Jump to content


Photo

infected again


  • This topic is locked This topic is locked
9 replies to this topic

#1 rmetz

rmetz

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 30 May 2007 - 01:44 PM

I am posting a Hijackthis 2.0 Logfile. I am hoping that someone can help me out with this:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:40:01 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\PROGRA~1\MYWEBS~1\bar\4.bin\W6BAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IDEAL Calendar] "C:\Program Files\IDEAL Calendar\calendar.exe"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Democracy Player] C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy.exe
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\atmclk.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] tpvvym.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Compliant] tpvvym.exe (User 'Default user')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.wea...Transporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171575612346
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O17 - HKLM\Software\..\Telephony: DomainName = your-sz7x7sefxo
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - (no file)
O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10755 bytes

I realize that i have 2 virus programs running, but i have tried to uninstall mcaffee since it isn't working properly and it keeps hanging. I did manage to uninstall the McAffee virus detector I think. Any help would be wonderful. Thanks in advance

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 02 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 04 June 2007 - 11:30 AM

Hello,

* Go to start > controlpanel > software > Add or Remove Programs and uninstall MyWebsearch if present.

Also, I notice that you have Weatherbug installed on your computer – This is very much an ad-enabled application which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts can also draw unwanted ads and popups to your computer.
You may also want to read this why weatherbug is not recommended: http://fravia.com/weatherbug.htm

Our recommendation would be to uninstall it using the Add or Remove Programs feature in Control Panel.

If you want a program which provides weather information there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from http://www.snapfiles...herwatcher.html.

Of course this remains entirely your choice, but please be aware that if you decide to continue using Weatherbug, your computer will be at an increased risk of infection from malware.

Reboot after uninstalling.
Then,

* Please download SmitfraudFix (by S!Ri)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\PROGRA~1\MYWEBS~1\bar\4.bin\W6BAR.DLL
O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\atmclk.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] tpvvym.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Compliant] tpvvym.exe (User 'Default user')
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.wea...Transporter.cab?
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O22 - SharedTaskScheduler: bloodthirst - {f85e05f5-667e-41b0-ab8a-147337a99e65} - (no file)
O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)
O22 - SharedTaskScheduler: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Doubleclick SmitFraudFix to start the tool.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwards

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process.

Post the log from smitfraudfix in your next reply together with a new hijackthislog.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

extra note:

I realize that i have 2 virus programs running, but i have tried to uninstall mcaffee since it isn't working properly and it keeps hanging

* Download and run the McAfee Consumer Products Removal tool (MCPR.exe).
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.
  • McAfee Security Center
  • McAfee VirusScan
  • McAfee Personal Firewall Plus
  • McAfee Privacy Service
  • McAfee SpamKiller
  • McAfee Wireless Network Security
  • McAfee SiteAdvisor
  • McAfee Data Backup
  • McAfee Network Manager
  • McAfee Easy Network
  • McAfee AntiSpyware
Download the removal tool from http://download.mcaf...atches/MCPR.exe
  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Double-click MCPR.exe.
  • Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
    Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
    After the second window appears, the program will begin the cleanup.
  • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
    The machine must reboot to complete the un-installation. Reboot now? [y.n]
  • Press Y on the keyboard.
  • Wait for the computer to restart.
All McAfee products are now removed from your computer.
These McAfee removal instructions can be found at http://ts.mcafeehelp...sp?docid=408302
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 rmetz

rmetz

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 04 June 2007 - 07:34 PM

miekiemoes, Thank you so much for your time in getting this computer fixed. As requested, I uninstalled weatherbug. Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:03:25 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\IDEAL Calendar\calendar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IDEAL Calendar] "C:\Program Files\IDEAL Calendar\calendar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171575612346
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O17 - HKLM\Software\..\Telephony: DomainName = your-sz7x7sefxo
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 5521 bytes

Here also is rapport.txt:

SmitFraudFix v2.192

Scan done at 19:40:42.35, Mon 06/04/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 www.activesearch.com #[Adware.ActiveSearch]
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com #[IE-SpyAd]
127.0.0.1 www.adcipta.net #[W32/Malware]
127.0.0.1 adserv.adbonus.com #[IE-SpyAd]
127.0.0.1 www.adbonus.com
127.0.0.1 media.adcentriconline.com #[IE-SpyAd]
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net #[IE-SpyAd]
127.0.0.1 adcomplete.com #[IE-SpyAd]
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com #[IE-SpyAd]
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com #[IE-SpyAd]
127.0.0.1 www.ad4ever.com #[IE-SpyAd]
127.0.0.1 adhearus.com
127.0.0.1 ads.adhearus.com
127.0.0.1 display2.adhearus.com
127.0.0.1 display3.adhearus.com
127.0.0.1 ssl3.adhost.com #[IE-SpyAd]
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com #[IE-SpyAd]
127.0.0.1 www.adinfinity.com #[IE-SpyAd]
127.0.0.1 adsvr.adknowledge.com #[IE-SpyAd]
127.0.0.1 web.adknowledge.com
127.0.0.1 te.adlandpro.com #[IE-SpyAd]
127.0.0.1 media.adlegend.com
127.0.0.1 classic.adlink.de #[IE-SpyAd]
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com #[IE-SpyAd]
127.0.0.1 adsfac.net #[IE-SpyAd]
127.0.0.1 www.adonweb.com
127.0.0.1 adserver.adreactor.com
127.0.0.1 www.adrelevance.com #[NetRatings][IE-SpyAd]
127.0.0.1 media.adrevolver.com #[IE-SpyAd]
127.0.0.1 serv.ad-rotator.com
127.0.0.1 serv2.ad-rotator.com
127.0.0.1 ad.ads.dk #[IE-SpyAd]
127.0.0.1 tdkads.ads.dk
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 ads.adtomi.com #[IE-SpyAd]
127.0.0.1 www.adtomi.com #[Adware.Adtomi]
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com #[IE-SpyAd]
127.0.0.1 www.adtrader.com #[IE-SpyAd]
127.0.0.1 survey.advantageresearch.com #[IE-SpyAd]
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net #[IE-SpyAd]
127.0.0.1 advertisingvision.com #[IE-SpyAd]
127.0.0.1 www.advertisingvision.com #[Adware.Advision]
127.0.0.1 adviva.com #[IE-SpyAd]
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[IE-SpyAd]
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[IE-SpyAd][msvrl.dll]
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 www.affiliatefuel.com #[IE-SpyAd]
127.0.0.1 affiliatetarget.com #[IE-SpyAd][server down?]
127.0.0.1 www.affiliatetarget.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net #[IE-SpyAd]
127.0.0.1 www.affiliatetracking.com #[IE-SpyAd]
127.0.0.1 aams1.aim4media.com
127.0.0.1 adcodes.aim4media.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com #[IE-SpyAd]
127.0.0.1 crs.akamai.com
127.0.0.1 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
127.0.0.1 traffic.alexa.com
127.0.0.1 xsltcache.alexa.com
127.0.0.1 www.alexa.com #[IE-SpyAd]
127.0.0.1 www.allthatsearch.com #[IE-SpyAd]
127.0.0.1 v8.alwaysupdatednews.com #[Trojan.Alwayup]
127.0.0.1 www.alwaysupdatednews.com #[Trojan-Downloader.Win32.Small.akz]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster][IE-SpyAd]
127.0.0.1 bantam.ai.net #[IE-SpyAd]
127.0.0.1 fiona.ai.net
127.0.0.1 ads.amazingmedia.com #[IE-SpyAd]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 search.antarasystems.com #[Spyware.SearchPounder]
127.0.0.1 www.antarasystems.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.aspalliance.com
127.0.0.1 associmg.com #[IE-SpyAd][amazon.com]
127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
127.0.0.1 www.armbender.com #[UCSearch.ArmBender]
127.0.0.1 te.audiencematch.net
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 adserving.autotrader.com
127.0.0.1 www.avres.net #[IE-SpyAd]
127.0.0.1 www.aweber.com #[IE-SpyAd]
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
127.0.0.1 ad.backyardgardener.com
127.0.0.1 ad1.backyardgardener.com
127.0.0.1 ad2.backyardgardener.com
127.0.0.1 baidu.com #[IE-SpyAd]
127.0.0.1 bar.baidu.com #[Parasite.ClientMan][Adware/BDSToolbar]
127.0.0.1 mp3.baidu.com
127.0.0.1 p4p.baidu.com
127.0.0.1 top.baidu.com
127.0.0.1 www.baidu.com #[[Adware.Baidu]
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[IE-SpyAd]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com #[IE-SpyAd]
127.0.0.1 www.bannerswap.com
127.0.0.1 ads.betanews.com
127.0.0.1 ads.bidclix.com #[IE-SpyAd]
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net #[IE-SpyAd]
127.0.0.1 www.bidclix.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[IE-SpyAd]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 download.bigwebportal.com #[IE-SpyAd]
127.0.0.1 www.bigwebportal.com #[hotwebsearch.com]
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 cluster.blingblingcontent.com
127.0.0.1 gb.blingblingcontent.com
127.0.0.1 s7.blingblingcontent.com #[Easywebinstaller Control]
127.0.0.1 ads.bmais.net #[bluemountain]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 a.boom.ro
127.0.0.1 s.boom.ro #[IE-SpyAd]
127.0.0.1 bans.bride.ru #[IE-SpyAd]
127.0.0.1 citi.bridgetrack.com #[IE-SpyAd]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 www.browserplugin.com #[WebHlprObj Class]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 www.buildtraffic.com
127.0.0.1 www.buldog-search.com
127.0.0.1 www.buldog-stats.com #[MHTMLRedir.Exploit]
127.0.0.1 ads5.canoe.ca
127.0.0.1 www.cashventure.com
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 cc-dt.com
127.0.0.1 ads.cc-dt.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 www.care2.com #[TopMoxie]
127.0.0.1 ads.cars.com
127.0.0.1 www.cashforclicks.com #[IE-SpyAd]
127.0.0.1 www.cashpile.com
127.0.0.1 ads.cc214142.com
127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
127.0.0.1 cellaphone.net #[MHTMLRedir.Exploit]
127.0.0.1 www.celebritaspoglie.net #[IE-SpyAd]
127.0.0.1 mds.centrport.net #[IE-SpyAd]
127.0.0.1 c.clickaire.com #[IE-SpyAd]
127.0.0.1 classifieds1000.com
127.0.0.1 www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[IE-SpyAd]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com #[IE-SpyAd]
127.0.0.1 www.clickexchange.ru #[IE-SpyAd]
127.0.0.1 click2boost.com #[IE-SpyAd]
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 www.clicks2you.com #[IE-SpyAd]
127.0.0.1 stats1.clicktracks.com
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com #[IE-SpyAd]
127.0.0.1 www1.click-fr.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[IE-SpyAd]
127.0.0.1 www.clicks4u.com #[IE-SpyAd]
127.0.0.1 cfg.clipgenie.com
127.0.0.1 download.clipgenie.com
127.0.0.1 dldw.clipgenie.com
127.0.0.1 ss.clipgenie.com
127.0.0.1 www.clipgenie.com #[Adware.ClipGenie]
127.0.0.1 comclick.com #[IE-SpyAd]
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com
127.0.0.1 www.comedy-planet.com #[Adware.ComedyPlanet]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
127.0.0.1 www.compactbanner.com #[IE-SpyAd]
127.0.0.1 ads.console.net
127.0.0.1 www.contextuads.com #[IE-SpyAd]
127.0.0.1 www1.contextweb.com
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com #[IE-SpyAd]
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de #[IE-SpyAd]
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com #[IE-SpyAd]
127.0.0.1 twci.coremetrics.com
127.0.0.1 us.cqcounter.com #[IE-SpyAd]
127.0.0.1 zz.cqcounter.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com #[IE-SpyAd]
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
127.0.0.1 www.dash.com
127.0.0.1 ads.date.com #[IE-SpyAd]
127.0.0.1 banner.date.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Data Miner]
127.0.0.1 delta2378493.com #[Download.Sumina]
127.0.0.1 didtheyreadit.com #[IE-SpyAd]
127.0.0.1 www.didtheyreadit.com
127.0.0.1 counter.digits.com #[IE-SpyAd]
127.0.0.1 stats.directnic.com
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 www.dnscaching.net #[stickypops.com]
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[IE-SpyAd]
127.0.0.1 www.downseek.com #[DownSeek Search]
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com #[IE-SpyAd]
127.0.0.1 klipads.dvlabs.com
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 eaglehousing.com #[Trojan.Tabela.B]
127.0.0.1 www.eaglehousing.com #[Trojan.Eaghouse]
127.0.0.1 www.easywebsearch.nl #[Easywebinstaller Control][IE-SpyAd]
127.0.0.1 www.e-bannerx.com
127.0.0.1 adv1.eblocs.com
127.0.0.1 adv2.eblocs.com #[Rogue/Suspect][IE-SpyAd]
127.0.0.1 www.easycounter.com #[IE-SpyAd]
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com #[IE-SpyAd]
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 www.e-mn.com #[Trojan.Dremn]
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[IE-SpyAd]
127.0.0.1 www.eshopads2.com
127.0.0.1 estat.com #[IE-SpyAd]
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 www.euroklik.nl #[EasyBar][InstallerX Class]
127.0.0.1 euro-randomizer.com #[Trojan.dropper]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net #[IE-SpyAd]
127.0.0.1 www.exchangead.com #[IE-SpyAd]
127.0.0.1 exitexchange.com #[IE-SpyAd]
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[Restricted Zone site]
127.0.0.1 www.exchangeexit.com #[Installer Class][Winupie]
127.0.0.1 www.exittraffic.net #[IE-SpyAd]
127.0.0.1 cdn.eyewonder.com #[IE-SpyAd]
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 redirect.fairfax.com.au
127.0.0.1 campaigns.f2.com.au
127.0.0.1 fast-web-search.com #[IE-SpyAd]
127.0.0.1 www.fast-web-search.com
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[SubSearch][TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 www.fceboard.com #[Adware.EBoard]
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 adserver.filefront.com
127.0.0.1 www.filemix.net #[Surf+][IE-SpyAd]
127.0.0.1 www.fineclicks.com #[IE-SpyAd]
127.0.0.1 firstname.com #[IE-SpyAd]
127.0.0.1 clicks.firstname.com
127.0.0.1 www.fizzlewizzle.com #[Fizzle Wizzle Searchbar]
127.0.0.1 flashtrack.net #[IE-SpyAd]
127.0.0.1 ads.flashtrack.net #[Adware.Flashtrack.B]
127.0.0.1 coreg.flashtrack.net
127.0.0.1 www.flashtrack.net #[Adware.FlashEnhancer][KB312429]
127.0.0.1 flyinads.com #[IE-SpyAd]
127.0.0.1 www.flyinads.com
127.0.0.1 ads.forbes.com #[IE-SpyAd]
127.0.0.1 klipmart.forbes.com
127.0.0.1 www.ampira.com #[Fortunecity]
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.v3.com #[Fortunecity]
127.0.0.1 www2.fortunecity.com
127.0.0.1 www.foxik.com #[MHTMLRedir.Exploit]
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 free-stats.com
127.0.0.1 counters.freewebs.com
127.0.0.1 www.freewebsites.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 pops.freeze.com #[[GamHelper]
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ad1.gamezone.com #[RealMedia]
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 www.getsmart.com
127.0.0.1 bp2.getredirect.com #[IE-SpyAd]
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com #[IE-SpyAd]
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 oascentral.gigex.com #[RealMedia]
127.0.0.1 www.gigex.com #[download Class]
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[IE-SpyAd][CWS]
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldenwebawards.com
127.0.0.1 goldstats.net #[IE-SpyAd]
127.0.0.1 www.goldstats.net
127.0.0.1 www.goggle.com #[IE-SpyAd][typo squatter]
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[Restricted Zone site]
127.0.0.1 adserver.gorillanation.com
127.0.0.1 gostats.com #[IE-SpyAd]
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 webcounter.goweb.de #[IE-SpyAd]
127.0.0.1 greatstartpage.com #[IE-SpyAd]
127.0.0.1 www.greatstartpage.com
127.0.0.1 grokster.com #[IE-SpyAd][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 www.grokster.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
127.0.0.1 www.halflemon.com #[SearchHook Class]
127.0.0.1 ad0.haynet.com
127.0.0.1 www.hitboss.com #[IE-SpyAd]
127.0.0.1 www.hit4hit.com #[IE-SpyAd]
127.0.0.1 ads.hitcents.com #[IE-SpyAd]
127.0.0.1 hits-counter.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com
127.0.0.1 www.hitlogger.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 hit-parade.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 www.hitpointer.com #[IE-SpyAd]
127.0.0.1 hitslink.com #[IE-SpyAd]
127.0.0.1 counter.hitslink.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 www2.hitslink.com
127.0.0.1 www.hitslink.com
127.0.0.1 hitstats.net
127.0.0.1 www.hiwire.com #[IE-SpyAd]
127.0.0.1 ads.home.net
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
127.0.0.1 counters.honesty.com
127.0.0.1 horse-active.net
127.0.0.1 horse-dns.net
127.0.0.1 horse-search.net
127.0.0.1 banners.hotlinks.net #[IE-SpyAd]
127.0.0.1 horseserver.net #[Troj/Haxdor-Fam][Trojan.Startpage.I]
127.0.0.1 www.horseserver.net #[Backdoor.Haxdoor.D]
127.0.0.1 hotsearch.com #[roar.com][IE-SpyAd]
127.0.0.1 www.hotsearch.com
127.0.0.1 www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl #[IE-SpyAd]
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hc2.humanclick.com
127.0.0.1 www.humanclick.com #[IE-SpyAd]
127.0.0.1 custom1.hurricanedigitalmedia.com
127.0.0.1 custom3.hurricanedigitalmedia.com
127.0.0.1 www.hypertracker.com #[IE-SpyAd]
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com #[IE-SpyAd]
127.0.0.1 ads.imdb.com #[amazon.com]
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com #[IE-SpyAd]
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 banners.inetfast.com
127.0.0.1 ads.infospace.com
127.0.0.1 bvads.infospace.com
127.0.0.1 dpxml.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infospider.com #[IE-SpyAd]
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com #[IE-SpyAd]
127.0.0.1 mjxads.internet.com #[IE-SpyAd]
127.0.0.1 indiads.com #[IE-SpyAd]
127.0.0.1 infostart.com #[IE-SpyAd]
127.0.0.1 popups.infostart.com
127.0.0.1 instantsearch.cc #[Adware/TheLocalSearch]
127.0.0.1 www.instantsearch.cc
127.0.0.1 www.intelli-tracker.com
127.0.0.1 inqwire.com #[IE-SpyAd]
127.0.0.1 www.inqwire.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com #[IE-SpyAd]
127.0.0.1 istarthere.com #[Troj/IEStart-C]
127.0.0.1 directory.istarthere.com
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 partners.istarthere.com
127.0.0.1 www.istarthere.com #[VBS_IESTART.F]
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 www.itrafficstar.com #[IE-SpyAd]
127.0.0.1 www.jcount.com #[IE-SpyAd]
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 popup.jeanharris.com
127.0.0.1 www.jellycounter.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.joltid.com #[Adware.P2PNetworking]
127.0.0.1 www1.kliks.nl #[IE-SpyAd]
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com #[IE-SpyAd]
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 stats.klsoft.com #[IE-SpyAd]
127.0.0.1 www.kmindex.ru
127.0.0.1 www.koolbar.net #[IE-SpyAd]
127.0.0.1 ad.leadcrunch.com #[IE-SpyAd]
127.0.0.1 ts1.lexmark.com
127.0.0.1 linkbuddies.com #[IE-SpyAd]
127.0.0.1 banners.linkbuddies.com
127.0.0.1 www.linkbuddies.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru #[IE-SpyAd]
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com #[IE-SpyAd]
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com #[IE-SpyAd]
127.0.0.1 escati.linkopp.net #[IE-SpyAd]
127.0.0.1 www.linkopp.net
127.0.0.1 js.livehelper.com #[IE-SpyAd]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 liveperson.net
127.0.0.1 server.iad.liveperson.net #[IE-SpyAd]
127.0.0.1 www.liveperson.com
127.0.0.1 adserv.lwmn.net #[server down?]
127.0.0.1 locators.com #[Adware.Locator]
127.0.0.1 toolbar.locators.com #[Locators Toolbar]
127.0.0.1 www.locators.com
127.0.0.1 www.lookde5.com #[W32.Looked]
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 www.luckyhomepage.com #[IE-SpyAd]
127.0.0.1 www.lyricspy.com #[PluginAccess]
127.0.0.1 make-deal.com #[server down?]
127.0.0.1 www.madoogali.com #[Madoogali][IE-SpyAd]
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 marnet.us #[Downloader-IU]
127.0.0.1 image.masterstats.com #[IE-SpyAd]
127.0.0.1 link.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com #[IE-SpyAd]
127.0.0.1 adserver.matchcraft.com
127.0.0.1 maybeyes.biz #[Trojan.Ducky]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 acvs.mediaonenetwork.net
127.0.0.1 acvsrv.mediaonenetwork.net
127.0.0.1 ads.mediaturf.net
127.0.0.1 banner.meerhits.nl #[IEHIjacker.Meerhits.nl]
127.0.0.1 pokpok.meerhits.nl #[IE-SpyAd]
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com #[typo squatter][IE-SpyAd]
127.0.0.1 www.megaseek.net #[IE-SpyAd]
127.0.0.1 megatds.com #[Adware/Megatds]
127.0.0.1 admintds.megatds.com
127.0.0.1 tds.megatds.com
127.0.0.1 www.megatds.com
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[Adware Bundler]
127.0.0.1 micorsoft.com
127.0.0.1 www.micorsoft.com #[typo hijacker]
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 morwillsearch.com #[Adware.MWSearch][cfgwr Class]
127.0.0.1 www.morwillsearch.com
127.0.0.1 mp3today.net
127.0.0.1 www.mp3yes.com #[C2Media\LOP][IE-SpyAd]
127.0.0.1 mpamexit.com
127.0.0.1 www.messagetag.com #[Email tracker][IE-SpyAd]
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[IE-SpyAd]
127.0.0.1 www.msgtag.com
127.0.0.1 multi1.rmuk.co.uk #[RealMedia]
127.0.0.1 www.musicsonglyrics.com #[static.windupdates.com]
127.0.0.1 mvtracker.com #[IE-SpyAd]
127.0.0.1 www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 www.mvr.us
127.0.0.1 www.myaffiliateprogram.com #[IE-SpyAd]
127.0.0.1 www.myarmory.com #[Spyware.Bazookabar]
127.0.0.1 www.myemessenger.com
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]
127.0.0.1 hit.namimedia.com #[IE-SpyAd]
127.0.0.1 ads.nandomedia.com
127.0.0.1 neededware.com #[Adware.NeededWare]
127.0.0.1 www.neededware.com
127.0.0.1 www6.netbroadcaster.com #[IE-SpyAd]
127.0.0.1 code.netbreak.com.au
127.0.0.1 www.netflip.com #[IE-SpyAd]
127.0.0.1 money2.netfirms.com #[The Money Toolbar]
127.0.0.1 hints.netflame.cc
127.0.0.1 ssl-hints.netflame.cc
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 www.netpoll.nl
127.0.0.1 servedby.netshelter.net
127.0.0.1 ads.netsol.com
127.0.0.1 www.netsearch.info
127.0.0.1 ads.networksolutions.com
127.0.0.1 www.network-tool.net #[Trojan.Magise]
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 web1.noadware.net #[IE-SpyAd]
127.0.0.1 www.noadware.net #[SCAM.Enigma.NoAdware]
127.0.0.1 nowbox.com
127.0.0.1 www.nowbox.com #[Parasite.NowBox]
127.0.0.1 ns2.iad1.nssrv.com #[IE-SpyAd]
127.0.0.1 www.nubela.net #[mediatickets]
127.0.0.1 nzads.net.nz
127.0.0.1 file.obalduyam.net #[Trojan-Downloader.Win32.Small.ams]
127.0.0.1 okcounter.com #[IE-SpyAd]
127.0.0.1 www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com #[IE-SpyAd]
127.0.0.1 www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster][IE-SpyAd]
127.0.0.1 www.online-service.cc #[Trojan.Magise]
127.0.0.1 www.onseo.com #[Trojan-Clicker.Win32.Delf.bc]
127.0.0.1 server1.opentracker.net
127.0.0.1 www.opinionlab.com #[IE-SpyAd]
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 by.optimost.com
127.0.0.1 banner.orb.net
127.0.0.1 geoads.osdn.com #[IE-SpyAd][server down?]
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 survey.otxresearch.com #[TrojanDownloader.OTXloader.A]
127.0.0.1 www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]
127.0.0.1 www.overpeer.com #[Trojan.Wimad]
127.0.0.1 www.p3marketing.com #[Zapspot]
127.0.0.1 padonak.info #[Trojan.Moo]
127.0.0.1 www.padonak.info #[IE-SpyAd]
127.0.0.1 www.pan-advert.com #[IE-SpyAd]
127.0.0.1 0503.pass.as #[Backdoor.Tuimer]
127.0.0.1 click.payserve.com #[IE-SpyAd]
127.0.0.1 www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 www.peel.com #[IE-SpyAd]
127.0.0.1 www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com #[IE-SpyAd]
127.0.0.1 www.peruvianmarket.com #[Trojan.Beagooz.D]
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 www.phpadsnew.com
127.0.0.1 ads2.playnet.com
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 www.pops-stop.com
127.0.0.1 www.popupads.com #[IE-SpyAd]
127.0.0.1 www.popupad.net #[IE-SpyAd]
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 www.popupblockade.com #[IE-SpyAd]
127.0.0.1 popupmoney.com #[IE-SpyAd]
127.0.0.1 server01.popupmoney.com
127.0.0.1 www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 www.popadstop.com
127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 www.popuptop.com #[IE-SpyAd]
127.0.0.1 www2.portdetective.com
127.0.0.1 www.positivebeats.com #[C2Media\LOP][IE-SpyAd]
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A][server down?]
127.0.0.1 www.praize.com #[Adware.Praize]
127.0.0.1 www.promarketingclub.com
127.0.0.1 www.prtracker.com
127.0.0.1 projectx.net #[Trojan.Tannick.B]
127.0.0.1 www.profitzone.com #[ProfitZONE Adbar]
127.0.0.1 prolivation.com #[IE-SpyAd]
127.0.0.1 www.prolivation.com
127.0.0.1 ads.pro-market.net
127.0.0.1 www.promo.com.au
127.0.0.1 www.prutect.com #[Spyware.e2give][Win32.Prutec.A]
127.0.0.1 www.protectedmedia.com #[Trojan.Wimad]
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 www.pureseeker.com #[C2Media\LOP][IE-SpyAd]
127.0.0.1 www.pwallet.com #[IE-SpyAd]
127.0.0.1 mediatickets.q8hell.org #[W32/LowZones.L]
127.0.0.1 uld3r.q8hell.org
127.0.0.1 adserv.quality-channel.de
127.0.0.1 www.quarterserver.de
127.0.0.1 questionmarket.com #[IE-SpyAd]
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 www.questionmarket.com
127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]
127.0.0.1 quickmetasearch.com #[ADW_SEARCHMETA.A]
127.0.0.1 www.qq886.com #[Backdoor.Semes]
127.0.0.1 ramgo.com
127.0.0.1 www.ramgo.com #[Win32.Startpage.B]
127.0.0.1 www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 www.realclicks.com
127.0.0.1 www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 rightmedia.net #[IE-SpyAd]
127.0.0.1 rightstats.com
127.0.0.1 www.rightstats.com
127.0.0.1 m.rmbclick.com #[IE-SpyAd]
127.0.0.1 hits.roitracker.com #[IE-SpyAd]
127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 ad.ro2cn.com #[Adware.Ro2cn]
127.0.0.1 www.savehits.com #[IE-SpyAd]
127.0.0.1 st.sageanalyst.net #[IE-SpyAd]
127.0.0.1 pigmailer.scarryserv.biz #[Trojan.Mochi]
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 adsremote.scripps.com
127.0.0.1 te.scripps.com
127.0.0.1 counter.search.bg #[IE-SpyAd]
127.0.0.1 searchalot.com #[IE-SpyAd]
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 www.searchalot.com #[Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 www.searchandclick.com #[Browseraid][SearchAndClick]
127.0.0.1 searchby.net #[IE-SpyAd]
127.0.0.1 www.searchby.net #[Ultimate Popup Killer]
127.0.0.1 www.searchgauge.com
127.0.0.1 search-itnow.com #[Parasite.AdultLinks]
127.0.0.1 www.search-itnow.com
127.0.0.1 tb.searchitquick.com #[hotwebsearch.com][iiittt Class]
127.0.0.1 www.searchitquick.com #[IE-SpyAd]
127.0.0.1 www.searchmachine.com #[IE-SpyAd]
127.0.0.1 www.searchmagnifier.com
127.0.0.1 searchmaid.com #[Adware/TheLocalSearch]
127.0.0.1 www.searchmaid.com
127.0.0.1 searchproject.net #[Trojan.Phel.A]
127.0.0.1 www.search-pounder.com #[Spyware.SearchPounder]
127.0.0.1 www.searchrelevancy.com #[Spyware.Relevancy]
127.0.0.1 www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 www.search-toolbar.com #[Trojan.Magise]
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[IE-SpyAd][KB320159]
127.0.0.1 www.secondpower.com
127.0.0.1 adserver.securityfocus.com #[RealMedia]
127.0.0.1 www.selfsurveys.com #[IE-SpyAd]
127.0.0.1 www.seehits.com
127.0.0.1 www.sendtraffic.com
127.0.0.1 sesso.com
127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 ds.serving-sys.com
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com #[IE-SpyAd]
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 www.sitestatslive.com
127.0.0.1 www.sitetracking.info #[Naughty Pops][IE-SpyAd]
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 www.shockcounter.com #[IE-SpyAd]
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com #[IE-SpyAd]
127.0.0.1 smart2com.net #[Trojan.Autoproxy]
127.0.0.1 smart-browser.com
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 www.smart-browser.com
127.0.0.1 smartclicks.net #[IE-SpyAd]
127.0.0.1 www.smartclicks.net
127.0.0.1 smarter.com #[IE-SpyAd]
127.0.0.1 sidebar.smarter.com
127.0.0.1 www.smarter.com
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 www1.spaex.com #[searchboss.com][IE-SpyAd]
127.0.0.1 www.spedia.net #[SpediaBar][IE-SpyAd]
127.0.0.1 www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]
127.0.0.1 www.spyferret.com
127.0.0.1 www.spymoon.com #[Trojan.Eaghouse.B]
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 www.s-tracking.com
127.0.0.1 adsintl.starwave.com
127.0.0.1 c1.statcounter.com #[Ad-Aware.Data Miner]
127.0.0.1 c2.statcounter.com
127.0.0.1 c3.statcounter.com #[PestPatrol.Tracking Cookie]
127.0.0.1 s2.statcounter.com
127.0.0.1 www.statcounter.com #[IE-SpyAd]
127.0.0.1 js.statistici.ro
127.0.0.1 log.statistici.ro
127.0.0.1 s.statistici.ro #[IE-SpyAd]
127.0.0.1 www.statomatic.com #[IE-SpyAd]
127.0.0.1 stats4you.com #[IE-SpyAd]
127.0.0.1 reg.stats4all.com
127.0.0.1 www.stats4you.com #[IE-SpyAd]
127.0.0.1 www.stickypops.com #[IE-SpyAd]
127.0.0.1 clix.superclix.de #[IE-SpyAd]
127.0.0.1 www.superlogy.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 supersearchs.com #[IE-SpyAd]
127.0.0.1 www.supersearchs.com
127.0.0.1 sqwire.com #[Adware.Sqwire][Xupiter.Sqwire]
127.0.0.1 www.sqwire.com #[Parasite.Xupiter][Adware-PornKings]
127.0.0.1 www.supaseek.com #[Spyware.Supaseek]
127.0.0.1 rd1.surfernetwork.com #[SurferNETWORK Plugin]
127.0.0.1 www.surfernetwork.com
127.0.0.1 surfsidekick.com
127.0.0.1 dl.surfsidekick.com
127.0.0.1 www.surfsidekick.com #[Adware.SurfSideKick]
127.0.0.1 www2.surveyfocus.com #[IE-SpyAd]
127.0.0.1 www.surveynetworks.com
127.0.0.1 www.surveysite.com
127.0.0.1 www2.survey-poll.com #[microsoft]
127.0.0.1 swift-look.com #[phishing exploit]
127.0.0.1 www.sweetbar.com #[SecurityRisk.Downldr]
127.0.0.1 www.symantic.com #[Typo Squatter][IE-SpyAd]
127.0.0.1 adpick.switchboard.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 www.szadk.com #[PWSteal.Trojan]
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 tat-neftbank.ru #[Backdoor.Berbew.H]
127.0.0.1 www.tech-marketresearch.com
127.0.0.1 www.textads.biz
127.0.0.1 a.tfag.de
127.0.0.1 ak.tfag.de
127.0.0.1 theaffiliateprogram.com
127.0.0.1 adbot.theonion.com
127.0.0.1 www.thepokerclub.com #[SecurityRisk.ClubPoker]
127.0.0.1 thesearchmall.com #[Adware.SearchMall][server down?]
127.0.0.1 www.thesearchmall.com
127.0.0.1 tipsurf.com
127.0.0.1 tnc4u.com #[Parasite.DownloadPlus]
127.0.0.1 new.tnc4u.com
127.0.0.1 www.tnc4u.com #[Adware.DownloadPlus]
127.0.0.1 www.toilet.com #[IE-SpyAd]
127.0.0.1 ad.tomshardware.com
127.0.0.1 tooncomics.com #[IEDLL.ToonComics][here4search.com]
127.0.0.1 www.tooncomics.com #[Downloader.Tooncom][CWS.Aff.Tooncomics]
127.0.0.1 log.trafic.ro #[IE-SpyAd]
127.0.0.1 storage.trafic.ro
127.0.0.1 tool4ame.com #[TROJ_GOLID.A][Adware.IAGold]
127.0.0.1 www.toolshack.com #[IE-SpyAd]
127.0.0.1 ads.toplayerserver.com
127.0.0.1 www1.toplayerserver.com
127.0.0.1 www.toplayerserver.com #[IE-SpyAd]
127.0.0.1 toprebates.com #[webrebates][IE-SpyAd]
127.0.0.1 www.toprebates.com
127.0.0.1 stat.toprefsys.com
127.0.0.1 www.top-search.com #[Adware-SSF.dr]
127.0.0.1 download.topsearchweb.com
127.0.0.1 www.topsearchweb.com #[hotwebsearch.com]
127.0.0.1 ad.topstat.com
127.0.0.1 nl.topstat.com #[IE-SpyAd]
127.0.0.1 s26.topstat.com
127.0.0.1 xl.topstat.com
127.0.0.1 ads.track-star.com
127.0.0.1 adserver.track-star.com
127.0.0.1 geo2.track-star.com
127.0.0.1 www.track-star.com
127.0.0.1 www.traffic-stock.com #[Parasite.RichFind]
127.0.0.1 tradeexit.com
127.0.0.1 www.tradeexit.com #[Parasite.Winupie]
127.0.0.1 www.trafficbeamer.nl
127.0.0.1 trafficg.com #[IE-SpyAd]
127.0.0.1 www.trafficg.com
127.0.0.1 www.trafficflame.com
127.0.0.1 trafficfile.com #[IE-SpyAd]
127.0.0.1 www.trafficfile.com
127.0.0.1 trackyourstats.com
127.0.0.1 hit.traxdb.net
127.0.0.1 a.tribalfusion.com #[IE-SpyAd]
127.0.0.1 cdn1.tribalfusion.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 tribalfusion.speedera.net
127.0.0.1 ads.tucows.com
127.0.0.1 counts.tucows.com
127.0.0.1 google.tucows.com
127.0.0.1 www.turbomemorycharger.com #[Adware.Fapi]
127.0.0.1 ads.ucomics.com #[RealMedia]
127.0.0.1 image.ugo.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 www.ukbanners.com #[IE-SpyAd]
127.0.0.1 ultimatecounter.com #[IE-SpyAd]
127.0.0.1 www.ultimatecounter.com
127.0.0.1 www.ultimatepopupkiller.com #[searchby.net][IE-SpyAd]
127.0.0.1 www.ultraload.net #[MHTMLRedir.Exploit]
127.0.0.1 adcontroller.unicast.com
127.0.0.1 ads.unlimitedbanners.com #[IE-SpyAd]
127.0.0.1 ads1.updated.com
127.0.0.1 www.updatenow.org #[IE-SpyAd]
127.0.0.1 www.upgradenow.org
127.0.0.1 www.updatepatch.info #[Messenger Service pop-up]
127.0.0.1 www.upp2ono41xi9rman2.com #[TrojanDropper.Small.LG]
127.0.0.1 ads.uproar.com
127.0.0.1 urlblaze.com #[Adware.TurboDownload]
127.0.0.1 www.urlblaze.com #[Adware Bundler]
127.0.0.1 www.urlblaze.net #[IEDriver][ADW_RULEDOR.C]
127.0.0.1 usachoice.net #[IE-SpyAd]
127.0.0.1 ads.valuead.com #[IE-SpyAd]
127.0.0.1 adnetintads.valuead.com
127.0.0.1 banners.valuead.com
127.0.0.1 oin.valuead.com #[outerinfo.com]
127.0.0.1 servedby.valuead.com
127.0.0.1 ad.valuehost.ru #[IE-SpyAd]
127.0.0.1 www.verticlick.com
127.0.0.1 image.versiontracker.com
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 ads.vesperexchange.com
127.0.0.1 www.vesperexchange.com
127.0.0.1 cinnam.vibrahost.com #[PWSteal.Revcuss.C][Win32.Revcuss.C]
127.0.0.1 vivi.vibrahost.com #[PWSteal.Revcuss.A]
127.0.0.1 dns2010.vicp.net #[Backdoor.Tumag]
127.0.0.1 uygurman.vicp.net #[Trojan.Riler][Troj/Riler-B]
127.0.0.1 oas.villagevoice.com
127.0.0.1 visit-link.com
127.0.0.1 www.voonda.com #[Spyware.TAFbar]
127.0.0.1 generic.vpptechnologies.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com #[IE-SpyAd]
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 www.vstats.net #[IE-SpyAd]
127.0.0.1 ads.vnuemedia.com
127.0.0.1 sevenc.vze.com #[VBS.Powcox@mm]
127.0.0.1 www.w3exit.com
127.0.0.1 www.warezdownload.ws #[TROJ_BANKER.DC]
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 way4find.com
127.0.0.1 www.way4find.com #[Downloader-TA.dll]
127.0.0.1 wazam.com
127.0.0.1 www.wazam.com #[Parasite.Wazam]
127.0.0.1 wcft.net #[Parasite.LinkReplacer]
127.0.0.1 www.wcft.net
127.0.0.1 ads.weather.com
127.0.0.1 ads.webattack.com
127.0.0.1 webcounter.com #[IE-SpyAd]
127.0.0.1 www.webcounter.com
127.0.0.1 ads.webhosting.info
127.0.0.1 adv.webmd.com
127.0.0.1 webhits.de #[IE-SpyAd]
127.0.0.1 banners.webmasterplan.com
127.0.0.1 stat.webmedia.pl #[IE-SpyAd]
127.0.0.1 bannervip.web1000.com #[IE-SpyAd]
127.0.0.1 ads.webads360.com #[IE-SpyAd]
127.0.0.1 www.webnomey.net #[PWSteal.Ldpinch.E]
127.0.0.1 clickcash.webpower.com #[IE-SpyAd]
127.0.0.1 orders.webpower.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 ads.webshots.com
127.0.0.1 websponsors.com #[IE-SpyAd]
127.0.0.1 a.websponsors.com
127.0.0.1 ads.websponsors.com
127.0.0.1 g.websponsors.com
127.0.0.1 www.websponsors.com
127.0.0.1 www.webstars2000.com
127.0.0.1 hv3.webstat.com #[IE-SpyAd]
127.0.0.1 hits.webstat.com
127.0.0.1 www.wenksdisdkjeilsow.com #[Parasite.AutoStartup][Download.Trojan]
127.0.0.1 wetrack.it #[IE-SpyAd]
127.0.0.1 st.wetrack.it
127.0.0.1 www.wgutv.com #[Adware.BuddyLinks]
127.0.0.1 partner1.whatsfind.com
127.0.0.1 www.whatsfind.com #[HTML_STARTPAGE.C]
127.0.0.1 www.win-fix.com #[Rogue/Suspect]
127.0.0.1 www.win-update.net #[Trojan.Magise]
127.0.0.1 window1.com #[IE-SpyAd]
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 winstream.com #[Parasite.Searchex]
127.0.0.1 www.winstream.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 www.wowweb.net #[Adware.WWWBar]
127.0.0.1 www.wurldmedia.com #[Adware.Wurldmedia][WurldMedia][KB321923]
127.0.0.1 x0x.biz
127.0.0.1 www.x0x.biz #[Backdoor.Berbew.D]
127.0.0.1 xlonhcld.xlontech.net #[IE-SpyAd]
127.0.0.1 nedstats.xs4all.nl
127.0.0.1 hit1.xstats.com
127.0.0.1 view1.xstats.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ad.yadro.ru #[IE-SpyAd]
127.0.0.1 counter.yadro.ru
127.0.0.1 bs.yandex.ru
127.0.0.1 crsky2004.yeah.net #[Backdoor.Singu.B]
127.0.0.1 yourspecialoffers.com #[FavoriteMan]
127.0.0.1 www.yourspecialoffers.com
127.0.0.1 ysearchus.com #[Parasite.TinyBar]
127.0.0.1 www.ysearchus.com
127.0.0.1 www.yuups.com #[Adware.Yuupsearch]
127.0.0.1 www.zenotecnico.com #[desktoptraffic.net]
127.0.0.1 zippy-lookup.com #[Adware.ZippyLookup.BHO]
127.0.0.1 www.zippy-lookup.com
127.0.0.1 z-proxy.com #[W32/Downloader]
127.0.0.1 zuvio.com #[UCSearch.ucUCSearch]
127.0.0.1 www.zuvio.com #[Adware.OpenSite][OpenSite]
127.0.0.1 bannerads.zwire.com
127.0.0.1 0cat.com #[0Cat YellowPages]
127.0.0.1 www.0cat.com
127.0.0.1 0ml.net #[IE-SpyAd]
127.0.0.1 www.0stats.com
127.0.0.1 cc.1asphost.com #[Trojan.Bansap]
127.0.0.1 www.123counts.com #[hitslink.com][IE-SpyAd]
127.0.0.1 www.123mania.com #[SrchHook Class][Parasite.123Mania][Adware.MatrixSearch]
127.0.0.1 123stat.com #[IE-SpyAd]
127.0.0.1 1234.2bro.com #[Adware.Satbo]
127.0.0.1 www.241hits.com
127.0.0.1 up.isp.2ch.net #[Trojan.Upchan]
127.0.0.1 www.321search.com #[SearchAssistant.dll]
127.0.0.1 www.3241.com #[Troj/Zikdow-B]
127.0.0.1 ct.360i.com
127.0.0.1 www.ff.iij4u.or.jp #[Trojan.Upchan]
127.0.0.1 download.35mb.com #[impregnable.net]
127.0.0.1 www.35mb.com #[download_35mb_com.applet]
127.0.0.1 10000hits.net #[IE-SpyAd]
127.0.0.1 1000stars.ru #[IE-SpyAd]
127.0.0.1 ad.37.com
127.0.0.1 7am.com
127.0.0.1 www.777search.com #[C2Media/LOP]
127.0.0.1 ad2.163.com
127.0.0.1 adclient.163.com
127.0.0.1 popme.163.com
127.0.0.1 smtp.163.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 ajim.delphibbs.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 14713804A.l2m.net #[LiveTechnology]
127.0.0.1 banners.4d5.net
127.0.0.1 banner.50megs.com
127.0.0.1 guannan.3322.net #[IE-SpyAd]
127.0.0.1 www.fan8.com
127.0.0.1 banners.dot.tk
127.0.0.1 topsites.us #[Parasite.eStart]
127.0.0.1 www.123banners.com
127.0.0.1 ftp.123banners.com
127.0.0.1 123go.com
127.0.0.1 ns1.123go.net
127.0.0.1 n-case.com
127.0.0.1 www.n-case.com
127.0.0.1 www.surfassistant.com #[Adware.SurfAssistant]
127.0.0.1 www.zangomessenger.com
127.0.0.1 www.zangoshowtimes.com
127.0.0.1 address.3721.com
127.0.0.1 agent.3721.com
127.0.0.1 assistant.3721.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 corp.3721.com #[server down?]
127.0.0.1 dir.3721.com
127.0.0.1 download.3721.com
127.0.0.1 express.3721.com
127.0.0.1 img.3721.com
127.0.0.1 magic.3721.com
127.0.0.1 mark.3721.com
127.0.0.1 meta.3721.com
127.0.0.1 msearch.3721.com
127.0.0.1 sbox.3721.com
127.0.0.1 shanghai.3721.com
127.0.0.1 sina.3721.com
127.0.0.1 user.3721.com
127.0.0.1 wap.3721.com
127.0.0.1 www.3721.com #[Adware.Chinet][ADW_CNSMIN.A]
127.0.0.1 yahoo.3721.com
127.0.0.1 3721.com
127.0.0.1 download.feiyang.com
127.0.0.1 adtracker.411web.com
127.0.0.1 hits.411web.com
127.0.0.1 overture.411web.com
127.0.0.1 static.411web.com
127.0.0.1 xml.411web.com
127.0.0.1 search.letssearch.com
127.0.0.1 search2.letssearch.com
127.0.0.1 www.letssearch.com #[BrowserAid.LetsSearch]
127.0.0.1 7search.com #[Parasite.7FaSSt Search]
127.0.0.1 fstrack.7search.com
127.0.0.1 ia1.7search.com
127.0.0.1 mainws2.7search.com
127.0.0.1 impression.7search.com
127.0.0.1 www.7search.com
127.0.0.1 img.7meta.com
127.0.0.1 www.7metasearch.com
127.0.0.1 adtactics.com #[IE-SpyAd]
127.0.0.1 bannerx.adtactics.com
127.0.0.1 www.a1fax.com
127.0.0.1 www.adtactics.com
127.0.0.1 advertisingagent.com
127.0.0.1 ajokeaday.com #[IE-SpyAd]
127.0.0.1 bestsearch.com
127.0.0.1 scripts.bestsearch.com
127.0.0.1 www.bestsearch.com
127.0.0.1 browseraccelerator.com #[Spyware.BrowserAccel]
127.0.0.1 data.browseraccelerator.com
127.0.0.1 download.browseraccelerator.com
127.0.0.1 client.browseraccelerator.com
127.0.0.1 www.browseraccelerator.com #[IE-SpyAd]
127.0.0.1 www.buscamundo.com
127.0.0.1 bannersxchange.com
127.0.0.1 img.bannersxchange.com #[IE-SpyAd]
127.0.0.1 www.bannersxchange.com
127.0.0.1 internetsecurity.com
127.0.0.1 www.internetsecurity.com
127.0.0.1 www.linkstoyou.com
127.0.0.1 www.payperranking.com
127.0.0.1 www.pay-per-search.com
127.0.0.1 paypertext.com
127.0.0.1 predictivesearch.com
127.0.0.1 seal.ranking.com
127.0.0.1 www.ranking.com
127.0.0.1 tracking.roispy.com #[IE-SpyAd]
127.0.0.1 www.roispy.com
127.0.0.1 ftp.sevenmetasearch.com
127.0.0.1 www.sevenmetasearch.com
127.0.0.1 tracking.spiderbait.com
127.0.0.1 www.spiderbait.com
127.0.0.1 www.textadvertising.com
127.0.0.1 www.thetop10.com
127.0.0.1 trustgauge.com
127.0.0.1 www.trustgauge.com
127.0.0.1 seal.validatedsite.com
127.0.0.1 www.validatedsite.com
127.0.0.1 www.watch24.com
127.0.0.1 clicks.about.com
127.0.0.1 f.about.com
127.0.0.1 home.about.com
127.0.0.1 js.get.about.com
127.0.0.1 images.about.com
127.0.0.1 lunafetch.about.com
127.0.0.1 pixel3.about.com
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 statistics.s5.com
127.0.0.1 ad.aboutwebservices.com
127.0.0.1 button.clickability.com
127.0.0.1 sftp.clickability.com
127.0.0.1 stats.clickability.com
127.0.0.1 adops.adbureau.net
127.0.0.1 etype.adbureau.net
127.0.0.1 granada.adbureau.net
127.0.0.1 www.adbureau.net
127.0.0.1 accipiter.speedera.net
127.0.0.1 ad-blaster.com
127.0.0.1 www.ad-blaster.com
127.0.0.1 promote4profit.com
127.0.0.1 www.promote4profit.com
127.0.0.1 addfreestats.com
127.0.0.1 top.addfreestats.com
127.0.0.1 www.addfreestats.com
127.0.0.1 www.3dstats.com
127.0.0.1 www1.addfreestats.com
127.0.0.1 www2.addfreestats.com
127.0.0.1 www3.addfreestats.com
127.0.0.1 www4.addfreestats.com
127.0.0.1 www5.addfreestats.com
127.0.0.1 adlogix.com #[InPop.InControl][IEEnhancer]
127.0.0.1 lasagne.adlogix.com
127.0.0.1 publisher.adlogix.com
127.0.0.1 traffic.adlogix.com
127.0.0.1 trafficsource.adlogix.com
127.0.0.1 www.adlogix.com
127.0.0.1 hitgo.com #[IPU][InPop.InControl]
127.0.0.1 www.hitgo.com
127.0.0.1 r2.trafficserverstats.com
127.0.0.1 ads.adorigin.com
127.0.0.1 dev.adorigin.com
127.0.0.1 www.adorigin.com
127.0.0.1 blowsearch.com
127.0.0.1 msxml.blowsearch.com
127.0.0.1 web.blowsearch.com #[infospace.com]
127.0.0.1 www.blowsearch.com
127.0.0.1 cb.adprofile.net
127.0.0.1 content.adprofile.net
127.0.0.1 tx.adprofile.net
127.0.0.1 w2-ver.adprofile.net
127.0.0.1 adteractive.com
127.0.0.1 www.adteractive.com
127.0.0.1 adtegrity.com
127.0.0.1 www.adtegrity.com
127.0.0.1 webalize.com #[SearchCentrix][VisiCom.SearchCentric]
127.0.0.1 toolbar.webalize.com #[downloads.searchcentrix.com]
127.0.0.1 www.webalize.com #[Visicom Media Toolbar]
127.0.0.1 webalize.net
127.0.0.1 www.webalize.net
127.0.0.1 webalize.mygeek.com
127.0.0.1 advertisementbanners.com
127.0.0.1 www.gogotools.com #[Parasite.GogoTools]
127.0.0.1 www.searchgogo.com
127.0.0.1 ads.specificclick.com
127.0.0.1 www.specificclick.com
127.0.0.1 specificpop.com
127.0.0.1 ads.specificpop.com
127.0.0.1 banners.specificpop.com
127.0.0.1 www.specificpop.com
127.0.0.1 adopt.specificclick.net
127.0.0.1 images.specificclick.net
127.0.0.1 image.adjuggler.com
127.0.0.1 rotator.adjuggler.com
127.0.0.1 www.adjuggler.com
127.0.0.1 thruport.com
127.0.0.1 adj54.thruport.com
127.0.0.1 imageserver1.thruport.com
127.0.0.1 www.thruport.com
127.0.0.1 alset.com #[WIN32/HXDL AL]
127.0.0.1 www.alset.com
127.0.0.1 allcybersearch.com #[REG_STARTPAGE.A]
127.0.0.1 www.allcybersearch.com
127.0.0.1 amigeek.com
127.0.0.1 www.amigeek.com
127.0.0.1 clickyestoenter.net
127.0.0.1 www.clickyestoenter.net
127.0.0.1 www.gay50.com
127.0.0.1 gocybersearch.com
127.0.0.1 www.gocybersearch.com
127.0.0.1 www.hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 search.hotpopup.com
127.0.0.1 www.hotpopup.com
127.0.0.1 hotsearchbox.com #[JAVA_STARTPAGE.F]
127.0.0.1 www.hotsearchbox.com
127.0.0.1 i--search.com
127.0.0.1 www.i--search.com #[StartPage-FN]
127.0.0.1 jethomepage.com #[JS.Exception.Exploit]
127.0.0.1 www.jethomepage.com #[Troj/JetHome-B]
127.0.0.1 jetseeker.com #[CWS.Bootconf]
127.0.0.1 www.jetseeker.com
127.0.0.1 searchxl.com #[Adware.ZeroPopUpBar]
127.0.0.1 www.searchxl.com
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com #[Parasite.TinyBar]
127.0.0.1 topsearcher.com #[JV/Goplanet]
127.0.0.1 www.topsearcher.com #[Troj/JetHome-J]
127.0.0.1 trixscripts.com
127.0.0.1 www.trixscripts.com
127.0.0.1 zeropopup.com #[Parasite.ZeroPopUp]
127.0.0.1 www.zeropopup.com #[Tellafriend.Trojan]
127.0.0.1 znext.com #[JS_TRAFFICHBAR.A][Parasite.TinyBar]
127.0.0.1 www.znext.com #[Parasite.ZeroPopUp][App/P0P-A]
127.0.0.1 adforce.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserv003.adtech.de
127.0.0.1 imageserv.adtech.de
127.0.0.1 livingnet.adtech.de
127.0.0.1 cdn1.adsdk.com
127.0.0.1 cdn2.adsdk.com #[VirtualBouncer]
127.0.0.1 advertising.com
127.0.0.1 adserve.advertising.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 demo.advertising.com
127.0.0.1 opera1-servedby.advertising.com
127.0.0.1 servedby.advertising.com
127.0.0.1 rd.advertising.com
127.0.0.1 wap.advertising.com
127.0.0.1 www.advertising.com
127.0.0.1 clk4.com
127.0.0.1 www.clk4.com
127.0.0.1 www.contextualclicks.com
127.0.0.1 fastseeker.com #[Adware.FastSeek]
127.0.0.1 www.fastseeker.com
127.0.0.1 spyblast.com #[Parasite.SpyBlast]
127.0.0.1 www.spyblast.com #[SBFullInst Control]
127.0.0.1 www.thesearchster.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 t.ign.com
127.0.0.1 tracker.ign.com
127.0.0.1 adserver.snowball.com
127.0.0.1 polls.snowball.com
127.0.0.1 scripts.snowball.com
127.0.0.1 t.snowball.com
127.0.0.1 tracker.snowball.com
127.0.0.1 esb.alcena.com #[TestingCtl Control][ADW_EASYSBAR.A]
127.0.0.1 serve.alcena.com #[WmvDown.A][Trojan.Wimad]
127.0.0.1 www.alcena.com
127.0.0.1 www.easysearchbar.com #[ADW_EASYSBAR.A]
127.0.0.1 www.specialoffersnetworks.com #[IE-SpyAd]
127.0.0.1 altnet.com
127.0.0.1 file.altnet.com
127.0.0.1 media.altnet.com
127.0.0.1 ts.altnet.com
127.0.0.1 tss.altnet.com
127.0.0.1 pm.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 brilliantdigital.com #[Parasite.BDE]
127.0.0.1 st.brilliantdigital.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 b3d.com
127.0.0.1 www.b3d.com
127.0.0.1 bde3d.com
127.0.0.1 xiti.com
127.0.0.1 loga.xiti.com
127.0.0.1 logc13.xiti.com
127.0.0.1 logi6.xiti.com
127.0.0.1 logi7.xiti.com
127.0.0.1 logv3.xiti.com
127.0.0.1 logv18.xiti.com
127.0.0.1 logv20.xiti.com
127.0.0.1 logp.xiti.com
127.0.0.1 trafic.xiti.com
127.0.0.1 www.xiti.com
127.0.0.1 adintelligence.net
127.0.0.1 acc.adintelligence.net
127.0.0.1 adchannel.adintelligence.net
127.0.0.1 creatives.adintelligence.net
127.0.0.1 download.adintelligence.net #[SysAI][server down?]
127.0.0.1 www.adintelligence.net
127.0.0.1 adchannel.contextplus.net #[Parasite.AproposMedia]
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.com
127.0.0.1 adv.peopleonpage.com
127.0.0.1 app.peopleonpage.com
127.0.0.1 download.peopleonpage.com #[POP Loader]
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 img.peo

#5 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 04 June 2007 - 11:58 PM

Hi,

The log from smitfraudfix got cut off, so can you repost it again please? Leave the part with all the 127.0.0.1 out of it and post the rest of the log.

Also check and fix next entry in HIjackThis again:

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

And.. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 rmetz

rmetz

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 12 June 2007 - 08:52 PM

Hi,

The log from smitfraudfix got cut off, so can you repost it again please? Leave the part with all the 127.0.0.1 out of it and post the rest of the log.


Sorry it took so long to repost. It has been a crazy week. There are a few problems, but I will get to them after I post the logs that you need. Here is that smitfraudfix log again:

SmitFraudFix v2.192

Scan done at 19:40:42.35, Mon 06/04/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process





»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\ielocales.dll Deleted
C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Program Files\PestCapture\ Deleted
C:\Program Files\SpyHeals\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{137C29DE-2772-4B52-80AD-F9BBAFC23CC6}: DhcpNameServer=68.87.77.130 68.87.72.130


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Finally, Here is the newest HJT log file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:46:02 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IDEAL Calendar] "C:\Program Files\IDEAL Calendar\calendar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171575612346
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O17 - HKLM\Software\..\Telephony: DomainName = your-sz7x7sefxo
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = your-sz7x7sefxo
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 5026 bytes


I followed the directions that you gave for installing the latest version of Java, but when I double click the installation program nothing happens. Also, for some reason, whenever I open up my browser, the screen resolution changes from 1024x768 to 800x600. That has given me some problems in the past with installing programs, and I wonder if that could be why Java will not install. I don't know if the resolution changing is a computer problem or if I still have some kind of bug that is doing it. It only seems to change when I open up the web browser. When I close the browser it goes right back to 1024x768. I hope all of this helps some. Thank you for your time.

#7 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 13 June 2007 - 02:58 AM

Hi,

Your log looks clean again.

Also, for some reason, whenever I open up my browser, the screen resolution changes from 1024x768 to 800x600. That has given me some problems in the past with installing programs, and I wonder if that could be why Java will not install. I don't know if the resolution changing is a computer problem or if I still have some kind of bug that is doing it. It only seems to change when I open up the web browser. When I close the browser it goes right back to 1024x768


From what I can see in your log, you are using Mozilla firefox as your default browser... so I assume this problem is with Firefox.
So rightclick the Firefox icon (where you launch firefox from) and select properties.
select the "compatibility" tab.
Uncheck everything under "Compatibility mode" and "Display settings". So actually, nothing should be checked there in that Window.
Then click the apply button below.
Let me know if that solved your issue.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 rmetz

rmetz

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 14 June 2007 - 10:59 PM

Hi,

Your log looks clean again.

Let me know if that solved your issue.


Miekiemoes, Thank you so much for all of your time getting this computer clean. You were correct about the 640x480 box being checked in firefox properties. I unchecked that option and it is running a whole lot better. You can go ahead and close this thread now and, once again, thank you for all of your help.

#9 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 15 June 2007 - 12:17 AM

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#10 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 18 June 2007 - 05:24 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button