.casino-trade.com

127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]

127.0.0.1 data.coremetrics.com #[iE-SpyAd]

127.0.0.1 twci.coremetrics.com

127.0.0.1 us.cqcounter.com #[iE-SpyAd]

127.0.0.1 zz.cqcounter.com

127.0.0.1 1us.cqcounter.com

127.0.0.1 ads.crosswinds.net

127.0.0.1 megabyte.crosswinds.net

127.0.0.1 cyberbounty.com #[iE-SpyAd]

127.0.0.1 js.cybermonitor.com

127.0.0.1 stat3.cybermonitor.com

127.0.0.1 cytron.com #[DailyWinner][Cytron]

127.0.0.1 www.cytron.com

127.0.0.1 www.dash.com

127.0.0.1 ads.date.com #[iE-SpyAd]

127.0.0.1 banner.date.com

127.0.0.1 au.track.decideinteractive.com

127.0.0.1 au.link.decideinteractive.com

127.0.0.1 eu.link.decideinteractive.com

127.0.0.1 link.decideinteractive.com

127.0.0.1 www.decideinteractive.com

127.0.0.1 www.decideinteractive.co.uk

127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]

127.0.0.1 collector.deepmetrix.com

127.0.0.1 geo.deepmetrix.com

127.0.0.1 www.deepmetrix.com #[Data Miner]

127.0.0.1 delta2378493.com #[Download.Sumina]

127.0.0.1 didtheyreadit.com #[iE-SpyAd]

127.0.0.1 www.didtheyreadit.com

127.0.0.1 counter.digits.com #[iE-SpyAd]

127.0.0.1 stats.directnic.com

127.0.0.1 www.divago.com #[Adware.Surfairy]

127.0.0.1 ad.dmpi.net

127.0.0.1 ad2.dmpi.net

127.0.0.1 ad3.dmpi.net

127.0.0.1 ad4.dmpi.net

127.0.0.1 ubnm.dmpi.net

127.0.0.1 www.dnscaching.net #[stickypops.com]

127.0.0.1 www.domamil.cz #[Trojan.Beagooz]

127.0.0.1 downloadalot.com

127.0.0.1 get.downloadalot.com

127.0.0.1 www.downloadalot.com #[iE-SpyAd]

127.0.0.1 www.downseek.com #[DownSeek Search]

127.0.0.1 dqmedia.net #[spam]

127.0.0.1 drmx01.net #[spam]

127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]

127.0.0.1 www.duenow.com

127.0.0.1 gfx.dvlabs.com #[iE-SpyAd]

127.0.0.1 klipads.dvlabs.com

127.0.0.1 e2give.com #[Adware-E2Give][spyware.e2give]

127.0.0.1 www.e2give.com

127.0.0.1 eaglehousing.com #[Trojan.Tabela.B]

127.0.0.1 www.eaglehousing.com #[Trojan.Eaghouse]

127.0.0.1 www.easywebsearch.nl #[Easywebinstaller Control][iE-SpyAd]

127.0.0.1 www.e-bannerx.com

127.0.0.1 adv1.eblocs.com

127.0.0.1 adv2.eblocs.com #[Rogue/Suspect][iE-SpyAd]

127.0.0.1 www.easycounter.com #[iE-SpyAd]

127.0.0.1 banners.easydns.com

127.0.0.1 banner.easyspace.com #[iE-SpyAd]

127.0.0.1 adserv1.ebates.com #[WebSavings]

127.0.0.1 www.ebates.com #[Adware.MoeMoney]

127.0.0.1 www.efinder.cc #[startPage-DA]

127.0.0.1 www.e-mn.com #[Trojan.Dremn]

127.0.0.1 epeople.com

127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]

127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]

127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]

127.0.0.1 www.escorcher.com #[iE-SpyAd]

127.0.0.1 www.eshopads2.com

127.0.0.1 estat.com #[iE-SpyAd]

127.0.0.1 perso.estat.com

127.0.0.1 prof.estat.com

127.0.0.1 www.estat.com

127.0.0.1 eu-adcenter.net

127.0.0.1 thinknyc.eu-adcenter.net

127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]

127.0.0.1 www.euroklik.nl #[EasyBar][installerX Class]

127.0.0.1 euro-randomizer.com #[Trojan.dropper]

127.0.0.1 engage.everyone.net

127.0.0.1 static.everyone.net #[iE-SpyAd]

127.0.0.1 www.exchangead.com #[iE-SpyAd]

127.0.0.1 exitexchange.com #[iE-SpyAd]

127.0.0.1 count.exitexchange.com

127.0.0.1 images.exitexchange.com

127.0.0.1 www.exitexchange.com #[Restricted Zone site]

127.0.0.1 www.exchangeexit.com #[installer Class][Winupie]

127.0.0.1 www.exittraffic.net #[iE-SpyAd]

127.0.0.1 cdn.eyewonder.com #[iE-SpyAd]

127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]

127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]

127.0.0.1 ezcybersearch.mail.everyone.net

127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]

127.0.0.1 www.evidence-eliminator.com

127.0.0.1 ads.fairfax.com.au

127.0.0.1 images.ads.fairfax.com.au

127.0.0.1 redirect.fairfax.com.au

127.0.0.1 campaigns.f2.com.au

127.0.0.1 fast-web-search.com #[iE-SpyAd]

127.0.0.1 www.fast-web-search.com

127.0.0.1 www.fast2net.com

127.0.0.1 www.fastfind.org #[subSearch][TROJ_STARTPAG.KF][Adware.Fastfind.B]

127.0.0.1 fasttrack.nu

127.0.0.1 www.fceboard.com #[Adware.EBoard]

127.0.0.1 www.fightpopups.net #[Adware.MessStopper]

127.0.0.1 adserver.filefront.com

127.0.0.1 www.filemix.net #[surf+][iE-SpyAd]

127.0.0.1 www.fineclicks.com #[iE-SpyAd]

127.0.0.1 firstname.com #[iE-SpyAd]

127.0.0.1 clicks.firstname.com

127.0.0.1 www.fizzlewizzle.com #[Fizzle Wizzle Searchbar]

127.0.0.1 flashtrack.net #[iE-SpyAd]

127.0.0.1 ads.flashtrack.net #[Adware.Flashtrack.B]

127.0.0.1 coreg.flashtrack.net

127.0.0.1 www.flashtrack.net #[Adware.FlashEnhancer][KB312429]

127.0.0.1 flyinads.com #[iE-SpyAd]

127.0.0.1 www.flyinads.com

127.0.0.1 ads.forbes.com #[iE-SpyAd]

127.0.0.1 klipmart.forbes.com

127.0.0.1 www.ampira.com #[Fortunecity]

127.0.0.1 ads.fortunecity.com

127.0.0.1 ads.v3.com #[Fortunecity]

127.0.0.1 www2.fortunecity.com

127.0.0.1 www.foxik.com #[MHTMLRedir.Exploit]

127.0.0.1 securinews.free.fr #[Trojan.Hexem]

127.0.0.1 ad.freefind.com

127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]

127.0.0.1 free-stats.com

127.0.0.1 counters.freewebs.com

127.0.0.1 www.freewebsites.com

127.0.0.1 ads.free-windows-games.com

127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]

127.0.0.1 pops.freeze.com #[[GamHelper]

127.0.0.1 ads.gamespy.com

127.0.0.1 adcontent.gamespy.com

127.0.0.1 ad1.gamezone.com #[RealMedia]

127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][backdoor.Gaster]

127.0.0.1 gd.geobytes.com #[obtains users location]

127.0.0.1 www.getsmart.com

127.0.0.1 bp2.getredirect.com #[iE-SpyAd]

127.0.0.1 4.getredirect.com #[superlogy.com]

127.0.0.1 www.getredirect.com

127.0.0.1 getupdate.com

127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]

127.0.0.1 www.getupdate.com #[Adware.Getup]

127.0.0.1 gigex.com #[iE-SpyAd]

127.0.0.1 media.gigex.com #[speedDelivery]

127.0.0.1 oascentral.gigex.com #[RealMedia]

127.0.0.1 www.gigex.com #[download Class]

127.0.0.1 globesearch.com

127.0.0.1 www.globesearch.com #[iE-SpyAd][CWS]

127.0.0.1 banner.goldenpalace.com #[redirects]

127.0.0.1 www.goldenwebawards.com

127.0.0.1 goldstats.net #[iE-SpyAd]

127.0.0.1 www.goldstats.net

127.0.0.1 www.goggle.com #[iE-SpyAd][typo squatter]

127.0.0.1 adincl.gopher.com #[infoSpace]

127.0.0.1 ads.gorillanation.com #[Restricted Zone site]

127.0.0.1 adserver.gorillanation.com

127.0.0.1 gostats.com #[iE-SpyAd]

127.0.0.1 c1.gostats.com

127.0.0.1 c2.gostats.com

127.0.0.1 webcounter.goweb.de #[iE-SpyAd]

127.0.0.1 greatstartpage.com #[iE-SpyAd]

127.0.0.1 www.greatstartpage.com

127.0.0.1 grokster.com #[iE-SpyAd][P2P]

127.0.0.1 dl.grokster.com

127.0.0.1 www.grokster.com

127.0.0.1 ads.guardian.co.uk

127.0.0.1 ads.guardianunlimited.co.uk

127.0.0.1 www.g-wizzads.net

127.0.0.1 www.halflemon.com #[searchHook Class]

127.0.0.1 ad0.haynet.com

127.0.0.1 www.hitboss.com #[iE-SpyAd]

127.0.0.1 www.hit4hit.com #[iE-SpyAd]

127.0.0.1 ads.hitcents.com #[iE-SpyAd]

127.0.0.1 hits-counter.com

127.0.0.1 hithopper.com #[Adware.Hithopper]

127.0.0.1 www.hithopper.com

127.0.0.1 www.hitlogger.com

127.0.0.1 hitmodel.net

127.0.0.1 hit-now.com

127.0.0.1 hit-parade.com

127.0.0.1 loga.hit-parade.com

127.0.0.1 www.hitpointer.com #[iE-SpyAd]

127.0.0.1 hitslink.com #[iE-SpyAd]

127.0.0.1 counter.hitslink.com

127.0.0.1 counter2.hitslink.com

127.0.0.1 www2.hitslink.com

127.0.0.1 www.hitslink.com

127.0.0.1 hitstats.net

127.0.0.1 www.hiwire.com #[iE-SpyAd]

127.0.0.1 ads.home.net

127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]

127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]

127.0.0.1 counters.honesty.com

127.0.0.1 horse-active.net

127.0.0.1 horse-dns.net

127.0.0.1 horse-search.net

127.0.0.1 banners.hotlinks.net #[iE-SpyAd]

127.0.0.1 horseserver.net #[Troj/Haxdor-Fam][Trojan.Startpage.I]

127.0.0.1 www.horseserver.net #[backdoor.Haxdoor.D]

127.0.0.1 hotsearch.com #[roar.com][iE-SpyAd]

127.0.0.1 www.hotsearch.com

127.0.0.1 www.10s.com.br #[Trojan.Cargao]

127.0.0.1 cgi.hotstat.nl #[iE-SpyAd]

127.0.0.1 viewstat.hotstat.nl

127.0.0.1 hc2.humanclick.com

127.0.0.1 www.humanclick.com #[iE-SpyAd]

127.0.0.1 custom1.hurricanedigitalmedia.com

127.0.0.1 custom3.hurricanedigitalmedia.com

127.0.0.1 www.hypertracker.com #[iE-SpyAd]

127.0.0.1 ads.iafrica.com

127.0.0.1 ads.iboost.com

127.0.0.1 www.i-clicks.net

127.0.0.1 hits.icdirect.com

127.0.0.1 hitctr01.icdirect.com

127.0.0.1 image-catcher.com

127.0.0.1 bar.iebar8.com #[Adware.Navihelper]

127.0.0.1 stats.surfaid.ihost.com #[iE-SpyAd]

127.0.0.1 ads.imdb.com #[amazon.com]

127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]

127.0.0.1 stats.indextools.com #[iE-SpyAd]

127.0.0.1 adserver.indieclick.com

127.0.0.1 campaign.indieclick.com

127.0.0.1 adcenter.in2.com

127.0.0.1 ads.inet1.com

127.0.0.1 ads7.inet1.com

127.0.0.1 banners.inetfast.com

127.0.0.1 ads.infospace.com

127.0.0.1 bvads.infospace.com

127.0.0.1 dpxml.infospace.com

127.0.0.1 xads.infospace.com

127.0.0.1 www.infospider.com #[iE-SpyAd]

127.0.0.1 ads.intellicast.com

127.0.0.1 ads.intelihealth.com

127.0.0.1 ads.intermezzia.com #[iE-SpyAd]

127.0.0.1 mjxads.internet.com #[iE-SpyAd]

127.0.0.1 indiads.com #[iE-SpyAd]

127.0.0.1 infostart.com #[iE-SpyAd]

127.0.0.1 popups.infostart.com

127.0.0.1 instantsearch.cc #[Adware/TheLocalSearch]

127.0.0.1 www.instantsearch.cc

127.0.0.1 www.intelli-tracker.com

127.0.0.1 inqwire.com #[iE-SpyAd]

127.0.0.1 www.inqwire.com

127.0.0.1 ads.ipowerweb.com

127.0.0.1 www.ipstat.com #[iE-SpyAd]

127.0.0.1 istarthere.com #[Troj/IEStart-C]

127.0.0.1 directory.istarthere.com

127.0.0.1 moviesponsor.istarthere.com

127.0.0.1 partners.istarthere.com

127.0.0.1 www.istarthere.com #[VBS_IESTART.F]

127.0.0.1 adcycle.isoftmarketing.com

127.0.0.1 www.itrafficstar.com #[iE-SpyAd]

127.0.0.1 www.jcount.com #[iE-SpyAd]

127.0.0.1 affiliates.jeanharris.com

127.0.0.1 popup.jeanharris.com

127.0.0.1 www.jellycounter.com

127.0.0.1 jpedownload.joltid.com

127.0.0.1 www.joltid.com #[Adware.P2PNetworking]

127.0.0.1 www1.kliks.nl #[iE-SpyAd]

127.0.0.1 www2.kliks.nl

127.0.0.1 www.kliks.nl

127.0.0.1 kt3.kliptracker.com #[iE-SpyAd]

127.0.0.1 kt4.kliptracker.com

127.0.0.1 www.kliptracker.com

127.0.0.1 stats.klsoft.com #[iE-SpyAd]

127.0.0.1 www.kmindex.ru

127.0.0.1 www.koolbar.net #[iE-SpyAd]

127.0.0.1 ad.leadcrunch.com #[iE-SpyAd]

127.0.0.1 ts1.lexmark.com

127.0.0.1 linkbuddies.com #[iE-SpyAd]

127.0.0.1 banners.linkbuddies.com

127.0.0.1 www.linkbuddies.com

127.0.0.1 www.linkcounter.com

127.0.0.1 linkexchange.ru #[iE-SpyAd]

127.0.0.1 web.linkexchange.ru

127.0.0.1 www.linkexchange.ru

127.0.0.1 link4link.com #[iE-SpyAd]

127.0.0.1 plus.link4link.com

127.0.0.1 www.links4trade.com #[iE-SpyAd]

127.0.0.1 escati.linkopp.net #[iE-SpyAd]

127.0.0.1 www.linkopp.net

127.0.0.1 js.livehelper.com #[iE-SpyAd]

127.0.0.1 newbrowse.livehelper.com

127.0.0.1 liveperson.net

127.0.0.1 server.iad.liveperson.net #[iE-SpyAd]

127.0.0.1 www.liveperson.com

127.0.0.1 adserv.lwmn.net #[server down?]

127.0.0.1 locators.com #[Adware.Locator]

127.0.0.1 toolbar.locators.com #[Locators Toolbar]

127.0.0.1 www.locators.com

127.0.0.1 www.lookde5.com #[W32.Looked]

127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][backdoor.Gaster]

127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]

127.0.0.1 www.luckyhomepage.com #[iE-SpyAd]

127.0.0.1 www.lyricspy.com #[PluginAccess]

127.0.0.1 make-deal.com #[server down?]

127.0.0.1 www.madoogali.com #[Madoogali][iE-SpyAd]

127.0.0.1 go.mailbits.com

127.0.0.1 mair.net #[Realtracker]

127.0.0.1 marnet.us #[Downloader-IU]

127.0.0.1 image.masterstats.com #[iE-SpyAd]

127.0.0.1 link.masterstats.com

127.0.0.1 ads.affiliates.match.com

127.0.0.1 associmage.match.com #[iE-SpyAd]

127.0.0.1 adserver.matchcraft.com

127.0.0.1 maybeyes.biz #[Trojan.Ducky]

127.0.0.1 ads.mcafee.com

127.0.0.1 directads.mcafee.com

127.0.0.1 ads.mediaodyssey.com

127.0.0.1 acvs.mediaonenetwork.net

127.0.0.1 acvsrv.mediaonenetwork.net

127.0.0.1 ads.mediaturf.net

127.0.0.1 banner.meerhits.nl #[iEHIjacker.Meerhits.nl]

127.0.0.1 pokpok.meerhits.nl #[iE-SpyAd]

127.0.0.1 exit.megago.com

127.0.0.1 www.megago.com #[typo squatter][iE-SpyAd]

127.0.0.1 www.megaseek.net #[iE-SpyAd]

127.0.0.1 megatds.com #[Adware/Megatds]

127.0.0.1 admintds.megatds.com

127.0.0.1 tds.megatds.com

127.0.0.1 www.megatds.com

127.0.0.1 pubs.mgn.net #[Grolier Network]

127.0.0.1 www.mgshareware.com #[Adware Bundler]

127.0.0.1 micorsoft.com

127.0.0.1 www.micorsoft.com #[typo hijacker]

127.0.0.1 www.mini-player.com #[5MOF Mini-Player]

127.0.0.1 banner.missingkids.com

127.0.0.1 ads.monster.com

127.0.0.1 adserver.monster.com

127.0.0.1 adserver.a.in.monster.com

127.0.0.1 ads.monstermoving.com

127.0.0.1 cookie.monster.com

127.0.0.1 morwillsearch.com #[Adware.MWSearch][cfgwr Class]

127.0.0.1 www.morwillsearch.com

127.0.0.1 mp3today.net

127.0.0.1 www.mp3yes.com #[C2Media\LOP][iE-SpyAd]

127.0.0.1 mpamexit.com

127.0.0.1 www.messagetag.com #[iE-SpyAd]

127.0.0.1 msgtag.com

127.0.0.1 img.msgtag.com #[iE-SpyAd]

127.0.0.1 www.msgtag.com

127.0.0.1 multi1.rmuk.co.uk #[RealMedia]

127.0.0.1 www.musicsonglyrics.com #[static.windupdates.com]

127.0.0.1 mvtracker.com #[iE-SpyAd]

127.0.0.1 www.mvtracker.com

127.0.0.1 mvr3d.net #[NavExcel\n-CASE]

127.0.0.1 mvr.us #[Parasite.NavExcel]

127.0.0.1 www.mvr.us

127.0.0.1 www.myaffiliateprogram.com #[iE-SpyAd]

127.0.0.1 www.myarmory.com #[spyware.Bazookabar]

127.0.0.1 www.myemessenger.com

127.0.0.1 rm.myoc.com

127.0.0.1 myhitlogger.com

127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]

127.0.0.1 hit.namimedia.com #[iE-SpyAd]

127.0.0.1 ads.nandomedia.com

127.0.0.1 neededware.com #[Adware.NeededWare]

127.0.0.1 www.neededware.com

127.0.0.1 www6.netbroadcaster.com #[iE-SpyAd]

127.0.0.1 code.netbreak.com.au

127.0.0.1 www.netflip.com #[iE-SpyAd]

127.0.0.1 money2.netfirms.com #[The Money Toolbar]

127.0.0.1 hints.netflame.cc

127.0.0.1 ssl-hints.netflame.cc

127.0.0.1 partner.netmechanic.com

127.0.0.1 tracker.netmechanic.com

127.0.0.1 counter.netmore.net

127.0.0.1 www.netpoll.nl

127.0.0.1 servedby.netshelter.net

127.0.0.1 ads.netsol.com

127.0.0.1 www.netsearch.info

127.0.0.1 ads.networksolutions.com

127.0.0.1 www.network-tool.net #[Trojan.Magise]

127.0.0.1 ads.newsint.co.uk

127.0.0.1 adq.nextag.com

127.0.0.1 web1.noadware.net #[iE-SpyAd]

127.0.0.1 www.noadware.net #[sCAM.Enigma.NoAdware]

127.0.0.1 nowbox.com

127.0.0.1 www.nowbox.com #[Parasite.NowBox]

127.0.0.1 ns2.iad1.nssrv.com #[iE-SpyAd]

127.0.0.1 www.nubela.net #[mediatickets]

127.0.0.1 nzads.net.nz

127.0.0.1 file.obalduyam.net #[Trojan-Downloader.Win32.Small.ams]

127.0.0.1 okcounter.com #[iE-SpyAd]

127.0.0.1 www.okww.net #[Trojan.StartPage.C]

127.0.0.1 stat.onestat.com #[iE-SpyAd]

127.0.0.1 www.onestat.com

127.0.0.1 one.ru

127.0.0.1 cnt.one.ru

127.0.0.1 stats0.one.ru

127.0.0.1 stats1.one.ru

127.0.0.1 stats2.one.ru

127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster][iE-SpyAd]

127.0.0.1 www.online-service.cc #[Trojan.Magise]

127.0.0.1 www.onseo.com #[Trojan-Clicker.Win32.Delf.bc]

127.0.0.1 server1.opentracker.net

127.0.0.1 www.opinionlab.com #[iE-SpyAd]

127.0.0.1 ccc00.opinionlab.com

127.0.0.1 rate.opinionlab.com

127.0.0.1 by.optimost.com

127.0.0.1 banner.orb.net

127.0.0.1 geoads.osdn.com #[iE-SpyAd][server down?]

127.0.0.1 tg-images.osdn.com

127.0.0.1 otx5.otxresearch.com

127.0.0.1 otx.ifilm.com #[OTXMedia.dll]

127.0.0.1 survey.otxresearch.com #[TrojanDownloader.OTXloader.A]

127.0.0.1 www.otxresearch.com #[OTXMovie Class]

127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]

127.0.0.1 www.overpeer.com #[Trojan.Wimad]

127.0.0.1 www.p3marketing.com #[Zapspot]

127.0.0.1 padonak.info #[Trojan.Moo]

127.0.0.1 www.padonak.info #[iE-SpyAd]

127.0.0.1 www.pan-advert.com #[iE-SpyAd]

127.0.0.1 0503.pass.as #[backdoor.Tuimer]

127.0.0.1 click.payserve.com #[iE-SpyAd]

127.0.0.1 www.pc-test.net

127.0.0.1 ad1.peel.com

127.0.0.1 ad3.peel.com

127.0.0.1 ads.peel.com

127.0.0.1 ad4.peel.com

127.0.0.1 ads5.peel.com

127.0.0.1 www.peel.com #[iE-SpyAd]

127.0.0.1 www.peel.net

127.0.0.1 ads.pennyweb.com #[addynamix.com]

127.0.0.1 banners.pennyweb.com #[iE-SpyAd]

127.0.0.1 www.peruvianmarket.com #[Trojan.Beagooz.D]

127.0.0.1 ads.photosight.ru

127.0.0.1 phpadsnew.com

127.0.0.1 www.phpadsnew.com

127.0.0.1 ads2.playnet.com

127.0.0.1 popfind.net #[Adware.Ddpop]

127.0.0.1 www.pops-stop.com

127.0.0.1 www.popupads.com #[iE-SpyAd]

127.0.0.1 www.popupad.net #[iE-SpyAd]

127.0.0.1 popupblockade.com #[Parasite.Httper]

127.0.0.1 www.popupblockade.com #[iE-SpyAd]

127.0.0.1 popupmoney.com #[iE-SpyAd]

127.0.0.1 server01.popupmoney.com

127.0.0.1 www.popupmoney.com

127.0.0.1 popadstop.com #[Adware.PopAdStop]

127.0.0.1 www.popadstop.com

127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]

127.0.0.1 www.popuptop.com #[iE-SpyAd]

127.0.0.1 www2.portdetective.com

127.0.0.1 www.positivebeats.com #[C2Media\LOP][iE-SpyAd]

127.0.0.1 x0x0l.pp.ru #[bKDR_CCT.A][server down?]

127.0.0.1 www.praize.com #[Adware.Praize]

127.0.0.1 www.promarketingclub.com

127.0.0.1 www.prtracker.com

127.0.0.1 projectx.net #[Trojan.Tannick.B]

127.0.0.1 www.profitzone.com #[ProfitZONE Adbar]

127.0.0.1 prolivation.com #[iE-SpyAd]

127.0.0.1 www.prolivation.com

127.0.0.1 ads.pro-market.net

127.0.0.1 www.promo.com.au

127.0.0.1 www.prutect.com #[spyware.e2give][Win32.Prutec.A]

127.0.0.1 www.protectedmedia.com #[Trojan.Wimad]

127.0.0.1 ad.sma.punto.net

127.0.0.1 sma.punto.net

127.0.0.1 www.pureseeker.com #[C2Media\LOP][iE-SpyAd]

127.0.0.1 www.pwallet.com #[iE-SpyAd]

127.0.0.1 mediatickets.q8hell.org #[W32/LowZones.L]

127.0.0.1 uld3r.q8hell.org

127.0.0.1 adserv.quality-channel.de

127.0.0.1 www.quarterserver.de

127.0.0.1 questionmarket.com #[iE-SpyAd]

127.0.0.1 amch.questionmarket.com

127.0.0.1 ch.questionmarket.com

127.0.0.1 survey.questionmarket.com

127.0.0.1 www.questionmarket.com

127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]

127.0.0.1 quickmetasearch.com #[ADW_SEARCHMETA.A]

127.0.0.1 www.qq886.com #[backdoor.Semes]

127.0.0.1 ramgo.com

127.0.0.1 www.ramgo.com #[Win32.Startpage.B]

127.0.0.1 www.autoraskrutka.ru #[spyware.Acext]

127.0.0.1 www.raskrutim.ru #[spyware.Acext]

127.0.0.1 www.realclicks.com

127.0.0.1 www.relmaxtop.com

127.0.0.1 banner.relcom.ru

127.0.0.1 adservice.recon-networks.com

127.0.0.1 rightmedia.net #[iE-SpyAd]

127.0.0.1 rightstats.com

127.0.0.1 www.rightstats.com

127.0.0.1 m.rmbclick.com #[iE-SpyAd]

127.0.0.1 hits.roitracker.com #[iE-SpyAd]

127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][backdoor.Gaster]

127.0.0.1 ad.ro2cn.com #[Adware.Ro2cn]

127.0.0.1 www.savehits.com #[iE-SpyAd]

127.0.0.1 st.sageanalyst.net #[iE-SpyAd]

127.0.0.1 pigmailer.scarryserv.biz #[Trojan.Mochi]

127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]

127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]

127.0.0.1 adsremote.scripps.com

127.0.0.1 te.scripps.com

127.0.0.1 counter.search.bg #[iE-SpyAd]

127.0.0.1 searchalot.com #[iE-SpyAd]

127.0.0.1 cards.searchalot.com

127.0.0.1 mail.searchalot.com

127.0.0.1 search.searchalot.com

127.0.0.1 web.searchalot.com

127.0.0.1 www.searchalot.com #[Adware-Tronix]

127.0.0.1 searchandclick.com

127.0.0.1 search.searchandclick.com

127.0.0.1 www.searchandclick.com #[browseraid][searchAndClick]

127.0.0.1 searchby.net #[iE-SpyAd]

127.0.0.1 www.searchby.net #[ultimate Popup Killer]

127.0.0.1 www.searchgauge.com

127.0.0.1 search-itnow.com #[Parasite.AdultLinks]

127.0.0.1 www.search-itnow.com

127.0.0.1 tb.searchitquick.com #[hotwebsearch.com][iiittt Class]

127.0.0.1 www.searchitquick.com #[iE-SpyAd]

127.0.0.1 www.searchmachine.com #[iE-SpyAd]

127.0.0.1 www.searchmagnifier.com

127.0.0.1 searchmaid.com #[Adware/TheLocalSearch]

127.0.0.1 www.searchmaid.com

127.0.0.1 searchproject.net #[Trojan.Phel.A]

127.0.0.1 www.search-pounder.com #[spyware.SearchPounder]

127.0.0.1 www.searchrelevancy.com #[spyware.Relevancy]

127.0.0.1 www.searchresult.net #[Parasite.IgetNet]

127.0.0.1 www.search-toolbar.com #[Trojan.Magise]

127.0.0.1 browser.secondpower.com

127.0.0.1 download.secondpower.com

127.0.0.1 www1.secondpower.com

127.0.0.1 www3.secondpower.com #[iE-SpyAd][KB320159]

127.0.0.1 www.secondpower.com

127.0.0.1 adserver.securityfocus.com #[RealMedia]

127.0.0.1 www.selfsurveys.com #[iE-SpyAd]

127.0.0.1 www.seehits.com

127.0.0.1 www.sendtraffic.com

127.0.0.1 sesso.com

127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]

127.0.0.1 ds.serving-sys.com

127.0.0.1 quasar.sitegauge.com

127.0.0.1 tracker.sitescout.com #[iE-SpyAd]

127.0.0.1 advertpro.sitepoint.com

127.0.0.1 www.sitestatslive.com

127.0.0.1 www.sitetracking.info #[Naughty Pops][iE-SpyAd]

127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]

127.0.0.1 www.shockcounter.com #[iE-SpyAd]

127.0.0.1 skeech.com

127.0.0.1 www.skeech.com #[iE-SpyAd]

127.0.0.1 smart2com.net #[Trojan.Autoproxy]

127.0.0.1 smart-browser.com

127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]

127.0.0.1 www.smart-browser.com

127.0.0.1 smartclicks.net #[iE-SpyAd]

127.0.0.1 www.smartclicks.net

127.0.0.1 smarter.com #[iE-SpyAd]

127.0.0.1 sidebar.smarter.com

127.0.0.1 www.smarter.com

127.0.0.1 ads.smni.com

127.0.0.1 static.smni.com

127.0.0.1 www1.spaex.com #[searchboss.com][iE-SpyAd]

127.0.0.1 www.spedia.net #[spediaBar][iE-SpyAd]

127.0.0.1 www.spyarsenal.com #[spyware.DesktopSpy][spyware.FamilyKeylog]

127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]

127.0.0.1 www.spyferret.com

127.0.0.1 www.spymoon.com #[Trojan.Eaghouse.B]

127.0.0.1 spyware.com #[roar.com]

127.0.0.1 www.ssppyy.com #[spyware.Ssppyy]

127.0.0.1 www.s-tracking.com

127.0.0.1 adsintl.starwave.com

127.0.0.1 c1.statcounter.com #[Ad-Aware.Data Miner]

127.0.0.1 c2.statcounter.com

127.0.0.1 c3.statcounter.com #[PestPatrol.Tracking Cookie]

127.0.0.1 s2.statcounter.com

127.0.0.1 www.statcounter.com #[iE-SpyAd]

127.0.0.1 js.statistici.ro

127.0.0.1 log.statistici.ro

127.0.0.1 s.statistici.ro #[iE-SpyAd]

127.0.0.1 www.statomatic.com #[iE-SpyAd]

127.0.0.1 stats4you.com #[iE-SpyAd]

127.0.0.1 reg.stats4all.com

127.0.0.1 www.stats4you.com #[iE-SpyAd]

127.0.0.1 www.stickypops.com #[iE-SpyAd]

127.0.0.1 clix.superclix.de #[iE-SpyAd]

127.0.0.1 www.superlogy.com #[AdvWare.ToolBar.VB.b]

127.0.0.1 supersearchs.com #[iE-SpyAd]

127.0.0.1 www.supersearchs.com

127.0.0.1 sqwire.com #[Adware.Sqwire][Xupiter.Sqwire]

127.0.0.1 www.sqwire.com #[Parasite.Xupiter][Adware-PornKings]

127.0.0.1 www.supaseek.com #[spyware.Supaseek]

127.0.0.1 rd1.surfernetwork.com #[surferNETWORK Plugin]

127.0.0.1 www.surfernetwork.com

127.0.0.1 surfsidekick.com

127.0.0.1 dl.surfsidekick.com

127.0.0.1 www.surfsidekick.com #[Adware.SurfSideKick]

127.0.0.1 www2.surveyfocus.com #[iE-SpyAd]

127.0.0.1 www.surveynetworks.com

127.0.0.1 www.surveysite.com

127.0.0.1 www2.survey-poll.com #[microsoft]

127.0.0.1 swift-look.com #[phishing exploit]

127.0.0.1 www.sweetbar.com #[securityRisk.Downldr]

127.0.0.1 www.symantic.com #[Typo Squatter][iE-SpyAd]

127.0.0.1 adpick.switchboard.com

127.0.0.1 adtag.sympatico.ca

127.0.0.1 www.szadk.com #[PWSteal.Trojan]

127.0.0.1 ad.uk.tangozebra.com

127.0.0.1 tat-neftbank.ru #[backdoor.Berbew.H]

127.0.0.1 www.tech-marketresearch.com

127.0.0.1 www.textads.biz

127.0.0.1 a.tfag.de

127.0.0.1 ak.tfag.de

127.0.0.1 theaffiliateprogram.com

127.0.0.1 adbot.theonion.com

127.0.0.1 www.thepokerclub.com #[securityRisk.ClubPoker]

127.0.0.1 thesearchmall.com #[Adware.SearchMall][server down?]

127.0.0.1 www.thesearchmall.com

127.0.0.1 tipsurf.com

127.0.0.1 tnc4u.com #[Parasite.DownloadPlus]

127.0.0.1 new.tnc4u.com

127.0.0.1 www.tnc4u.com #[Adware.DownloadPlus]

127.0.0.1 www.toilet.com #[iE-SpyAd]

127.0.0.1 ad.tomshardware.com

127.0.0.1 tooncomics.com #[iEDLL.ToonComics][here4search.com]

127.0.0.1 www.tooncomics.com #[Downloader.Tooncom][CWS.Aff.Tooncomics]

127.0.0.1 log.trafic.ro #[iE-SpyAd]

127.0.0.1 storage.trafic.ro

127.0.0.1 tool4ame.com #[TROJ_GOLID.A][Adware.IAGold]

127.0.0.1 www.toolshack.com #[iE-SpyAd]

127.0.0.1 ads.toplayerserver.com

127.0.0.1 www1.toplayerserver.com

127.0.0.1 www.toplayerserver.com #[iE-SpyAd]

127.0.0.1 toprebates.com #[webrebates][iE-SpyAd]

127.0.0.1 www.toprebates.com

127.0.0.1 stat.toprefsys.com

127.0.0.1 www.top-search.com #[Adware-SSF.dr]

127.0.0.1 download.topsearchweb.com

127.0.0.1 www.topsearchweb.com #[hotwebsearch.com]

127.0.0.1 ad.topstat.com

127.0.0.1 nl.topstat.com #[iE-SpyAd]

127.0.0.1 s26.topstat.com

127.0.0.1 xl.topstat.com

127.0.0.1 ads.track-star.com

127.0.0.1 adserver.track-star.com

127.0.0.1 geo2.track-star.com

127.0.0.1 www.track-star.com

127.0.0.1 www.traffic-stock.com #[Parasite.RichFind]

127.0.0.1 tradeexit.com

127.0.0.1 www.tradeexit.com #[Parasite.Winupie]

127.0.0.1 www.trafficbeamer.nl

127.0.0.1 trafficg.com #[iE-SpyAd]

127.0.0.1 www.trafficg.com

127.0.0.1 www.trafficflame.com

127.0.0.1 trafficfile.com #[iE-SpyAd]

127.0.0.1 www.trafficfile.com

127.0.0.1 trackyourstats.com

127.0.0.1 hit.traxdb.net

127.0.0.1 a.tribalfusion.com #[iE-SpyAd]

127.0.0.1 cdn1.tribalfusion.com

127.0.0.1 m.tribalfusion.com

127.0.0.1 tribalfusion.speedera.net

127.0.0.1 ads.tucows.com

127.0.0.1 counts.tucows.com

127.0.0.1 google.tucows.com

127.0.0.1 www.turbomemorycharger.com #[Adware.Fapi]

127.0.0.1 ads.ucomics.com #[RealMedia]

127.0.0.1 image.ugo.com

127.0.0.1 mediamgr.ugo.com

127.0.0.1 www.ukbanners.com #[iE-SpyAd]

127.0.0.1 ultimatecounter.com #[iE-SpyAd]

127.0.0.1 www.ultimatecounter.com

127.0.0.1 www.ultimatepopupkiller.com #[searchby.net][iE-SpyAd]

127.0.0.1 www.ultraload.net #[MHTMLRedir.Exploit]

127.0.0.1 adcontroller.unicast.com

127.0.0.1 ads.unlimitedbanners.com #[iE-SpyAd]

127.0.0.1 ads1.updated.com

127.0.0.1 www.updatenow.org #[iE-SpyAd]

127.0.0.1 www.upgradenow.org

127.0.0.1 www.updatepatch.info #[Messenger Service pop-up]

127.0.0.1 www.upp2ono41xi9rman2.com #[TrojanDropper.Small.LG]

127.0.0.1 ads.uproar.com

127.0.0.1 urlblaze.com #[Adware.TurboDownload]

127.0.0.1 www.urlblaze.com #[Adware Bundler]

127.0.0.1 www.urlblaze.net #[iEDriver][ADW_RULEDOR.C]

127.0.0.1 usachoice.net #[iE-SpyAd]

127.0.0.1 ads.valuead.com #[iE-SpyAd]

127.0.0.1 adnetintads.valuead.com

127.0.0.1 banners.valuead.com

127.0.0.1 oin.valuead.com #[outerinfo.com]

127.0.0.1 servedby.valuead.com

127.0.0.1 ad.valuehost.ru #[iE-SpyAd]

127.0.0.1 www.verticlick.com

127.0.0.1 image.versiontracker.com

127.0.0.1 spinbox.versiontracker.com

127.0.0.1 ads.vesperexchange.com

127.0.0.1 www.vesperexchange.com

127.0.0.1 cinnam.vibrahost.com #[PWSteal.Revcuss.C][Win32.Revcuss.C]

127.0.0.1 vivi.vibrahost.com #[PWSteal.Revcuss.A]

127.0.0.1 dns2010.vicp.net #[backdoor.Tumag]

127.0.0.1 uygurman.vicp.net #[Trojan.Riler][Troj/Riler-B]

127.0.0.1 oas.villagevoice.com

127.0.0.1 visit-link.com

127.0.0.1 www.voonda.com #[spyware.TAFbar]

127.0.0.1 generic.vpptechnologies.com

127.0.0.1 images2.vpptechnologies.com

127.0.0.1 main.vpptechnologies.com #[iE-SpyAd]

127.0.0.1 msxml.vpptechnologies.com

127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]

127.0.0.1 xml.vpptechnologies.com #[blazeFind]

127.0.0.1 www.vstats.net #[iE-SpyAd]

127.0.0.1 ads.vnuemedia.com

127.0.0.1 sevenc.vze.com #[VBS.Powcox@mm]

127.0.0.1 www.w3exit.com

127.0.0.1 www.warezdownload.ws #[TROJ_BANKER.DC]

127.0.0.1 ng3.ads.warnerbros.com

127.0.0.1 way4find.com

127.0.0.1 www.way4find.com #[Downloader-TA.dll]

127.0.0.1 wazam.com

127.0.0.1 www.wazam.com #[Parasite.Wazam]

127.0.0.1 wcft.net #[Parasite.LinkReplacer]

127.0.0.1 www.wcft.net

127.0.0.1 ads.weather.com

127.0.0.1 ads.webattack.com

127.0.0.1 webcounter.com #[iE-SpyAd]

127.0.0.1 www.webcounter.com

127.0.0.1 ads.webhosting.info

127.0.0.1 adv.webmd.com

127.0.0.1 webhits.de #[iE-SpyAd]

127.0.0.1 banners.webmasterplan.com

127.0.0.1 stat.webmedia.pl #[iE-SpyAd]

127.0.0.1 bannervip.web1000.com #[iE-SpyAd]

127.0.0.1 ads.webads360.com #[iE-SpyAd]

127.0.0.1 www.webnomey.net #[PWSteal.Ldpinch.E]

127.0.0.1 clickcash.webpower.com #[iE-SpyAd]

127.0.0.1 orders.webpower.com

127.0.0.1 img.webring.com

127.0.0.1 img1.webring.com

127.0.0.1 ads.webshots.com

127.0.0.1 websponsors.com #[iE-SpyAd]

127.0.0.1 a.websponsors.com

127.0.0.1 ads.websponsors.com

127.0.0.1 g.websponsors.com

127.0.0.1 www.websponsors.com

127.0.0.1 www.webstars2000.com

127.0.0.1 hv3.webstat.com #[iE-SpyAd]

127.0.0.1 hits.webstat.com

127.0.0.1 www.wenksdisdkjeilsow.com #[Parasite.AutoStartup][Download.Trojan]

127.0.0.1 wetrack.it #[iE-SpyAd]

127.0.0.1 st.wetrack.it

127.0.0.1 www.wgutv.com #[Adware.BuddyLinks]

127.0.0.1 partner1.whatsfind.com

127.0.0.1 www.whatsfind.com #[html_STARTPAGE.C]

127.0.0.1 www.win-fix.com #[Rogue/Suspect]

127.0.0.1 www.win-update.net #[Trojan.Magise]

127.0.0.1 window1.com #[iE-SpyAd]

127.0.0.1 ads.winhelp2002.com

127.0.0.1 ads.winsite.com

127.0.0.1 winstream.com #[Parasite.Searchex]

127.0.0.1 www.winstream.com

127.0.0.1 clicktrack.wnu.com

127.0.0.1 www.wowweb.net #[Adware.WWWBar]

127.0.0.1 www.wurldmedia.com #[Adware.Wurldmedia][WurldMedia][KB321923]

127.0.0.1 x0x.biz

127.0.0.1 www.x0x.biz #[backdoor.Berbew.D]

127.0.0.1 xlonhcld.xlontech.net #[iE-SpyAd]

127.0.0.1 nedstats.xs4all.nl

127.0.0.1 hit1.xstats.com

127.0.0.1 view1.xstats.com

127.0.0.1 ads.xtra.co.nz

127.0.0.1 ad.yadro.ru #[iE-SpyAd]

127.0.0.1 counter.yadro.ru

127.0.0.1 bs.yandex.ru

127.0.0.1 crsky2004.yeah.net #[backdoor.Singu.B]

127.0.0.1 yourspecialoffers.com #[FavoriteMan]

127.0.0.1 www.yourspecialoffers.com

127.0.0.1 ysearchus.com #[Parasite.TinyBar]

127.0.0.1 www.ysearchus.com

127.0.0.1 www.yuups.com #[Adware.Yuupsearch]

127.0.0.1 www.zenotecnico.com #[desktoptraffic.net]

127.0.0.1 zippy-lookup.com #[Adware.ZippyLookup.BHO]

127.0.0.1 www.zippy-lookup.com

127.0.0.1 z-proxy.com #[W32/Downloader]

127.0.0.1 zuvio.com #[uCSearch.ucUCSearch]

127.0.0.1 www.zuvio.com #[Adware.OpenSite][OpenSite]

127.0.0.1 bannerads.zwire.com

127.0.0.1 0cat.com #[0Cat YellowPages]

127.0.0.1 www.0cat.com

127.0.0.1 0ml.net #[iE-SpyAd]

127.0.0.1 www.0stats.com

127.0.0.1 cc.1asphost.com #[Trojan.Bansap]

127.0.0.1 www.123counts.com #[hitslink.com][iE-SpyAd]

127.0.0.1 www.123mania.com #[srchHook Class][Parasite.123Mania][Adware.MatrixSearch]

127.0.0.1 123stat.com #[iE-SpyAd]

127.0.0.1 1234.2bro.com #[Adware.Satbo]

127.0.0.1 www.241hits.com

127.0.0.1 up.isp.2ch.net #[Trojan.Upchan]

127.0.0.1 www.321search.com #[searchAssistant.dll]

127.0.0.1 www.3241.com #[Troj/Zikdow-B]

127.0.0.1 ct.360i.com

127.0.0.1 www.ff.iij4u.or.jp #[Trojan.Upchan]

127.0.0.1 download.35mb.com #[impregnable.net]

127.0.0.1 www.35mb.com #[download_35mb_com.applet]

127.0.0.1 10000hits.net #[iE-SpyAd]

127.0.0.1 1000stars.ru #[iE-SpyAd]

127.0.0.1 ad.37.com

127.0.0.1 7am.com

127.0.0.1 www.777search.com #[C2Media/LOP]

127.0.0.1 ad2.163.com

127.0.0.1 adclient.163.com

127.0.0.1 popme.163.com

127.0.0.1 smtp.163.com #[Trojan.PSW.Ajim_bbs]

127.0.0.1 ajim.delphibbs.com #[Trojan.PSW.Ajim_bbs]

127.0.0.1 14713804A.l2m.net #[LiveTechnology]

127.0.0.1 banners.4d5.net

127.0.0.1 banner.50megs.com

127.0.0.1 guannan.3322.net #[iE-SpyAd]

127.0.0.1 www.fan8.com

127.0.0.1 banners.dot.tk

127.0.0.1 topsites.us #[Parasite.eStart]

127.0.0.1 www.123banners.com

127.0.0.1 ftp.123banners.com

127.0.0.1 123go.com

127.0.0.1 ns1.123go.net

127.0.0.1 n-case.com

127.0.0.1 www.n-case.com

127.0.0.1 www.surfassistant.com #[Adware.SurfAssistant]

127.0.0.1 www.zangomessenger.com

127.0.0.1 www.zangoshowtimes.com

127.0.0.1 address.3721.com

127.0.0.1 agent.3721.com

127.0.0.1 assistant.3721.com

127.0.0.1 cns.3721.com

127.0.0.1 cnsmin.3721.com

127.0.0.1 corp.3721.com #[server down?]

127.0.0.1 dir.3721.com

127.0.0.1 download.3721.com

127.0.0.1 express.3721.com

127.0.0.1 img.3721.com

127.0.0.1 magic.3721.com

127.0.0.1 mark.3721.com

127.0.0.1 meta.3721.com

127.0.0.1 msearch.3721.com

127.0.0.1 sbox.3721.com

127.0.0.1 shanghai.3721.com

127.0.0.1 sina.3721.com

127.0.0.1 user.3721.com

127.0.0.1 wap.3721.com

127.0.0.1 www.3721.com #[Adware.Chinet][ADW_CNSMIN.A]

127.0.0.1 yahoo.3721.com

127.0.0.1 3721.com

127.0.0.1 download.feiyang.com

127.0.0.1 adtracker.411web.com

127.0.0.1 hits.411web.com

127.0.0.1 overture.411web.com

127.0.0.1 static.411web.com

127.0.0.1 xml.411web.com

127.0.0.1 search.letssearch.com

127.0.0.1 search2.letssearch.com

127.0.0.1 www.letssearch.com #[browserAid.LetsSearch]

127.0.0.1 7search.com #[Parasite.7FaSSt Search]

127.0.0.1 fstrack.7search.com

127.0.0.1 ia1.7search.com

127.0.0.1 mainws2.7search.com

127.0.0.1 impression.7search.com

127.0.0.1 www.7search.com

127.0.0.1 img.7meta.com

127.0.0.1 www.7metasearch.com

127.0.0.1 adtactics.com #[iE-SpyAd]

127.0.0.1 bannerx.adtactics.com

127.0.0.1 www.a1fax.com

127.0.0.1 www.adtactics.com

127.0.0.1 advertisingagent.com

127.0.0.1 ajokeaday.com #[iE-SpyAd]

127.0.0.1 bestsearch.com

127.0.0.1 scripts.bestsearch.com

127.0.0.1 www.bestsearch.com

127.0.0.1 browseraccelerator.com #[spyware.BrowserAccel]

127.0.0.1 data.browseraccelerator.com

127.0.0.1 download.browseraccelerator.com

127.0.0.1 client.browseraccelerator.com

127.0.0.1 www.browseraccelerator.com #[iE-SpyAd]

127.0.0.1 www.buscamundo.com

127.0.0.1 bannersxchange.com

127.0.0.1 img.bannersxchange.com #[iE-SpyAd]

127.0.0.1 www.bannersxchange.com

127.0.0.1 internetsecurity.com

127.0.0.1 www.internetsecurity.com

127.0.0.1 www.linkstoyou.com

127.0.0.1 www.payperranking.com

127.0.0.1 www.pay-per-search.com

127.0.0.1 paypertext.com

127.0.0.1 predictivesearch.com

127.0.0.1 seal.ranking.com

127.0.0.1 www.ranking.com

127.0.0.1 tracking.roispy.com #[iE-SpyAd]

127.0.0.1 www.roispy.com

127.0.0.1 ftp.sevenmetasearch.com

127.0.0.1 www.sevenmetasearch.com

127.0.0.1 tracking.spiderbait.com

127.0.0.1 www.spiderbait.com

127.0.0.1 www.textadvertising.com

127.0.0.1 www.thetop10.com

127.0.0.1 trustgauge.com

127.0.0.1 www.trustgauge.com

127.0.0.1 seal.validatedsite.com

127.0.0.1 www.validatedsite.com

127.0.0.1 www.watch24.com

127.0.0.1 clicks.about.com

127.0.0.1 f.about.com

127.0.0.1 home.about.com

127.0.0.1 js.get.about.com

127.0.0.1 images.about.com

127.0.0.1 lunafetch.about.com

127.0.0.1 pixel3.about.com

127.0.0.1 sprinks-clicks.about.com

127.0.0.1 statistics.s5.com

127.0.0.1 ad.aboutwebservices.com

127.0.0.1 button.clickability.com

127.0.0.1 sftp.clickability.com

127.0.0.1 stats.clickability.com

127.0.0.1 adops.adbureau.net

127.0.0.1 etype.adbureau.net

127.0.0.1 granada.adbureau.net

127.0.0.1 www.adbureau.net

127.0.0.1 accipiter.speedera.net

127.0.0.1 ad-blaster.com

127.0.0.1 www.ad-blaster.com

127.0.0.1 promote4profit.com

127.0.0.1 www.promote4profit.com

127.0.0.1 addfreestats.com

127.0.0.1 top.addfreestats.com

127.0.0.1 www.addfreestats.com

127.0.0.1 www.3dstats.com

127.0.0.1 www1.addfreestats.com

127.0.0.1 www2.addfreestats.com

127.0.0.1 www3.addfreestats.com

127.0.0.1 www4.addfreestats.com

127.0.0.1 www5.addfreestats.com

127.0.0.1 adlogix.com #[inPop.InControl][iEEnhancer]

127.0.0.1 lasagne.adlogix.com

127.0.0.1 publisher.adlogix.com

127.0.0.1 traffic.adlogix.com

127.0.0.1 trafficsource.adlogix.com

127.0.0.1 www.adlogix.com

127.0.0.1 hitgo.com #[iPU][inPop.InControl]

127.0.0.1 www.hitgo.com

127.0.0.1 r2.trafficserverstats.com

127.0.0.1 ads.adorigin.com

127.0.0.1 dev.adorigin.com

127.0.0.1 www.adorigin.com

127.0.0.1 blowsearch.com

127.0.0.1 msxml.blowsearch.com

127.0.0.1 web.blowsearch.com #[infospace.com]

127.0.0.1 www.blowsearch.com

127.0.0.1 cb.adprofile.net

127.0.0.1 content.adprofile.net

127.0.0.1 tx.adprofile.net

127.0.0.1 w2-ver.adprofile.net

127.0.0.1 adteractive.com

127.0.0.1 www.adteractive.com

127.0.0.1 adtegrity.com

127.0.0.1 www.adtegrity.com

127.0.0.1 webalize.com #[searchCentrix][VisiCom.SearchCentric]

127.0.0.1 toolbar.webalize.com #[downloads.searchcentrix.com]

127.0.0.1 www.webalize.com #[Visicom Media Toolbar]

127.0.0.1 webalize.net

127.0.0.1 www.webalize.net

127.0.0.1 webalize.mygeek.com

127.0.0.1 advertisementbanners.com

127.0.0.1 www.gogotools.com #[Parasite.GogoTools]

127.0.0.1 www.searchgogo.com

127.0.0.1 ads.specificclick.com

127.0.0.1 www.specificclick.com

127.0.0.1 specificpop.com

127.0.0.1 ads.specificpop.com

127.0.0.1 banners.specificpop.com

127.0.0.1 www.specificpop.com

127.0.0.1 adopt.specificclick.net

127.0.0.1 images.specificclick.net

127.0.0.1 image.adjuggler.com

127.0.0.1 rotator.adjuggler.com

127.0.0.1 www.adjuggler.com

127.0.0.1 thruport.com

127.0.0.1 adj54.thruport.com

127.0.0.1 imageserver1.thruport.com

127.0.0.1 www.thruport.com

127.0.0.1 alset.com #[WIN32/HXDL AL]

127.0.0.1 www.alset.com

127.0.0.1 allcybersearch.com #[REG_STARTPAGE.A]

127.0.0.1 www.allcybersearch.com

127.0.0.1 amigeek.com

127.0.0.1 www.amigeek.com

127.0.0.1 clickyestoenter.net

127.0.0.1 www.clickyestoenter.net

127.0.0.1 www.gay50.com

127.0.0.1 gocybersearch.com

127.0.0.1 www.gocybersearch.com

127.0.0.1 www.hotelxxxcams.com

127.0.0.1 hotpopup.com

127.0.0.1 search.hotpopup.com

127.0.0.1 www.hotpopup.com

127.0.0.1 hotsearchbox.com #[JAVA_STARTPAGE.F]

127.0.0.1 www.hotsearchbox.com

127.0.0.1 i--search.com

127.0.0.1 www.i--search.com #[startPage-FN]

127.0.0.1 jethomepage.com #[JS.Exception.Exploit]

127.0.0.1 www.jethomepage.com #[Troj/JetHome-B]

127.0.0.1 jetseeker.com #[CWS.Bootconf]

127.0.0.1 www.jetseeker.com

127.0.0.1 searchxl.com #[Adware.ZeroPopUpBar]

127.0.0.1 www.searchxl.com

127.0.0.1 tinybar.com

127.0.0.1 www.tinybar.com #[Parasite.TinyBar]

127.0.0.1 topsearcher.com #[JV/Goplanet]

127.0.0.1 www.topsearcher.com #[Troj/JetHome-J]

127.0.0.1 trixscripts.com

127.0.0.1 www.trixscripts.com

127.0.0.1 zeropopup.com #[Parasite.ZeroPopUp]

127.0.0.1 www.zeropopup.com #[Tellafriend.Trojan]

127.0.0.1 znext.com #[JS_TRAFFICHBAR.A][Parasite.TinyBar]

127.0.0.1 www.znext.com #[Parasite.ZeroPopUp][App/P0P-A]

127.0.0.1 adforce.adtech.de

127.0.0.1 adserver.adtech.de

127.0.0.1 adserv003.adtech.de

127.0.0.1 imageserv.adtech.de

127.0.0.1 livingnet.adtech.de

127.0.0.1 cdn1.adsdk.com

127.0.0.1 cdn2.adsdk.com #[VirtualBouncer]

127.0.0.1 advertising.com

127.0.0.1 adserve.advertising.com

127.0.0.1 bannerfarm.ace.advertising.com

127.0.0.1 demo.advertising.com

127.0.0.1 opera1-servedby.advertising.com

127.0.0.1 servedby.advertising.com

127.0.0.1 rd.advertising.com

127.0.0.1 wap.advertising.com

127.0.0.1 www.advertising.com

127.0.0.1 clk4.com

127.0.0.1 www.clk4.com

127.0.0.1 www.contextualclicks.com

127.0.0.1 fastseeker.com #[Adware.FastSeek]

127.0.0.1 www.fastseeker.com

127.0.0.1 spyblast.com #[Parasite.SpyBlast]

127.0.0.1 www.spyblast.com #[sBFullInst Control]

127.0.0.1 www.thesearchster.com

127.0.0.1 ads.ign.com

127.0.0.1 adserver.ign.com

127.0.0.1 t.ign.com

127.0.0.1 tracker.ign.com

127.0.0.1 adserver.snowball.com

127.0.0.1 polls.snowball.com

127.0.0.1 scripts.snowball.com

127.0.0.1 t.snowball.com

127.0.0.1 tracker.snowball.com

127.0.0.1 esb.alcena.com #[TestingCtl Control][ADW_EASYSBAR.A]

127.0.0.1 serve.alcena.com #[WmvDown.A][Trojan.Wimad]

127.0.0.1 www.alcena.com

127.0.0.1 www.easysearchbar.com #[ADW_EASYSBAR.A]

127.0.0.1 www.specialoffersnetworks.com #[iE-SpyAd]

127.0.0.1 altnet.com

127.0.0.1 file.altnet.com

127.0.0.1 media.altnet.com

127.0.0.1 ts.altnet.com

127.0.0.1 tss.altnet.com

127.0.0.1 pm.altnet.com

127.0.0.1 www.altnet.com

127.0.0.1 www.altnetp2p.com

127.0.0.1 brilliantdigital.com #[Parasite.BDE]

127.0.0.1 st.brilliantdigital.com

127.0.0.1 www.brilliantdigital.com

127.0.0.1 b3d.com

127.0.0.1 www.b3d.com

127.0.0.1 bde3d.com

127.0.0.1 xiti.com

127.0.0.1 loga.xiti.com

127.0.0.1 logc13.xiti.com

127.0.0.1 logi6.xiti.com

127.0.0.1 logi7.xiti.com

127.0.0.1 logv3.xiti.com

127.0.0.1 logv18.xiti.com

127.0.0.1 logv20.xiti.com

127.0.0.1 logp.xiti.com

127.0.0.1 trafic.xiti.com

127.0.0.1 www.xiti.com

127.0.0.1 adintelligence.net

127.0.0.1 acc.adintelligence.net

127.0.0.1 adchannel.adintelligence.net

127.0.0.1 creatives.adintelligence.net

127.0.0.1 download.adintelligence.net #[sysAI][server down?]

127.0.0.1 www.adintelligence.net

127.0.0.1 adchannel.contextplus.net #[Parasite.AproposMedia]

127.0.0.1 www.contextplus.net

127.0.0.1 www.contextplus.com

127.0.0.1 adv.peopleonpage.com

127.0.0.1 app.peopleonpage.com

127.0.0.1 download.peopleonpage.com #[POP L

Share this post


Link to post
Share on other sites

Hi,

 

The log from smitfraudfix got cut off, so can you repost it again please? Leave the part with all the 127.0.0.1 out of it and post the rest of the log.

 

Also check and fix next entry in HIjackThis again:

 

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

 

And.. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Share this post


Link to post
Share on other sites

Hi,

 

The log from smitfraudfix got cut off, so can you repost it again please? Leave the part with all the 127.0.0.1 out of it and post the rest of the log.

 

 

Sorry it took so long to repost. It has been a crazy week. There are a few problems, but I will get to them after I post the logs that you need. Here is that smitfraudfix log again:

 

SmitFraudFix v2.192

 

Scan done at 19:40:42.35, Mon 06/04/2007

Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\ielocales.dll Deleted

C:\WINDOWS\main_uninstaller.exe Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\1024\ Deleted

C:\Program Files\PestCapture\ Deleted

C:\Program Files\SpyHeals\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{137C29DE-2772-4B52-80AD-F9BBAFC23CC6}: DhcpNameServer=68.87.77.130 68.87.72.130

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Finally, Here is the newest HJT log file:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:46:02 PM, on 6/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iDEAL Calendar] "C:\Program Files\IDEAL Calendar\calendar.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171575612346

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O17 - HKLM\Software\..\Telephony: DomainName = your-sz7x7sefxo

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

 

--

End of file - 5026 bytes

 

 

I followed the directions that you gave for installing the latest version of Java, but when I double click the installation program nothing happens. Also, for some reason, whenever I open up my browser, the screen resolution changes from 1024x768 to 800x600. That has given me some problems in the past with installing programs, and I wonder if that could be why Java will not install. I don't know if the resolution changing is a computer problem or if I still have some kind of bug that is doing it. It only seems to change when I open up the web browser. When I close the browser it goes right back to 1024x768. I hope all of this helps some. Thank you for your time.

Share this post


Link to post
Share on other sites

Hi,

 

Your log looks clean again.

 

Also, for some reason, whenever I open up my browser, the screen resolution changes from 1024x768 to 800x600. That has given me some problems in the past with installing programs, and I wonder if that could be why Java will not install. I don't know if the resolution changing is a computer problem or if I still have some kind of bug that is doing it. It only seems to change when I open up the web browser. When I close the browser it goes right back to 1024x768

 

From what I can see in your log, you are using Mozilla firefox as your default browser... so I assume this problem is with Firefox.

So rightclick the Firefox icon (where you launch firefox from) and select properties.

select the "compatibility" tab.

Uncheck everything under "Compatibility mode" and "Display settings". So actually, nothing should be checked there in that Window.

Then click the apply button below.

Let me know if that solved your issue.

Share this post


Link to post
Share on other sites

Hi,

 

Your log looks clean again.

 

Let me know if that solved your issue.

 

Miekiemoes, Thank you so much for all of your time getting this computer clean. You were correct about the 640x480 box being checked in firefox properties. I unchecked that option and it is running a whole lot better. You can go ahead and close this thread now and, once again, thank you for all of your help.

Share this post


Link to post
Share on other sites

Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0